mirror of
https://github.com/OpenVPN/openvpn.git
synced 2024-09-20 12:02:28 +02:00
Refactored get_highest_preference_tls_cipher
Signed-off-by: Adriaan de Jong <dejong@fox-it.com> Acked-by: Gert Doering <gert@greenie.muc.de> Signed-off-by: David Sommerseth <davids@redhat.com>
This commit is contained in:
parent
397c0a35c5
commit
b64ffdcf09
26
ssl.c
26
ssl.c
@ -2449,32 +2449,6 @@ print_details (SSL * c_ssl, const char *prefix)
|
||||
msg (D_HANDSHAKE, "%s%s", s1, s2);
|
||||
}
|
||||
|
||||
/*
|
||||
* The OpenSSL library has a notion of preference in TLS
|
||||
* ciphers. Higher preference == more secure.
|
||||
* Return the highest preference cipher.
|
||||
*/
|
||||
void
|
||||
get_highest_preference_tls_cipher (char *buf, int size)
|
||||
{
|
||||
SSL_CTX *ctx;
|
||||
SSL *ssl;
|
||||
const char *cipher_name;
|
||||
|
||||
ctx = SSL_CTX_new (TLSv1_method ());
|
||||
if (!ctx)
|
||||
msg (M_SSLERR, "Cannot create SSL_CTX object");
|
||||
ssl = SSL_new (ctx);
|
||||
if (!ssl)
|
||||
msg (M_SSLERR, "Cannot create SSL object");
|
||||
|
||||
cipher_name = SSL_get_cipher_list (ssl, 0);
|
||||
strncpynt (buf, cipher_name, size);
|
||||
|
||||
SSL_free (ssl);
|
||||
SSL_CTX_free (ctx);
|
||||
}
|
||||
|
||||
/*
|
||||
* Map internal constants to ascii names.
|
||||
*/
|
||||
|
2
ssl.h
2
ssl.h
@ -824,8 +824,6 @@ void tls_post_encrypt (struct tls_multi *multi, struct buffer *buf);
|
||||
|
||||
/** @} name Functions for managing security parameter state for data channel packets */
|
||||
|
||||
void get_highest_preference_tls_cipher (char *buf, int size);
|
||||
|
||||
void pem_password_setup (const char *auth_file);
|
||||
int pem_password_callback (char *buf, int size, int rwflag, void *u);
|
||||
void auth_user_pass_setup (const char *auth_file, const struct static_challenge_info *sc_info);
|
||||
|
@ -70,4 +70,10 @@ void tls_clear_error();
|
||||
*/
|
||||
void show_available_tls_ciphers ();
|
||||
|
||||
/*
|
||||
* The OpenSSL library has a notion of preference in TLS ciphers. Higher
|
||||
* preference == more secure. Return the highest preference cipher.
|
||||
*/
|
||||
void get_highest_preference_tls_cipher (char *buf, int size);
|
||||
|
||||
#endif /* SSL_BACKEND_H_ */
|
||||
|
@ -100,3 +100,24 @@ show_available_tls_ciphers ()
|
||||
SSL_free (ssl);
|
||||
SSL_CTX_free (ctx);
|
||||
}
|
||||
|
||||
void
|
||||
get_highest_preference_tls_cipher (char *buf, int size)
|
||||
{
|
||||
SSL_CTX *ctx;
|
||||
SSL *ssl;
|
||||
const char *cipher_name;
|
||||
|
||||
ctx = SSL_CTX_new (TLSv1_method ());
|
||||
if (!ctx)
|
||||
msg (M_SSLERR, "Cannot create SSL_CTX object");
|
||||
ssl = SSL_new (ctx);
|
||||
if (!ssl)
|
||||
msg (M_SSLERR, "Cannot create SSL object");
|
||||
|
||||
cipher_name = SSL_get_cipher_list (ssl, 0);
|
||||
strncpynt (buf, cipher_name, size);
|
||||
|
||||
SSL_free (ssl);
|
||||
SSL_CTX_free (ctx);
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user