diff options
author | Kazuki Yamaguchi <k@rhe.jp> | 2016-04-10 06:18:50 +0200 |
---|---|---|
committer | Rich Salz <rsalz@openssl.org> | 2016-04-11 15:59:04 +0200 |
commit | 9d5ac9532c58c8b2d10d5e8ee8029dcb40aecfbe (patch) | |
tree | 95112041d4a08b98e0f390c0d14d7e4f1a8aa021 | |
parent | Fix the no-posix-io option (diff) | |
download | openssl-9d5ac9532c58c8b2d10d5e8ee8029dcb40aecfbe.tar.xz openssl-9d5ac9532c58c8b2d10d5e8ee8029dcb40aecfbe.zip |
Add SSL_CTX_get_ciphers()
Add an accessor for SSL_CTX.
Since libssl was made opaque, there is no way for users to access the
cipher_list, while users can set the cipher_list by
SSL_CTX_set_cipher_list().
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
-rw-r--r-- | doc/ssl/SSL_get_ciphers.pod | 15 | ||||
-rw-r--r-- | doc/ssl/ssl.pod | 2 | ||||
-rw-r--r-- | include/openssl/ssl.h | 1 | ||||
-rw-r--r-- | ssl/ssl_lib.c | 9 | ||||
-rw-r--r-- | util/libssl.num | 1 |
5 files changed, 22 insertions, 6 deletions
diff --git a/doc/ssl/SSL_get_ciphers.pod b/doc/ssl/SSL_get_ciphers.pod index 5e4bc08dcd..a017392611 100644 --- a/doc/ssl/SSL_get_ciphers.pod +++ b/doc/ssl/SSL_get_ciphers.pod @@ -2,13 +2,14 @@ =head1 NAME -SSL_get_ciphers, SSL_get_cipher_list - get list of available SSL_CIPHERs +SSL_get_ciphers, SSL_CTX_get_ciphers, SSL_get_cipher_list - get list of available SSL_CIPHERs =head1 SYNOPSIS #include <openssl/ssl.h> STACK_OF(SSL_CIPHER) *SSL_get_ciphers(const SSL *ssl); + STACK_OF(SSL_CIPHER) *SSL_CTX_get_ciphers(const SSL_CTX *ctx); STACK_OF(SSL_CIPHER) *SSL_get1_supported_ciphers(SSL *s); STACK_OF(SSL_CIPHER) *SSL_get_client_ciphers(const SSL *ssl); const char *SSL_get_cipher_list(const SSL *ssl, int priority); @@ -19,6 +20,8 @@ SSL_get_ciphers() returns the stack of available SSL_CIPHERs for B<ssl>, sorted by preference. If B<ssl> is NULL or no ciphers are available, NULL is returned. +SSL_CTX_get_ciphers() returns the stack of available SSL_CIPHERs for B<ctx>. + SSL_get1_supported_ciphers() returns the stack of enabled SSL_CIPHERs for B<ssl>, sorted by preference. The list depends on settings like the cipher list, the supported protocol @@ -43,17 +46,17 @@ is returned. =head1 NOTES -The details of the ciphers obtained by SSL_get_ciphers(), +The details of the ciphers obtained by SSL_get_ciphers(), SSL_CTX_get_ciphers() SSL_get1_supported_ciphers() and SSL_get_client_ciphers() can be obtained using the L<SSL_CIPHER_get_name(3)> family of functions. Call SSL_get_cipher_list() with B<priority> starting from 0 to obtain the sorted list of available ciphers, until NULL is returned. -Note: SSL_get_ciphers() and SSL_get_client_ciphers() return a pointer -to an internal cipher stack, which will be freed later on when the SSL -or SSL_SESSION object is freed. Therefore, the calling code B<MUST -NOT> free the return value itself. +Note: SSL_get_ciphers(), SSL_CTX_get_ciphers() and SSL_get_client_ciphers() +return a pointer to an internal cipher stack, which will be freed later on when +the SSL or SSL_SESSION object is freed. Therefore, the calling code B<MUST NOT> +free the return value itself. The stack returned by SSL_get1_supported_ciphers() should be freed using sk_SSL_CIPHER_free(). diff --git a/doc/ssl/ssl.pod b/doc/ssl/ssl.pod index c875163248..7e2cd85ffe 100644 --- a/doc/ssl/ssl.pod +++ b/doc/ssl/ssl.pod @@ -239,6 +239,8 @@ protocol context defined in the B<SSL_CTX> structure. =item X509_STORE *B<SSL_CTX_get_cert_store>(SSL_CTX *ctx); +=item STACK *B<SSL_CTX_get_ciphers>(const SSL_CTX *ctx); + =item STACK *B<SSL_CTX_get_client_CA_list>(const SSL_CTX *ctx); =item int (*B<SSL_CTX_get_client_cert_cb>(SSL_CTX *ctx))(SSL *ssl, X509 **x509, EVP_PKEY **pkey); diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h index 8459c93e05..b085c9ebb2 100644 --- a/include/openssl/ssl.h +++ b/include/openssl/ssl.h @@ -1683,6 +1683,7 @@ __owur const SSL_METHOD *DTLS_server_method(void); /* DTLS 1.0 and 1.2 */ __owur const SSL_METHOD *DTLS_client_method(void); /* DTLS 1.0 and 1.2 */ __owur STACK_OF(SSL_CIPHER) *SSL_get_ciphers(const SSL *s); +__owur STACK_OF(SSL_CIPHER) *SSL_CTX_get_ciphers(const SSL_CTX *ctx); __owur STACK_OF(SSL_CIPHER) *SSL_get_client_ciphers(const SSL *s); __owur STACK_OF(SSL_CIPHER) *SSL_get1_supported_ciphers(SSL *s); diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index 68fe4965cf..06d972349a 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -1999,6 +1999,15 @@ const char *SSL_get_cipher_list(const SSL *s, int n) return (c->name); } +/** return a STACK of the ciphers available for the SSL_CTX and in order of + * preference */ +STACK_OF(SSL_CIPHER) *SSL_CTX_get_ciphers(const SSL_CTX *ctx) +{ + if (ctx != NULL) + return ctx->cipher_list; + return NULL; +} + /** specify the ciphers to be used by default by the SSL_CTX */ int SSL_CTX_set_cipher_list(SSL_CTX *ctx, const char *str) { diff --git a/util/libssl.num b/util/libssl.num index 950ca03913..74f2c8aa8d 100644 --- a/util/libssl.num +++ b/util/libssl.num @@ -392,3 +392,4 @@ SSL_CTX_set0_ctlog_store 391 1_1_0 EXIST::FUNCTION:CT SSL_CTX_get0_ctlog_store 392 1_1_0 EXIST::FUNCTION:CT SSL_enable_ct 393 1_1_0 EXIST::FUNCTION:CT SSL_CTX_enable_ct 394 1_1_0 EXIST::FUNCTION:CT +SSL_CTX_get_ciphers 395 1_1_0 EXIST::FUNCTION |