85 lines
2.6 KiB
Text
85 lines
2.6 KiB
Text
#
|
|
# AUTHOR <EMAIL@ADDRESS>, YEAR.
|
|
#
|
|
msgid ""
|
|
msgstr ""
|
|
"Project-Id-Version: 0\n"
|
|
"POT-Creation-Date: 2013-03-12T03:19:44\n"
|
|
"PO-Revision-Date: 2013-03-12T03:19:44\n"
|
|
"Last-Translator: Automatically generated\n"
|
|
"Language-Team: None\n"
|
|
"MIME-Version: 1.0\n"
|
|
"Content-Type: application/x-publican; charset=UTF-8\n"
|
|
"Content-Transfer-Encoding: 8bit\n"
|
|
|
|
#. Tag: programlisting
|
|
#, no-c-format
|
|
msgid "\n"
|
|
"// Configure a client connection context. Send a hendshake for the\n"
|
|
"// highest supported TLS version, and disable compression.\n"
|
|
"const SSL_METHOD *const req_method = SSLv23_client_method();\n"
|
|
"SSL_CTX *const ctx = SSL_CTX_new(req_method);\n"
|
|
"if (ctx == NULL) {\n"
|
|
" ERR_print_errors(bio_err);\n"
|
|
" exit(1);\n"
|
|
"}\n"
|
|
"SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2 | SSL_OP_NO_COMPRESSION);\n"
|
|
"\n"
|
|
"// Adjust the ciphers list based on a whitelist. First enable all\n"
|
|
"// ciphers of at least medium strength, to get the list which is\n"
|
|
"// compiled into OpenSSL.\n"
|
|
"if (SSL_CTX_set_cipher_list(ctx, \"HIGH:MEDIUM\") != 1) {\n"
|
|
" ERR_print_errors(bio_err);\n"
|
|
" exit(1);\n"
|
|
"}\n"
|
|
"{\n"
|
|
" // Create a dummy SSL session to obtain the cipher list.\n"
|
|
" SSL *ssl = SSL_new(ctx);\n"
|
|
" if (ssl == NULL) {\n"
|
|
" ERR_print_errors(bio_err);\n"
|
|
" exit(1);\n"
|
|
" }\n"
|
|
" STACK_OF(SSL_CIPHER) *active_ciphers = SSL_get_ciphers(ssl);\n"
|
|
" if (active_ciphers == NULL) {\n"
|
|
" ERR_print_errors(bio_err);\n"
|
|
" exit(1);\n"
|
|
" }\n"
|
|
" // Whitelist of candidate ciphers.\n"
|
|
" static const char *const candidates[] = {\n"
|
|
" \"AES128-GCM-SHA256\", \"AES128-SHA256\", \"AES256-SHA256\", // strong ciphers\n"
|
|
" \"AES128-SHA\", \"AES256-SHA\", // strong ciphers, also in older versions\n"
|
|
" \"RC4-SHA\", \"RC4-MD5\", // backwards compatibility, supposed to be weak\n"
|
|
" \"DES-CBC3-SHA\", \"DES-CBC3-MD5\", // more backwards compatibility\n"
|
|
" NULL\n"
|
|
" };\n"
|
|
" // Actually selected ciphers.\n"
|
|
" char ciphers[300];\n"
|
|
" ciphers[0] = '\\0';\n"
|
|
" for (const char *const *c = candidates; *c; ++c) {\n"
|
|
" for (int i = 0; i < sk_SSL_CIPHER_num(active_ciphers); ++i) {\n"
|
|
" if (strcmp(SSL_CIPHER_get_name(sk_SSL_CIPHER_value(active_ciphers, i)),\n"
|
|
" *c) == 0) {\n"
|
|
" if (*ciphers) {\n"
|
|
" strcat(ciphers, \":\");\n"
|
|
" }\n"
|
|
" strcat(ciphers, *c);\n"
|
|
" break;\n"
|
|
" }\n"
|
|
" }\n"
|
|
" }\n"
|
|
" SSL_free(ssl);\n"
|
|
" // Apply final cipher list.\n"
|
|
" if (SSL_CTX_set_cipher_list(ctx, ciphers) != 1) {\n"
|
|
" ERR_print_errors(bio_err);\n"
|
|
" exit(1);\n"
|
|
" }\n"
|
|
"}\n"
|
|
"\n"
|
|
"// Load the set of trusted root certificates.\n"
|
|
"if (!SSL_CTX_set_default_verify_paths(ctx)) {\n"
|
|
" ERR_print_errors(bio_err);\n"
|
|
" exit(1);\n"
|
|
"}\n"
|
|
""
|
|
msgstr ""
|
|
|