From 831eef2cf500b8a2aaee21b44986c79e62bae912 Mon Sep 17 00:00:00 2001 From: Nick Mathewson Date: Mon, 25 May 2015 21:16:53 -0400 Subject: [PATCH] Add SSL_get_client_ciphers() to return ciphers from ClientHello On the server side, if you want to know which ciphers the client offered, you had to use session->ciphers. But that field is no longer visible, so we need a method to get at it. Signed-off-by: Nick Mathewson Signed-off-by: Matt Caswell Reviewed-by: Tim Hudson --- doc/ssl/SSL_get_ciphers.pod | 5 +++++ include/openssl/ssl.h | 1 + ssl/ssl_lib.c | 7 +++++++ 3 files changed, 13 insertions(+) diff --git a/doc/ssl/SSL_get_ciphers.pod b/doc/ssl/SSL_get_ciphers.pod index aecadd9138..f2a81037c0 100644 --- a/doc/ssl/SSL_get_ciphers.pod +++ b/doc/ssl/SSL_get_ciphers.pod @@ -9,6 +9,7 @@ SSL_get_ciphers, SSL_get_cipher_list - get list of available SSL_CIPHERs #include STACK_OF(SSL_CIPHER) *SSL_get_ciphers(const SSL *ssl); + STACK_OF(SSL_CIPHER) *SSL_get_client_ciphers(const SSL *ssl); const char *SSL_get_cipher_list(const SSL *ssl, int priority); =head1 DESCRIPTION @@ -17,6 +18,10 @@ SSL_get_ciphers() returns the stack of available SSL_CIPHERs for B, sorted by preference. If B is NULL or no ciphers are available, NULL is returned. +SSL_get_client_ciphers() returns the stack of available SSL_CIPHERS matching the +list sent by the client for B. If B is NULL, no ciphers are +available, or B is not operating in server mode, NULL is returned. + SSL_get_cipher_list() returns a pointer to the name of the SSL_CIPHER listed for B with B. If B is NULL, no ciphers are available, or there are less ciphers than B available, NULL diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h index 9694e24d9a..5de33e9305 100644 --- a/include/openssl/ssl.h +++ b/include/openssl/ssl.h @@ -1583,6 +1583,7 @@ __owur const SSL_METHOD *DTLS_server_method(void); /* DTLS 1.0 and 1.2 */ __owur const SSL_METHOD *DTLS_client_method(void); /* DTLS 1.0 and 1.2 */ __owur STACK_OF(SSL_CIPHER) *SSL_get_ciphers(const SSL *s); +__owur STACK_OF(SSL_CIPHER) *SSL_get_client_ciphers(const SSL *s); __owur STACK_OF(SSL_CIPHER) *SSL_get1_supported_ciphers(SSL *s); __owur int SSL_do_handshake(SSL *s); diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index 5ca917119c..0b4b58e0f8 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -1258,6 +1258,13 @@ STACK_OF(SSL_CIPHER) *SSL_get_ciphers(const SSL *s) return (NULL); } +STACK_OF(SSL_CIPHER) *SSL_get_client_ciphers(const SSL *s) +{ + if ((s == NULL) || (s->session == NULL) || !s->server) + return NULL; + return s->session->ciphers; +} + STACK_OF(SSL_CIPHER) *SSL_get1_supported_ciphers(SSL *s) { STACK_OF(SSL_CIPHER) *sk = NULL, *ciphers; -- 2.25.1