diff options
| author | Michael Klishin <mklishin@pivotal.io> | 2019-04-25 04:19:33 +0300 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2019-04-25 04:19:33 +0300 |
| commit | a138745240a3790da58837a22a126eed9f8ef8e7 (patch) | |
| tree | 78b565960288b3345ff6d3a78e5fac24b5a70e04 | |
| parent | 009b0482ac8667b97c04012507a0568f1b7f9217 (diff) | |
| parent | 32a979d3318accf2971daa2cf09f3446c0e0a1b6 (diff) | |
| download | rabbitmq-server-git-a138745240a3790da58837a22a126eed9f8ef8e7.tar.gz | |
Merge pull request #1991 from rabbitmq/rabbitmq-cli-342
Add functions to get erlang or openssl formatted ciphers.
| -rw-r--r-- | src/rabbit_ssl.erl | 53 |
1 files changed, 53 insertions, 0 deletions
diff --git a/src/rabbit_ssl.erl b/src/rabbit_ssl.erl index 7368f2b8a2..1e6f1bfeee 100644 --- a/src/rabbit_ssl.erl +++ b/src/rabbit_ssl.erl @@ -20,6 +20,9 @@ -export([peer_cert_issuer/1, peer_cert_subject/1, peer_cert_validity/1]). -export([peer_cert_subject_items/2, peer_cert_auth_name/1]). +-export([cipher_suites_erlang/2, cipher_suites_erlang/1, + cipher_suites_openssl/2, cipher_suites_openssl/1, + cipher_suites/1]). %%-------------------------------------------------------------------------- @@ -27,6 +30,56 @@ -type certificate() :: rabbit_cert_info:certificate(). +-type cipher_suites_mode() :: default | all | anonymous. + +-spec cipher_suites(cipher_suites_mode()) -> ssl:ciphers(). +cipher_suites(Mode) -> + Version = get_highest_protocol_version(), + ssl:cipher_suites(Mode, Version). + +-spec cipher_suites_erlang(cipher_suites_mode()) -> + [ssl:old_cipher_suite()]. +cipher_suites_erlang(Mode) -> + Version = get_highest_protocol_version(), + cipher_suites_erlang(Mode, Version). + +-spec cipher_suites_erlang(cipher_suites_mode(), + ssl:protocol_version() | tls_record:tls_version()) -> + [ssl:old_cipher_suite()]. +cipher_suites_erlang(Mode, Version) -> + [ format_cipher_erlang(C) + || C <- ssl:cipher_suites(Mode, Version) ]. + +-spec cipher_suites_openssl(cipher_suites_mode()) -> + [ssl:old_cipher_suite()]. +cipher_suites_openssl(Mode) -> + Version = get_highest_protocol_version(), + cipher_suites_openssl(Mode, Version). + +-spec cipher_suites_openssl(cipher_suites_mode(), + ssl:protocol_version() | tls_record:tls_version()) -> + [ssl:old_cipher_suite()]. +cipher_suites_openssl(Mode, Version) -> + lists:filtermap(fun(C) -> + OpenSSL = format_cipher_openssl(C), + case is_list(OpenSSL) of + true -> {true, OpenSSL}; + false -> false + end + end, + ssl:cipher_suites(Mode, Version)). + + +format_cipher_erlang(Cipher) -> + ssl_cipher_format:erl_suite_definition(ssl_cipher_format:suite(Cipher)). + +format_cipher_openssl(Cipher) -> + ssl_cipher_format:openssl_suite_name(ssl_cipher_format:suite(Cipher)). + +-spec get_highest_protocol_version() -> tls_record:tls_version(). +get_highest_protocol_version() -> + tls_record:highest_protocol_version([]). + %%-------------------------------------------------------------------------- %% High-level functions used by reader %%-------------------------------------------------------------------------- |