Browse code
Refactored tls_show_available_ciphers
Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: Gert Doering <gert@greenie.muc.de>
Acked-by: James Yonan <james@openvpn.net>
Signed-off-by: David Sommerseth <davids@redhat.com>
Adriaan de Jong authored on 2011/06/27 16:44:47Showing 4 changed files
| ... | ... |
@@ -2450,35 +2450,6 @@ print_details (SSL * c_ssl, const char *prefix) |
| 2450 | 2450 |
} |
| 2451 | 2451 |
|
| 2452 | 2452 |
/* |
| 2453 |
- * Show the TLS ciphers that are available for us to use |
|
| 2454 |
- * in the OpenSSL library. |
|
| 2455 |
- */ |
|
| 2456 |
-void |
|
| 2457 |
-show_available_tls_ciphers () |
|
| 2458 |
-{
|
|
| 2459 |
- SSL_CTX *ctx; |
|
| 2460 |
- SSL *ssl; |
|
| 2461 |
- const char *cipher_name; |
|
| 2462 |
- int priority = 0; |
|
| 2463 |
- |
|
| 2464 |
- ctx = SSL_CTX_new (TLSv1_method ()); |
|
| 2465 |
- if (!ctx) |
|
| 2466 |
- msg (M_SSLERR, "Cannot create SSL_CTX object"); |
|
| 2467 |
- ssl = SSL_new (ctx); |
|
| 2468 |
- if (!ssl) |
|
| 2469 |
- msg (M_SSLERR, "Cannot create SSL object"); |
|
| 2470 |
- |
|
| 2471 |
- printf ("Available TLS Ciphers,\n");
|
|
| 2472 |
- printf ("listed in order of preference:\n\n");
|
|
| 2473 |
- while ((cipher_name = SSL_get_cipher_list (ssl, priority++))) |
|
| 2474 |
- printf ("%s\n", cipher_name);
|
|
| 2475 |
- printf ("\n");
|
|
| 2476 |
- |
|
| 2477 |
- SSL_free (ssl); |
|
| 2478 |
- SSL_CTX_free (ctx); |
|
| 2479 |
-} |
|
| 2480 |
- |
|
| 2481 |
-/* |
|
| 2482 | 2453 |
* The OpenSSL library has a notion of preference in TLS |
| 2483 | 2454 |
* ciphers. Higher preference == more secure. |
| 2484 | 2455 |
* Return the highest preference cipher. |
| ... | ... |
@@ -824,8 +824,6 @@ void tls_post_encrypt (struct tls_multi *multi, struct buffer *buf); |
| 824 | 824 |
|
| 825 | 825 |
/** @} name Functions for managing security parameter state for data channel packets */ |
| 826 | 826 |
|
| 827 |
- |
|
| 828 |
-void show_available_tls_ciphers (void); |
|
| 829 | 827 |
void get_highest_preference_tls_cipher (char *buf, int size); |
| 830 | 828 |
|
| 831 | 829 |
void pem_password_setup (const char *auth_file); |
| ... | ... |
@@ -74,3 +74,29 @@ tls_clear_error() |
| 74 | 74 |
{
|
| 75 | 75 |
ERR_clear_error (); |
| 76 | 76 |
} |
| 77 |
+ |
|
| 78 |
+void |
|
| 79 |
+show_available_tls_ciphers () |
|
| 80 |
+{
|
|
| 81 |
+ SSL_CTX *ctx; |
|
| 82 |
+ SSL *ssl; |
|
| 83 |
+ const char *cipher_name; |
|
| 84 |
+ int priority = 0; |
|
| 85 |
+ |
|
| 86 |
+ ctx = SSL_CTX_new (TLSv1_method ()); |
|
| 87 |
+ if (!ctx) |
|
| 88 |
+ msg (M_SSLERR, "Cannot create SSL_CTX object"); |
|
| 89 |
+ |
|
| 90 |
+ ssl = SSL_new (ctx); |
|
| 91 |
+ if (!ssl) |
|
| 92 |
+ msg (M_SSLERR, "Cannot create SSL object"); |
|
| 93 |
+ |
|
| 94 |
+ printf ("Available TLS Ciphers,\n");
|
|
| 95 |
+ printf ("listed in order of preference:\n\n");
|
|
| 96 |
+ while ((cipher_name = SSL_get_cipher_list (ssl, priority++))) |
|
| 97 |
+ printf ("%s\n", cipher_name);
|
|
| 98 |
+ printf ("\n");
|
|
| 99 |
+ |
|
| 100 |
+ SSL_free (ssl); |
|
| 101 |
+ SSL_CTX_free (ctx); |
|
| 102 |
+} |