diff options
author | Nick Mathewson <nickm@torproject.org> | 2015-05-25 21:16:53 -0400 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2015-05-28 16:00:23 +0100 |
commit | 831eef2cf500b8a2aaee21b44986c79e62bae912 (patch) | |
tree | 76826c2c7602a9a6dec0a4cad7042437017fedae | |
parent | 15a06488fcced19b79708a0329313121e01ded7e (diff) |
Add SSL_get_client_ciphers() to return ciphers from ClientHello
On the server side, if you want to know which ciphers the client
offered, you had to use session->ciphers. But that field is no
longer visible, so we need a method to get at it.
Signed-off-by: Nick Mathewson <nickm@torproject.org>
Signed-off-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
-rw-r--r-- | doc/ssl/SSL_get_ciphers.pod | 5 | ||||
-rw-r--r-- | include/openssl/ssl.h | 1 | ||||
-rw-r--r-- | ssl/ssl_lib.c | 7 |
3 files changed, 13 insertions, 0 deletions
diff --git a/doc/ssl/SSL_get_ciphers.pod b/doc/ssl/SSL_get_ciphers.pod index aecadd9138..f2a81037c0 100644 --- a/doc/ssl/SSL_get_ciphers.pod +++ b/doc/ssl/SSL_get_ciphers.pod @@ -9,6 +9,7 @@ SSL_get_ciphers, SSL_get_cipher_list - get list of available SSL_CIPHERs #include <openssl/ssl.h> STACK_OF(SSL_CIPHER) *SSL_get_ciphers(const SSL *ssl); + STACK_OF(SSL_CIPHER) *SSL_get_client_ciphers(const SSL *ssl); const char *SSL_get_cipher_list(const SSL *ssl, int priority); =head1 DESCRIPTION @@ -17,6 +18,10 @@ SSL_get_ciphers() returns the stack of available SSL_CIPHERs for B<ssl>, sorted by preference. If B<ssl> is NULL or no ciphers are available, NULL is returned. +SSL_get_client_ciphers() returns the stack of available SSL_CIPHERS matching the +list sent by the client for B<ssl>. If B<ssl> is NULL, no ciphers are +available, or B<ssl> is not operating in server mode, NULL is returned. + SSL_get_cipher_list() returns a pointer to the name of the SSL_CIPHER listed for B<ssl> with B<priority>. If B<ssl> is NULL, no ciphers are available, or there are less ciphers than B<priority> available, NULL diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h index 9694e24d9a..5de33e9305 100644 --- a/include/openssl/ssl.h +++ b/include/openssl/ssl.h @@ -1583,6 +1583,7 @@ __owur const SSL_METHOD *DTLS_server_method(void); /* DTLS 1.0 and 1.2 */ __owur const SSL_METHOD *DTLS_client_method(void); /* DTLS 1.0 and 1.2 */ __owur STACK_OF(SSL_CIPHER) *SSL_get_ciphers(const SSL *s); +__owur STACK_OF(SSL_CIPHER) *SSL_get_client_ciphers(const SSL *s); __owur STACK_OF(SSL_CIPHER) *SSL_get1_supported_ciphers(SSL *s); __owur int SSL_do_handshake(SSL *s); diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index 5ca917119c..0b4b58e0f8 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -1258,6 +1258,13 @@ STACK_OF(SSL_CIPHER) *SSL_get_ciphers(const SSL *s) return (NULL); } +STACK_OF(SSL_CIPHER) *SSL_get_client_ciphers(const SSL *s) +{ + if ((s == NULL) || (s->session == NULL) || !s->server) + return NULL; + return s->session->ciphers; +} + STACK_OF(SSL_CIPHER) *SSL_get1_supported_ciphers(SSL *s) { STACK_OF(SSL_CIPHER) *sk = NULL, *ciphers; |