[openssl-commits] [openssl] master update

Matt Caswell matt at openssl.org
Thu May 28 15:03:54 UTC 2015

The branch master has been updated
       via  9ef175148b7da12cb09f5e78f32bc6ab58d78b83 (commit)
       via  831eef2cf500b8a2aaee21b44986c79e62bae912 (commit)
      from  15a06488fcced19b79708a0329313121e01ded7e (commit)

- Log -----------------------------------------------------------------
commit 9ef175148b7da12cb09f5e78f32bc6ab58d78b83
Author: Nick Mathewson <nickm at torproject.org>
Date:   Tue May 26 09:46:57 2015 -0400

    Add a documentation clarification suggested by Matt Caswell
    Signed-off-by: Matt Caswell <matt at openssl.org>
    Reviewed-by: Tim Hudson <tjh at openssl.org>

commit 831eef2cf500b8a2aaee21b44986c79e62bae912
Author: Nick Mathewson <nickm at torproject.org>
Date:   Mon May 25 21:16:53 2015 -0400

    Add SSL_get_client_ciphers() to return ciphers from ClientHello
    On the server side, if you want to know which ciphers the client
    offered, you had to use session->ciphers.  But that field is no
    longer visible, so we need a method to get at it.
    Signed-off-by: Nick Mathewson <nickm at torproject.org>
    Signed-off-by: Matt Caswell <matt at openssl.org>
    Reviewed-by: Tim Hudson <tjh at openssl.org>


Summary of changes:
 doc/ssl/SSL_get_ciphers.pod | 10 ++++++++++
 include/openssl/ssl.h       |  1 +
 ssl/ssl_lib.c               |  7 +++++++
 3 files changed, 18 insertions(+)

diff --git a/doc/ssl/SSL_get_ciphers.pod b/doc/ssl/SSL_get_ciphers.pod
index aecadd9..3417454 100644
--- a/doc/ssl/SSL_get_ciphers.pod
+++ b/doc/ssl/SSL_get_ciphers.pod
@@ -9,6 +9,7 @@ SSL_get_ciphers, SSL_get_cipher_list - get list of available SSL_CIPHERs
  #include <openssl/ssl.h>
  STACK_OF(SSL_CIPHER) *SSL_get_ciphers(const SSL *ssl);
+ STACK_OF(SSL_CIPHER) *SSL_get_client_ciphers(const SSL *ssl);
  const char *SSL_get_cipher_list(const SSL *ssl, int priority);
@@ -17,6 +18,10 @@ SSL_get_ciphers() returns the stack of available SSL_CIPHERs for B<ssl>,
 sorted by preference. If B<ssl> is NULL or no ciphers are available, NULL
 is returned.
+SSL_get_client_ciphers() returns the stack of available SSL_CIPHERS matching the
+list sent by the client for B<ssl>. If B<ssl> is NULL, no ciphers are
+available, or B<ssl> is not operating in server mode, NULL is returned.
 SSL_get_cipher_list() returns a pointer to the name of the SSL_CIPHER
 listed for B<ssl> with B<priority>. If B<ssl> is NULL, no ciphers are
 available, or there are less ciphers than B<priority> available, NULL
@@ -30,6 +35,11 @@ the L<SSL_CIPHER_get_name(3)|SSL_CIPHER_get_name(3)> family of functions.
 Call SSL_get_cipher_list() with B<priority> starting from 0 to obtain the
 sorted list of available ciphers, until NULL is returned.
+Note: SSL_get_ciphers() and SSL_get_client_ciphers() return a pointer
+to an internal cipher stack, which will be freed later on when the SSL
+or SSL_SESSION object is freed.  Therefore, the calling code B<MUST
+NOT> free the return value itself.
diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h
index 9694e24..5de33e9 100644
--- a/include/openssl/ssl.h
+++ b/include/openssl/ssl.h
@@ -1583,6 +1583,7 @@ __owur const SSL_METHOD *DTLS_server_method(void); /* DTLS 1.0 and 1.2 */
 __owur const SSL_METHOD *DTLS_client_method(void); /* DTLS 1.0 and 1.2 */
 __owur STACK_OF(SSL_CIPHER) *SSL_get_ciphers(const SSL *s);
+__owur STACK_OF(SSL_CIPHER) *SSL_get_client_ciphers(const SSL *s);
 __owur STACK_OF(SSL_CIPHER) *SSL_get1_supported_ciphers(SSL *s);
 __owur int SSL_do_handshake(SSL *s);
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index 5ca9171..0b4b58e 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -1258,6 +1258,13 @@ STACK_OF(SSL_CIPHER) *SSL_get_ciphers(const SSL *s)
     return (NULL);
+STACK_OF(SSL_CIPHER) *SSL_get_client_ciphers(const SSL *s)
+    if ((s == NULL) || (s->session == NULL) || !s->server)
+        return NULL;
+    return s->session->ciphers;
 STACK_OF(SSL_CIPHER) *SSL_get1_supported_ciphers(SSL *s)
     STACK_OF(SSL_CIPHER) *sk = NULL, *ciphers;

More information about the openssl-commits mailing list