From 9eb77e892eb9f250334e8fbbe5cd727c2fc15f65 Mon Sep 17 00:00:00 2001
From: w00513647 <wangshuangtao2@huawei.com>
Date: Wed, 17 Mar 2021 19:53:04 +0800
Subject: [PATCH 2/2] [Huawei] Suite huawei secure cipher

Offering: GaussDB Kernel

Suite huawei secure cipher

Signed-off-by: wangshuangtao2@huawei.com
---
 .../eSDK_OBS_API/eSDK_OBS_API_C++/src/request.c  | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/source/eSDK_OBS_API/eSDK_OBS_API_C++/src/request.c b/source/eSDK_OBS_API/eSDK_OBS_API_C++/src/request.c
index 80ac36f..71b5930 100644
--- a/source/eSDK_OBS_API/eSDK_OBS_API_C++/src/request.c
+++ b/source/eSDK_OBS_API/eSDK_OBS_API_C++/src/request.c
@@ -48,6 +48,19 @@ static HANDLE hmutex;
 static HANDLE use_api_mutex;
 #endif
 
+#define OBS_CIPHER_LIST "DHE-RSA-AES128-GCM-SHA256:" \
+                        "DHE-RSA-AES256-GCM-SHA384:" \
+                        "DHE-DSS-AES128-GCM-SHA256:" \
+                        "DHE-DSS-AES256-GCM-SHA384:" \
+                        "ECDHE-ECDSA-AES128-GCM-SHA256:" \
+                        "ECDHE-ECDSA-AES256-GCM-SHA384:" \
+                        "ECDHE-RSA-AES128-GCM-SHA256:" \
+                        "ECDHE-RSA-AES256-GCM-SHA384:" \
+                        "DHE-RSA-AES128-CCM:" \
+                        "DHE-RSA-AES256-CCM:" \
+                        "ECDHE-ECDSA-AES128-CCM:" \
+                        "ECDHE-ECDSA-AES256-CCM"
+
 void init_request_most_count(uint32_t online_request_max)
 {
     request_online_max = online_request_max;
@@ -400,6 +413,8 @@ static obs_status setup_curl(http_request *request,
     curl_easy_setopt_safe(CURLOPT_TCP_NODELAY, 1);
     if(params->request_option.ssl_cipher_list != NULL) {
          curl_easy_setopt_safe(CURLOPT_SSL_CIPHER_LIST, params->request_option.ssl_cipher_list);
+    } else {
+        curl_easy_setopt_safe(CURLOPT_SSL_CIPHER_LIST, OBS_CIPHER_LIST);
     }
     if(params->request_option.proxy_host != NULL) {
          curl_easy_setopt_safe(CURLOPT_PROXY, params->request_option.proxy_host);
@@ -991,6 +1006,7 @@ obs_status get_api_version(char *bucket_name,char *host_name,obs_protocol protoc
     easy_setopt_safe(CURLOPT_URL, uri);
     easy_setopt_safe(CURLOPT_NOBODY, 1);
 
+    easy_setopt_safe(CURLOPT_SSL_CIPHER_LIST, OBS_CIPHER_LIST);
     easy_setopt_safe(CURLOPT_LOW_SPEED_LIMIT, DEFAULT_LOW_SPEED_LIMIT);
     easy_setopt_safe(CURLOPT_LOW_SPEED_TIME, DEFAULT_LOW_SPEED_TIME_S);
     easy_setopt_safe(CURLOPT_CONNECTTIMEOUT_MS, DEFAULT_CONNECTTIMEOUT_MS);
-- 
2.23.0