From d56621f9f6e7b4e16d3303579d90a1925748f529 Mon Sep 17 00:00:00 2001
From: Alexey Sokolov <alexey+znc@asokolov.org>
Date: Thu, 25 Dec 2014 16:36:55 +0000
Subject: [PATCH] Fix modperl startup

---
 include/znc/Socket.h |  2 --
 src/Socket.cpp       | 20 +++++++++++---------
 2 files changed, 11 insertions(+), 11 deletions(-)

diff --git a/include/znc/Socket.h b/include/znc/Socket.h
index 03255232..d2d4523d 100644
--- a/include/znc/Socket.h
+++ b/include/znc/Socket.h
@@ -44,8 +44,6 @@ public:
 #endif
 	virtual CString GetRemoteIP() const { return Csock::GetRemoteIP(); }
 
-	static const CString g_sDefaultCipher;
-
 protected:
 	// All existing errno codes seem to be in range 1-300
 	enum {
diff --git a/src/Socket.cpp b/src/Socket.cpp
index 6a71ec7b..a3be0a4a 100644
--- a/src/Socket.cpp
+++ b/src/Socket.cpp
@@ -27,13 +27,15 @@
 #endif
 
 // Copypasted from https://wiki.mozilla.org/Security/Server_Side_TLS#Intermediate_compatibility_.28default.29 at 22 Dec 2014
-const CString CZNCSock::g_sDefaultCipher =
-	"ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:"
-	"DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:"
-	"ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:"
-	"ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:"
-	"DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:"
-	"AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA";
+static CString ZNC_DefaultCipher() {
+    return
+        "ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:"
+        "DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:"
+        "ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:"
+        "ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:"
+        "DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:"
+        "AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA";
+}
 
 CZNCSock::CZNCSock(int timeout) : Csock(timeout) {
 #ifdef HAVE_LIBSSL
@@ -41,7 +43,7 @@ CZNCSock::CZNCSock(int timeout) : Csock(timeout) {
 	DisableSSLProtocols(CZNC::Get().GetDisabledSSLProtocols());
 	CString sCipher = CZNC::Get().GetSSLCiphers();
 	if (sCipher.empty()) {
-		sCipher = g_sDefaultCipher;
+		sCipher = ZNC_DefaultCipher();
 	}
 	SetCipher(sCipher);
 #endif
@@ -382,7 +384,7 @@ void CSockManager::FinishConnect(const CString& sHostname, u_short iPort, const
 #ifdef HAVE_LIBSSL
 	CString sCipher = CZNC::Get().GetSSLCiphers();
 	if (sCipher.empty()) {
-		sCipher = CZNCSock::g_sDefaultCipher;
+		sCipher = ZNC_DefaultCipher();
 	}
 	C.SetCipher(sCipher);
 #endif