From f56c5b201d74bfca82ab66281ecdf8651706fe78 Mon Sep 17 00:00:00 2001
From: Deomid Ryabkov <rojer@cesanta.com>
Date: Mon, 14 Mar 2016 17:36:06 +0100
Subject: [PATCH] Do not set cipher list if PFS is disabled

Remove Krypton TODO: SSL{,_CTX}_set_cipher_list have been added
(but these ciphers are not supported).

Fixes cesanta/dev#2975

PUBLISHED_FROM=25bf330b785f0a61e18ba409069ebccbd50dcf65
---
 mongoose.c | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/mongoose.c b/mongoose.c
index ffd8a1759..06ff40ad0 100644
--- a/mongoose.c
+++ b/mongoose.c
@@ -2585,8 +2585,7 @@ const char *mg_set_ssl(struct mg_connection *nc, const char *cert,
     SSL_set_fd(nc->ssl, nc->sock);
   }
 
-/* TODO(rojer): remove when krypton exposes this function, even a dummy one */
-#ifdef OPENSSL_VERSION_NUMBER
+#ifndef MG_DISABLE_PFS
   SSL_CTX_set_cipher_list(nc->ssl_ctx, mg_s_cipher_list);
 #endif
   return result;
-- 
GitLab