diff options
author | Matt Caswell <matt@openssl.org> | 2018-04-27 11:38:19 +0100 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2018-05-02 23:30:47 +0100 |
commit | 3bfa4756bd02659fa9f9a265550862c562749db6 (patch) | |
tree | a88419916cbaf7a3019f87d533c6552eace782c4 | |
parent | f054160a1923845f40d15457d1009420827f4c88 (diff) |
Add some documentation for SSL_get_shared_ciphers()
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6113)
-rw-r--r-- | doc/man3/SSL_get_ciphers.pod | 24 | ||||
-rw-r--r-- | doc/man7/ssl.pod | 2 |
2 files changed, 22 insertions, 4 deletions
diff --git a/doc/man3/SSL_get_ciphers.pod b/doc/man3/SSL_get_ciphers.pod index d91afc2933..89d94611c7 100644 --- a/doc/man3/SSL_get_ciphers.pod +++ b/doc/man3/SSL_get_ciphers.pod @@ -2,9 +2,13 @@ =head1 NAME -SSL_get1_supported_ciphers, SSL_get_client_ciphers, -SSL_get_ciphers, SSL_CTX_get_ciphers, -SSL_bytes_to_cipher_list, SSL_get_cipher_list +SSL_get1_supported_ciphers, +SSL_get_client_ciphers, +SSL_get_ciphers, +SSL_CTX_get_ciphers, +SSL_bytes_to_cipher_list, +SSL_get_cipher_list, +SSL_get_shared_ciphers - get list of available SSL_CIPHERs =head1 SYNOPSIS @@ -19,6 +23,7 @@ SSL_bytes_to_cipher_list, SSL_get_cipher_list int isv2format, STACK_OF(SSL_CIPHER) **sk, STACK_OF(SSL_CIPHER) **scsvs); const char *SSL_get_cipher_list(const SSL *ssl, int priority); + char *SSL_get_shared_ciphers(const SSL *s, char *buf, int size); =head1 DESCRIPTION @@ -58,6 +63,19 @@ listed for B<ssl> with B<priority>. If B<ssl> is NULL, no ciphers are available, or there are less ciphers than B<priority> available, NULL is returned. +SSL_get_shared_ciphers() creates a colon separated and NUL terminated list of +SSL_CIPHER names that are available in both the client and the server. B<buf> is +the buffer that should be populated with the list of names and B<size> is the +size of that buffer. A pointer to B<buf> is returned on success or NULL on +error. If the supplied buffer is not large enough to contain the complete list +of names then a truncated list of names will be returned. Note that just because +a ciphersuite is available (i.e. it is configured in the cipher list) and shared +by both the client and the server it does not mean that it is enabled (see the +description of SSL_get1_supported_ciphers() above). This function will return +available shared ciphersuites whether or not they are enabled. This is a server +side function only and must only be called after the completion of the initial +handshake. + =head1 NOTES The details of the ciphers obtained by SSL_get_ciphers(), SSL_CTX_get_ciphers() diff --git a/doc/man7/ssl.pod b/doc/man7/ssl.pod index 7cf7d613e6..c1e4924964 100644 --- a/doc/man7/ssl.pod +++ b/doc/man7/ssl.pod @@ -570,7 +570,7 @@ fresh handle for each connection. =item SSL_SESSION *B<SSL_get_session>(const SSL *ssl); -=item char *B<SSL_get_shared_ciphers>(const SSL *ssl, char *buf, int len); +=item char *B<SSL_get_shared_ciphers>(const SSL *ssl, char *buf, int size); =item int B<SSL_get_shutdown>(const SSL *ssl); |