From bd05644df71602f76db5335b8077ba4dbbb6b427 Mon Sep 17 00:00:00 2001 From: Matt Caswell Date: Fri, 27 Apr 2018 11:38:19 +0100 Subject: [PATCH] Add some documentation for SSL_get_shared_ciphers() Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/6115) --- doc/ssl/SSL_get_ciphers.pod | 19 ++++++++++++++++++- doc/ssl/ssl.pod | 2 +- 2 files changed, 19 insertions(+), 2 deletions(-) diff --git a/doc/ssl/SSL_get_ciphers.pod b/doc/ssl/SSL_get_ciphers.pod index aecadd9138..7697d27917 100644 --- a/doc/ssl/SSL_get_ciphers.pod +++ b/doc/ssl/SSL_get_ciphers.pod @@ -2,7 +2,10 @@ =head1 NAME -SSL_get_ciphers, SSL_get_cipher_list - get list of available SSL_CIPHERs +SSL_get_ciphers, +SSL_get_cipher_list, +SSL_get_shared_ciphers +- get list of available SSL_CIPHERs =head1 SYNOPSIS @@ -10,6 +13,7 @@ SSL_get_ciphers, SSL_get_cipher_list - get list of available SSL_CIPHERs STACK_OF(SSL_CIPHER) *SSL_get_ciphers(const SSL *ssl); const char *SSL_get_cipher_list(const SSL *ssl, int priority); + char *SSL_get_shared_ciphers(const SSL *s, char *buf, int size); =head1 DESCRIPTION @@ -22,6 +26,19 @@ listed for B with B. If B is NULL, no ciphers are available, or there are less ciphers than B available, NULL is returned. +SSL_get_shared_ciphers() creates a colon separated and NUL terminated list of +SSL_CIPHER names that are available in both the client and the server. B is +the buffer that should be populated with the list of names and B is the +size of that buffer. A pointer to B is returned on success or NULL on +error. If the supplied buffer is not large enough to contain the complete list +of names then a truncated list of names will be returned. Note that just because +a ciphersuite is available (i.e. it is configured in the cipher list) and shared +by both the client and the server it does not mean that it is enabled (for +example some ciphers may not be usable by a server if there is not a suitable +certificate configured). This function will return available shared ciphersuites +whether or not they are enabled. This is a server side function only and must +only be called after the completion of the initial handshake. + =head1 NOTES The details of the ciphers obtained by SSL_get_ciphers() can be obtained using diff --git a/doc/ssl/ssl.pod b/doc/ssl/ssl.pod index 70cca178a2..5408d61b31 100644 --- a/doc/ssl/ssl.pod +++ b/doc/ssl/ssl.pod @@ -572,7 +572,7 @@ connection defined in the B structure. =item SSL_SESSION *B(const SSL *ssl); -=item char *B(const SSL *ssl, char *buf, int len); +=item char *B(const SSL *ssl, char *buf, int size); =item int B(const SSL *ssl); -- 2.25.1