Browse code
Refactored get_highest_preference_tls_cipher
Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: Gert Doering <gert@greenie.muc.de>
Signed-off-by: David Sommerseth <davids@redhat.com>
Adriaan de Jong authored on 2011/06/27 16:52:59Showing 4 changed files
| ... | ... |
@@ -2450,32 +2450,6 @@ print_details (SSL * c_ssl, const char *prefix) |
| 2450 | 2450 |
} |
| 2451 | 2451 |
|
| 2452 | 2452 |
/* |
| 2453 |
- * The OpenSSL library has a notion of preference in TLS |
|
| 2454 |
- * ciphers. Higher preference == more secure. |
|
| 2455 |
- * Return the highest preference cipher. |
|
| 2456 |
- */ |
|
| 2457 |
-void |
|
| 2458 |
-get_highest_preference_tls_cipher (char *buf, int size) |
|
| 2459 |
-{
|
|
| 2460 |
- SSL_CTX *ctx; |
|
| 2461 |
- SSL *ssl; |
|
| 2462 |
- const char *cipher_name; |
|
| 2463 |
- |
|
| 2464 |
- ctx = SSL_CTX_new (TLSv1_method ()); |
|
| 2465 |
- if (!ctx) |
|
| 2466 |
- msg (M_SSLERR, "Cannot create SSL_CTX object"); |
|
| 2467 |
- ssl = SSL_new (ctx); |
|
| 2468 |
- if (!ssl) |
|
| 2469 |
- msg (M_SSLERR, "Cannot create SSL object"); |
|
| 2470 |
- |
|
| 2471 |
- cipher_name = SSL_get_cipher_list (ssl, 0); |
|
| 2472 |
- strncpynt (buf, cipher_name, size); |
|
| 2473 |
- |
|
| 2474 |
- SSL_free (ssl); |
|
| 2475 |
- SSL_CTX_free (ctx); |
|
| 2476 |
-} |
|
| 2477 |
- |
|
| 2478 |
-/* |
|
| 2479 | 2453 |
* Map internal constants to ascii names. |
| 2480 | 2454 |
*/ |
| 2481 | 2455 |
static const char * |
| ... | ... |
@@ -824,8 +824,6 @@ void tls_post_encrypt (struct tls_multi *multi, struct buffer *buf); |
| 824 | 824 |
|
| 825 | 825 |
/** @} name Functions for managing security parameter state for data channel packets */ |
| 826 | 826 |
|
| 827 |
-void get_highest_preference_tls_cipher (char *buf, int size); |
|
| 828 |
- |
|
| 829 | 827 |
void pem_password_setup (const char *auth_file); |
| 830 | 828 |
int pem_password_callback (char *buf, int size, int rwflag, void *u); |
| 831 | 829 |
void auth_user_pass_setup (const char *auth_file, const struct static_challenge_info *sc_info); |
| ... | ... |
@@ -70,4 +70,10 @@ void tls_clear_error(); |
| 70 | 70 |
*/ |
| 71 | 71 |
void show_available_tls_ciphers (); |
| 72 | 72 |
|
| 73 |
+/* |
|
| 74 |
+ * The OpenSSL library has a notion of preference in TLS ciphers. Higher |
|
| 75 |
+ * preference == more secure. Return the highest preference cipher. |
|
| 76 |
+ */ |
|
| 77 |
+void get_highest_preference_tls_cipher (char *buf, int size); |
|
| 78 |
+ |
|
| 73 | 79 |
#endif /* SSL_BACKEND_H_ */ |
| ... | ... |
@@ -100,3 +100,24 @@ show_available_tls_ciphers () |
| 100 | 100 |
SSL_free (ssl); |
| 101 | 101 |
SSL_CTX_free (ctx); |
| 102 | 102 |
} |
| 103 |
+ |
|
| 104 |
+void |
|
| 105 |
+get_highest_preference_tls_cipher (char *buf, int size) |
|
| 106 |
+{
|
|
| 107 |
+ SSL_CTX *ctx; |
|
| 108 |
+ SSL *ssl; |
|
| 109 |
+ const char *cipher_name; |
|
| 110 |
+ |
|
| 111 |
+ ctx = SSL_CTX_new (TLSv1_method ()); |
|
| 112 |
+ if (!ctx) |
|
| 113 |
+ msg (M_SSLERR, "Cannot create SSL_CTX object"); |
|
| 114 |
+ ssl = SSL_new (ctx); |
|
| 115 |
+ if (!ssl) |
|
| 116 |
+ msg (M_SSLERR, "Cannot create SSL object"); |
|
| 117 |
+ |
|
| 118 |
+ cipher_name = SSL_get_cipher_list (ssl, 0); |
|
| 119 |
+ strncpynt (buf, cipher_name, size); |
|
| 120 |
+ |
|
| 121 |
+ SSL_free (ssl); |
|
| 122 |
+ SSL_CTX_free (ctx); |
|
| 123 |
+} |