Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: Gert Doering <gert@greenie.muc.de>
Signed-off-by: David Sommerseth <davids@redhat.com>
... | ... |
@@ -2450,32 +2450,6 @@ print_details (SSL * c_ssl, const char *prefix) |
2450 | 2450 |
} |
2451 | 2451 |
|
2452 | 2452 |
/* |
2453 |
- * The OpenSSL library has a notion of preference in TLS |
|
2454 |
- * ciphers. Higher preference == more secure. |
|
2455 |
- * Return the highest preference cipher. |
|
2456 |
- */ |
|
2457 |
-void |
|
2458 |
-get_highest_preference_tls_cipher (char *buf, int size) |
|
2459 |
-{ |
|
2460 |
- SSL_CTX *ctx; |
|
2461 |
- SSL *ssl; |
|
2462 |
- const char *cipher_name; |
|
2463 |
- |
|
2464 |
- ctx = SSL_CTX_new (TLSv1_method ()); |
|
2465 |
- if (!ctx) |
|
2466 |
- msg (M_SSLERR, "Cannot create SSL_CTX object"); |
|
2467 |
- ssl = SSL_new (ctx); |
|
2468 |
- if (!ssl) |
|
2469 |
- msg (M_SSLERR, "Cannot create SSL object"); |
|
2470 |
- |
|
2471 |
- cipher_name = SSL_get_cipher_list (ssl, 0); |
|
2472 |
- strncpynt (buf, cipher_name, size); |
|
2473 |
- |
|
2474 |
- SSL_free (ssl); |
|
2475 |
- SSL_CTX_free (ctx); |
|
2476 |
-} |
|
2477 |
- |
|
2478 |
-/* |
|
2479 | 2453 |
* Map internal constants to ascii names. |
2480 | 2454 |
*/ |
2481 | 2455 |
static const char * |
... | ... |
@@ -824,8 +824,6 @@ void tls_post_encrypt (struct tls_multi *multi, struct buffer *buf); |
824 | 824 |
|
825 | 825 |
/** @} name Functions for managing security parameter state for data channel packets */ |
826 | 826 |
|
827 |
-void get_highest_preference_tls_cipher (char *buf, int size); |
|
828 |
- |
|
829 | 827 |
void pem_password_setup (const char *auth_file); |
830 | 828 |
int pem_password_callback (char *buf, int size, int rwflag, void *u); |
831 | 829 |
void auth_user_pass_setup (const char *auth_file, const struct static_challenge_info *sc_info); |
... | ... |
@@ -70,4 +70,10 @@ void tls_clear_error(); |
70 | 70 |
*/ |
71 | 71 |
void show_available_tls_ciphers (); |
72 | 72 |
|
73 |
+/* |
|
74 |
+ * The OpenSSL library has a notion of preference in TLS ciphers. Higher |
|
75 |
+ * preference == more secure. Return the highest preference cipher. |
|
76 |
+ */ |
|
77 |
+void get_highest_preference_tls_cipher (char *buf, int size); |
|
78 |
+ |
|
73 | 79 |
#endif /* SSL_BACKEND_H_ */ |
... | ... |
@@ -100,3 +100,24 @@ show_available_tls_ciphers () |
100 | 100 |
SSL_free (ssl); |
101 | 101 |
SSL_CTX_free (ctx); |
102 | 102 |
} |
103 |
+ |
|
104 |
+void |
|
105 |
+get_highest_preference_tls_cipher (char *buf, int size) |
|
106 |
+{ |
|
107 |
+ SSL_CTX *ctx; |
|
108 |
+ SSL *ssl; |
|
109 |
+ const char *cipher_name; |
|
110 |
+ |
|
111 |
+ ctx = SSL_CTX_new (TLSv1_method ()); |
|
112 |
+ if (!ctx) |
|
113 |
+ msg (M_SSLERR, "Cannot create SSL_CTX object"); |
|
114 |
+ ssl = SSL_new (ctx); |
|
115 |
+ if (!ssl) |
|
116 |
+ msg (M_SSLERR, "Cannot create SSL object"); |
|
117 |
+ |
|
118 |
+ cipher_name = SSL_get_cipher_list (ssl, 0); |
|
119 |
+ strncpynt (buf, cipher_name, size); |
|
120 |
+ |
|
121 |
+ SSL_free (ssl); |
|
122 |
+ SSL_CTX_free (ctx); |
|
123 |
+} |