diff options
author | Dr. Stephen Henson <steve@openssl.org> | 2014-01-14 14:55:21 +0000 |
---|---|---|
committer | Dr. Stephen Henson <steve@openssl.org> | 2014-03-28 14:49:04 +0000 |
commit | 8b8e5bed233a2d8106296c8e460be252719e0fdd (patch) | |
tree | 17c745e4653e36d5039a9f601d923e32803c9439 /apps/ciphers.c | |
parent | 09599b52d4e295c380512ba39958a11994d63401 (diff) | |
download | openssl-new-8b8e5bed233a2d8106296c8e460be252719e0fdd.tar.gz |
Allow return of supported ciphers.
New function ssl_cipher_disabled.
Check for disabled client ciphers using ssl_cipher_disabled.
New function to return only supported ciphers.
New option to ciphers utility to print only supported ciphers.
Diffstat (limited to 'apps/ciphers.c')
-rw-r--r-- | apps/ciphers.c | 15 |
1 files changed, 12 insertions, 3 deletions
diff --git a/apps/ciphers.c b/apps/ciphers.c index c9abf1a05a..52da70245a 100644 --- a/apps/ciphers.c +++ b/apps/ciphers.c @@ -85,6 +85,7 @@ int MAIN(int argc, char **argv) { int ret=1,i; int verbose=0,Verbose=0; + int use_supported = 0; #ifndef OPENSSL_NO_SSL_TRACE int stdname = 0; #endif @@ -129,6 +130,8 @@ int MAIN(int argc, char **argv) verbose=1; else if (strcmp(*argv,"-V") == 0) verbose=Verbose=1; + else if (strcmp(*argv,"-s") == 0) + use_supported = 1; #ifndef OPENSSL_NO_SSL_TRACE else if (strcmp(*argv,"-stdname") == 0) stdname=verbose=1; @@ -179,12 +182,17 @@ int MAIN(int argc, char **argv) ssl=SSL_new(ctx); if (ssl == NULL) goto err; + if (use_supported) + sk=SSL_get1_supported_ciphers(ssl); + else + sk=SSL_get_ciphers(ssl); if (!verbose) { - for (i=0; ; i++) + for (i=0; i<sk_SSL_CIPHER_num(sk); i++) { - p=SSL_get_cipher_list(ssl,i); + SSL_CIPHER *c = sk_SSL_CIPHER_value(sk,i); + p = SSL_CIPHER_get_name(c); if (p == NULL) break; if (i != 0) BIO_printf(STDout,":"); BIO_printf(STDout,"%s",p); @@ -193,7 +201,6 @@ int MAIN(int argc, char **argv) } else /* verbose */ { - sk=SSL_get_ciphers(ssl); for (i=0; i<sk_SSL_CIPHER_num(sk); i++) { @@ -237,6 +244,8 @@ err: ERR_print_errors(bio_err); } end: + if (use_supported && sk) + sk_SSL_CIPHER_free(sk); if (ctx != NULL) SSL_CTX_free(ctx); if (ssl != NULL) SSL_free(ssl); if (STDout != NULL) BIO_free_all(STDout); |