Add SSL_get_client_ciphers() to return ciphers from ClientHello

On the server side, if you want to know which ciphers the client offered, you had to use session->ciphers. But that field is no longer visible, so we need a method to get at it. Signed-off-by: N Nick Mathewson <nickm@torproject.org> Signed-off-by: N Matt Caswell <matt@openssl.org> Reviewed-by: N Tim Hudson <tjh@openssl.org>

Add SSL_get_client_ciphers() to return ciphers from ClientHello
On the server side, if you want to know which ciphers the client offered, you had to use session->ciphers. But that field is no longer visible, so we need a method to get at it. Signed-off-by: N Nick Mathewson <nickm@torproject.org> Signed-off-by: N Matt Caswell <matt@openssl.org> Reviewed-by: N Tim Hudson <tjh@openssl.org>
831eef2c · Nick Mathewson · Matt Caswell · 15a06488 · 831eef2c · 831eef2c
隐藏空白更改
内联并排

Showing with 13 addition and 0 deletion

doc/ssl/SSL_get_ciphers.pod doc/ssl/SSL_get_ciphers.pod +5 -0

include/openssl/ssl.h include/openssl/ssl.h +1 -0

ssl/ssl_lib.c ssl/ssl_lib.c +7 -0

未找到文件。
--- a/doc/ssl/SSL_get_ciphers.pod
+++ b/doc/ssl/SSL_get_ciphers.pod
@@ -9,6 +9,7 @@ SSL_get_ciphers, SSL_get_cipher_list - get list of available SSL_CIPHERs
 #include <openssl/ssl.h>

 STACK_OF(SSL_CIPHER) *SSL_get_ciphers(const SSL *ssl);
+ STACK_OF(SSL_CIPHER) *SSL_get_client_ciphers(const SSL *ssl);
 const char *SSL_get_cipher_list(const SSL *ssl, int priority);

 =head1 DESCRIPTION
@@ -17,6 +18,10 @@ SSL_get_ciphers() returns the stack of available SSL_CIPHERs for B<ssl>,
 sorted by preference. If B<ssl> is NULL or no ciphers are available, NULL
 is returned.

+SSL_get_client_ciphers() returns the stack of available SSL_CIPHERS matching the
+list sent by the client for B<ssl>. If B<ssl> is NULL, no ciphers are
+available, or B<ssl> is not operating in server mode, NULL is returned.
+
 SSL_get_cipher_list() returns a pointer to the name of the SSL_CIPHER
 listed for B<ssl> with B<priority>. If B<ssl> is NULL, no ciphers are
 available, or there are less ciphers than B<priority> available, NULL

--- a/include/openssl/ssl.h
+++ b/include/openssl/ssl.h
@@ -1583,6 +1583,7 @@ __owur const SSL_METHOD *DTLS_server_method(void); /* DTLS 1.0 and 1.2 */
 __owur const SSL_METHOD *DTLS_client_method(void); /* DTLS 1.0 and 1.2 */

 __owur STACK_OF(SSL_CIPHER) *SSL_get_ciphers(const SSL *s);
+__owur STACK_OF(SSL_CIPHER) *SSL_get_client_ciphers(const SSL *s);
 __owur STACK_OF(SSL_CIPHER) *SSL_get1_supported_ciphers(SSL *s);

 __owur int SSL_do_handshake(SSL *s);

--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -1258,6 +1258,13 @@ STACK_OF(SSL_CIPHER) *SSL_get_ciphers(const SSL *s)
    return (NULL);
 }

+STACK_OF(SSL_CIPHER) *SSL_get_client_ciphers(const SSL *s)
+{
+    if ((s == NULL) || (s->session == NULL) || !s->server)
+        return NULL;
+    return s->session->ciphers;
+}
+
 STACK_OF(SSL_CIPHER) *SSL_get1_supported_ciphers(SSL *s)
 {
    STACK_OF(SSL_CIPHER) *sk = NULL, *ciphers;