mirror/openvpn
0
0
Fork 0
mirror of https://github.com/OpenVPN/openvpn.git synced 2024-09-20 12:02:28 +02:00
Code

Refactored get_highest_preference_tls_cipher

Browse Source 
Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: Gert Doering <gert@greenie.muc.de>
Signed-off-by: David Sommerseth <davids@redhat.com>
This commit is contained in:
Adriaan de Jong 2011-06-27 09:52:59 +02:00 committed by David Sommerseth
parent 397c0a35c5
commit b64ffdcf09
4 changed files with 27 additions and 28 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
ssl.c
View File

@ -2449,32 +2449,6 @@ print_details (SSL * c_ssl, const char *prefix)
msg (D_HANDSHAKE, "%s%s", s1, s2);
}
/*
* The OpenSSL library has a notion of preference in TLS
* ciphers. Higher preference == more secure.
* Return the highest preference cipher.
*/
void
get_highest_preference_tls_cipher (char *buf, int size)
{
SSL_CTX *ctx;
SSL *ssl;
const char *cipher_name;
ctx = SSL_CTX_new (TLSv1_method ());
if (!ctx)
msg (M_SSLERR, "Cannot create SSL_CTX object");
ssl = SSL_new (ctx);
if (!ssl)
msg (M_SSLERR, "Cannot create SSL object");
cipher_name = SSL_get_cipher_list (ssl, 0);
strncpynt (buf, cipher_name, size);
SSL_free (ssl);
SSL_CTX_free (ctx);
}
/*
* Map internal constants to ascii names.
*/

2
ssl.h
View File

@ -824,8 +824,6 @@ void tls_post_encrypt (struct tls_multi *multi, struct buffer *buf);
/** @} name Functions for managing security parameter state for data channel packets */
void get_highest_preference_tls_cipher (char *buf, int size);
void pem_password_setup (const char *auth_file);
int pem_password_callback (char *buf, int size, int rwflag, void *u);
void auth_user_pass_setup (const char *auth_file, const struct static_challenge_info *sc_info);

6
ssl_backend.h
View File

@ -70,4 +70,10 @@ void tls_clear_error();
*/
void show_available_tls_ciphers ();
/*
* The OpenSSL library has a notion of preference in TLS ciphers. Higher
* preference == more secure. Return the highest preference cipher.
*/
void get_highest_preference_tls_cipher (char *buf, int size);
#endif /* SSL_BACKEND_H_ */

21
ssl_openssl.c
View File

@ -100,3 +100,24 @@ show_available_tls_ciphers ()
SSL_free (ssl);
SSL_CTX_free (ctx);
}
void
get_highest_preference_tls_cipher (char *buf, int size)
{
SSL_CTX *ctx;
SSL *ssl;
const char *cipher_name;
ctx = SSL_CTX_new (TLSv1_method ());
if (!ctx)
msg (M_SSLERR, "Cannot create SSL_CTX object");
ssl = SSL_new (ctx);
if (!ssl)
msg (M_SSLERR, "Cannot create SSL object");
cipher_name = SSL_get_cipher_list (ssl, 0);
strncpynt (buf, cipher_name, size);
SSL_free (ssl);
SSL_CTX_free (ctx);
}