[openssl-commits] [openssl] master update
Matt Caswell
matt at openssl.org
Thu May 28 15:03:54 UTC 2015
The branch master has been updated
via 9ef175148b7da12cb09f5e78f32bc6ab58d78b83 (commit)
via 831eef2cf500b8a2aaee21b44986c79e62bae912 (commit)
from 15a06488fcced19b79708a0329313121e01ded7e (commit)
- Log -----------------------------------------------------------------
commit 9ef175148b7da12cb09f5e78f32bc6ab58d78b83
Author: Nick Mathewson <nickm at torproject.org>
Date: Tue May 26 09:46:57 2015 -0400
Add a documentation clarification suggested by Matt Caswell
Signed-off-by: Matt Caswell <matt at openssl.org>
Reviewed-by: Tim Hudson <tjh at openssl.org>
commit 831eef2cf500b8a2aaee21b44986c79e62bae912
Author: Nick Mathewson <nickm at torproject.org>
Date: Mon May 25 21:16:53 2015 -0400
Add SSL_get_client_ciphers() to return ciphers from ClientHello
On the server side, if you want to know which ciphers the client
offered, you had to use session->ciphers. But that field is no
longer visible, so we need a method to get at it.
Signed-off-by: Nick Mathewson <nickm at torproject.org>
Signed-off-by: Matt Caswell <matt at openssl.org>
Reviewed-by: Tim Hudson <tjh at openssl.org>
-----------------------------------------------------------------------
Summary of changes:
doc/ssl/SSL_get_ciphers.pod | 10 ++++++++++
include/openssl/ssl.h | 1 +
ssl/ssl_lib.c | 7 +++++++
3 files changed, 18 insertions(+)
diff --git a/doc/ssl/SSL_get_ciphers.pod b/doc/ssl/SSL_get_ciphers.pod
index aecadd9..3417454 100644
--- a/doc/ssl/SSL_get_ciphers.pod
+++ b/doc/ssl/SSL_get_ciphers.pod
@@ -9,6 +9,7 @@ SSL_get_ciphers, SSL_get_cipher_list - get list of available SSL_CIPHERs
#include <openssl/ssl.h>
STACK_OF(SSL_CIPHER) *SSL_get_ciphers(const SSL *ssl);
+ STACK_OF(SSL_CIPHER) *SSL_get_client_ciphers(const SSL *ssl);
const char *SSL_get_cipher_list(const SSL *ssl, int priority);
=head1 DESCRIPTION
@@ -17,6 +18,10 @@ SSL_get_ciphers() returns the stack of available SSL_CIPHERs for B<ssl>,
sorted by preference. If B<ssl> is NULL or no ciphers are available, NULL
is returned.
+SSL_get_client_ciphers() returns the stack of available SSL_CIPHERS matching the
+list sent by the client for B<ssl>. If B<ssl> is NULL, no ciphers are
+available, or B<ssl> is not operating in server mode, NULL is returned.
+
SSL_get_cipher_list() returns a pointer to the name of the SSL_CIPHER
listed for B<ssl> with B<priority>. If B<ssl> is NULL, no ciphers are
available, or there are less ciphers than B<priority> available, NULL
@@ -30,6 +35,11 @@ the L<SSL_CIPHER_get_name(3)|SSL_CIPHER_get_name(3)> family of functions.
Call SSL_get_cipher_list() with B<priority> starting from 0 to obtain the
sorted list of available ciphers, until NULL is returned.
+Note: SSL_get_ciphers() and SSL_get_client_ciphers() return a pointer
+to an internal cipher stack, which will be freed later on when the SSL
+or SSL_SESSION object is freed. Therefore, the calling code B<MUST
+NOT> free the return value itself.
+
=head1 RETURN VALUES
See DESCRIPTION
diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h
index 9694e24..5de33e9 100644
--- a/include/openssl/ssl.h
+++ b/include/openssl/ssl.h
@@ -1583,6 +1583,7 @@ __owur const SSL_METHOD *DTLS_server_method(void); /* DTLS 1.0 and 1.2 */
__owur const SSL_METHOD *DTLS_client_method(void); /* DTLS 1.0 and 1.2 */
__owur STACK_OF(SSL_CIPHER) *SSL_get_ciphers(const SSL *s);
+__owur STACK_OF(SSL_CIPHER) *SSL_get_client_ciphers(const SSL *s);
__owur STACK_OF(SSL_CIPHER) *SSL_get1_supported_ciphers(SSL *s);
__owur int SSL_do_handshake(SSL *s);
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index 5ca9171..0b4b58e 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -1258,6 +1258,13 @@ STACK_OF(SSL_CIPHER) *SSL_get_ciphers(const SSL *s)
return (NULL);
}
+STACK_OF(SSL_CIPHER) *SSL_get_client_ciphers(const SSL *s)
+{
+ if ((s == NULL) || (s->session == NULL) || !s->server)
+ return NULL;
+ return s->session->ciphers;
+}
+
STACK_OF(SSL_CIPHER) *SSL_get1_supported_ciphers(SSL *s)
{
STACK_OF(SSL_CIPHER) *sk = NULL, *ciphers;
More information about the openssl-commits
mailing list