diff --git a/doc/ssl/SSL_get_ciphers.pod b/doc/ssl/SSL_get_ciphers.pod index aecadd9138f0ba0ef8705eeeffa6bbc87e11926d..f2a81037c04ae46f57347384ddccb6732ddf5b66 100644 --- a/doc/ssl/SSL_get_ciphers.pod +++ b/doc/ssl/SSL_get_ciphers.pod @@ -9,6 +9,7 @@ SSL_get_ciphers, SSL_get_cipher_list - get list of available SSL_CIPHERs #include STACK_OF(SSL_CIPHER) *SSL_get_ciphers(const SSL *ssl); + STACK_OF(SSL_CIPHER) *SSL_get_client_ciphers(const SSL *ssl); const char *SSL_get_cipher_list(const SSL *ssl, int priority); =head1 DESCRIPTION @@ -17,6 +18,10 @@ SSL_get_ciphers() returns the stack of available SSL_CIPHERs for B, sorted by preference. If B is NULL or no ciphers are available, NULL is returned. +SSL_get_client_ciphers() returns the stack of available SSL_CIPHERS matching the +list sent by the client for B. If B is NULL, no ciphers are +available, or B is not operating in server mode, NULL is returned. + SSL_get_cipher_list() returns a pointer to the name of the SSL_CIPHER listed for B with B. If B is NULL, no ciphers are available, or there are less ciphers than B available, NULL diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h index 9694e24d9a6f9896395c62d0a75fe736e17d0628..5de33e9305773c2a273be56360663ec14f3933d6 100644 --- a/include/openssl/ssl.h +++ b/include/openssl/ssl.h @@ -1583,6 +1583,7 @@ __owur const SSL_METHOD *DTLS_server_method(void); /* DTLS 1.0 and 1.2 */ __owur const SSL_METHOD *DTLS_client_method(void); /* DTLS 1.0 and 1.2 */ __owur STACK_OF(SSL_CIPHER) *SSL_get_ciphers(const SSL *s); +__owur STACK_OF(SSL_CIPHER) *SSL_get_client_ciphers(const SSL *s); __owur STACK_OF(SSL_CIPHER) *SSL_get1_supported_ciphers(SSL *s); __owur int SSL_do_handshake(SSL *s); diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index 5ca917119cb9dc0d1f4d6a6e1714c9f21581f607..0b4b58e0f80726102fb39cd8ba2fb8548e04f9c0 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -1258,6 +1258,13 @@ STACK_OF(SSL_CIPHER) *SSL_get_ciphers(const SSL *s) return (NULL); } +STACK_OF(SSL_CIPHER) *SSL_get_client_ciphers(const SSL *s) +{ + if ((s == NULL) || (s->session == NULL) || !s->server) + return NULL; + return s->session->ciphers; +} + STACK_OF(SSL_CIPHER) *SSL_get1_supported_ciphers(SSL *s) { STACK_OF(SSL_CIPHER) *sk = NULL, *ciphers;