kris/boringssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Add SSL_CTX_get_ciphers.

Browse Source 
This is an API from OpenSSL 1.1.0 which is a little risky to add ahead
of bumping OPENSSL_VERSION_NUMBER, but anything which currently builds
against BoringSSL already had an #ifdef due to the
ssl_cipher_preference_list_st business anyway.

Bump BORINGSSL_API_VERSION to make it easier to patch envoy for this.

BUG=6

Change-Id: If8307e30eb069bbd7dc4b8447b6e48e83899d584
Reviewed-on: https://boringssl-review.googlesource.com/14067
Reviewed-by: Steven Valdez <svaldez@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
This commit is contained in:
David Benjamin 2017-03-02 22:04:07 -05:00 committed by CQ bot account: commit-bot@chromium.org
parent f29c429324
commit 8ebeabf0e2
3 changed files with 11 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
include/openssl/base.h
View File

@ -141,7 +141,7 @@ extern "C" {
* A consumer may use this symbol in the preprocessor to temporarily build * A consumer may use this symbol in the preprocessor to temporarily build
* against multiple revisions of BoringSSL at the same time. It is not * against multiple revisions of BoringSSL at the same time. It is not
* recommended to do so for longer than is necessary. */ * recommended to do so for longer than is necessary. */
#define BORINGSSL_API_VERSION 2 #define BORINGSSL_API_VERSION 3
#if defined(BORINGSSL_SHARED_LIBRARY) #if defined(BORINGSSL_SHARED_LIBRARY)

4
include/openssl/ssl.h
View File

@ -1366,6 +1366,10 @@ OPENSSL_EXPORT int SSL_set_strict_cipher_list(SSL *ssl, const char *str);
* inputs, unless an empty cipher list results. */ * inputs, unless an empty cipher list results. */
OPENSSL_EXPORT int SSL_set_cipher_list(SSL *ssl, const char *str); OPENSSL_EXPORT int SSL_set_cipher_list(SSL *ssl, const char *str);
/* SSL_CTX_get_ciphers returns the cipher list for |ctx|, in order of
* preference. */
OPENSSL_EXPORT STACK_OF(SSL_CIPHER) *SSL_CTX_get_ciphers(const SSL_CTX *ctx);
/* SSL_get_ciphers returns the cipher list for |ssl|, in order of preference. */ /* SSL_get_ciphers returns the cipher list for |ssl|, in order of preference. */
OPENSSL_EXPORT STACK_OF(SSL_CIPHER) *SSL_get_ciphers(const SSL *ssl); OPENSSL_EXPORT STACK_OF(SSL_CIPHER) *SSL_get_ciphers(const SSL *ssl);

11
ssl/ssl_lib.c
View File

@ -1455,6 +1455,10 @@ int SSL_set_tmp_dh(SSL *ssl, const DH *dh) {
return 1; return 1;
} }
OPENSSL_EXPORT STACK_OF(SSL_CIPHER) *SSL_CTX_get_ciphers(const SSL_CTX *ctx) {
return ctx->cipher_list->ciphers;
}
STACK_OF(SSL_CIPHER) *SSL_get_ciphers(const SSL *ssl) { STACK_OF(SSL_CIPHER) *SSL_get_ciphers(const SSL *ssl) {
if (ssl == NULL) { if (ssl == NULL) {
return NULL; return NULL;
@ -1470,19 +1474,16 @@ STACK_OF(SSL_CIPHER) *SSL_get_ciphers(const SSL *ssl) {
} }
const char *SSL_get_cipher_list(const SSL *ssl, int n) { const char *SSL_get_cipher_list(const SSL *ssl, int n) {
const SSL_CIPHER *c;
STACK_OF(SSL_CIPHER) *sk;
if (ssl == NULL) { if (ssl == NULL) {
return NULL; return NULL;
} }
sk = SSL_get_ciphers(ssl); STACK_OF(SSL_CIPHER) *sk = SSL_get_ciphers(ssl);
if (sk == NULL || n < 0 || (size_t)n >= sk_SSL_CIPHER_num(sk)) { if (sk == NULL || n < 0 || (size_t)n >= sk_SSL_CIPHER_num(sk)) {
return NULL; return NULL;
} }
c = sk_SSL_CIPHER_value(sk, n); const SSL_CIPHER *c = sk_SSL_CIPHER_value(sk, n);
if (c == NULL) { if (c == NULL) {
return NULL; return NULL;
} }