File 0014-Add-ssl_cipher_list-to-server-options.patch of Package openwsman.10653

From a1fae32e0b18391951d4bf198c04a1a3eaeeddfb Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Klaus=20K=C3=A4mpf?= <kkaempf@suse.de>
Date: Wed, 19 Apr 2017 12:07:26 +0200
Subject: [PATCH 14/15] Add ssl_cipher_list to server options

---
 etc/openwsman.conf         | 4 ++++
 src/server/wsmand-daemon.c | 7 +++++++
 src/server/wsmand-daemon.h | 1 +
 3 files changed, 12 insertions(+)

diff --git a/etc/openwsman.conf b/etc/openwsman.conf
index 27adb6b0f756..7e974351f74d 100644
--- a/etc/openwsman.conf
+++ b/etc/openwsman.conf
@@ -39,6 +39,10 @@ ssl_key_file = /etc/openwsman/serverkey.pem
 # possible values: SSLv2 SSLv3 TLSv1 TLSv1_1 TLSv1_2
 ssl_disabled_protocols = SSLv2 SSLv3
 
+# SSL cipher list
+# see 'ciphers' in the OpenSSL documentation
+#ssl_cipher_list = 
+
 # set these to enable digest authentication against a local datbase
 #digest_password_file = /etc/openwsman/digest_auth.passwd
 
diff --git a/src/server/wsmand-daemon.c b/src/server/wsmand-daemon.c
index a17c83a6fea3..05fe99498ca8 100644
--- a/src/server/wsmand-daemon.c
+++ b/src/server/wsmand-daemon.c
@@ -79,6 +79,7 @@ static char *ssl_key_file = NULL;
 static char *service_path = DEFAULT_SERVICE_PATH;
 static char *ssl_cert_file = NULL;
 static char *ssl_disabled_protocols = NULL;
+static char *ssl_cipher_list = NULL;
 static char *pid_file = DEFAULT_PID_PATH;
 static char *uri_subscription_repository = DEFAULT_SUBSCRIPTION_REPOSITORY;
 static int daemon_flag = 0;
@@ -179,6 +180,7 @@ int wsmand_read_config(dictionary * ini)
 	ssl_key_file = iniparser_getstr(ini, "server:ssl_key_file");
 	ssl_cert_file = iniparser_getstr(ini, "server:ssl_cert_file");
         ssl_disabled_protocols = iniparser_getstr(ini, "server:ssl_disabled_protocols");
+        ssl_cipher_list = iniparser_getstr(ini, "server:ssl_cipher_list");
 	use_ipv4 = iniparser_getboolean(ini, "server:ipv4", 1);
 #ifdef ENABLE_IPV6
         use_ipv6 = iniparser_getboolean(ini, "server:ipv6", 1);
@@ -350,6 +352,11 @@ char *wsmand_options_get_ssl_disabled_protocols(void)
 	return ssl_disabled_protocols;
 }
 
+char *wsmand_options_get_ssl_cipher_list(void)
+{
+	return ssl_cipher_list;
+}
+
 int wsmand_options_get_digest(void)
 {
 	return use_digest;
diff --git a/src/server/wsmand-daemon.h b/src/server/wsmand-daemon.h
index 3bd6a9da34d3..85f482433bda 100644
--- a/src/server/wsmand-daemon.h
+++ b/src/server/wsmand-daemon.h
@@ -77,6 +77,7 @@ int wsmand_options_get_server_ssl_port(void);
 char *wsmand_options_get_ssl_key_file(void);
 char *wsmand_options_get_ssl_cert_file(void);
 char *wsmand_options_get_ssl_disabled_protocols(void);
+char *wsmand_options_get_ssl_cipher_list(void);
 int wsmand_options_get_digest(void);
 char *wsmand_options_get_digest_password_file(void);
 char *wsmand_options_get_basic_password_file(void);
-- 
2.18.0