diff options
author | Adriaan de Jong <dejong@fox-it.com> | 2011-06-27 09:52:59 +0200 |
---|---|---|
committer | David Sommerseth <davids@redhat.com> | 2011-10-19 22:31:46 +0200 |
commit | b64ffdcf09edd7110c1f851942d0e8d4e05d883c (patch) | |
tree | 01e55f356f3032e663961ab3bf37ec520278a580 | |
parent | 397c0a35c5b36c270678c717e931476dc42bfa5c (diff) | |
download | openvpn-b64ffdcf09edd7110c1f851942d0e8d4e05d883c.tar.gz openvpn-b64ffdcf09edd7110c1f851942d0e8d4e05d883c.tar.xz openvpn-b64ffdcf09edd7110c1f851942d0e8d4e05d883c.zip |
Refactored get_highest_preference_tls_cipher
Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: Gert Doering <gert@greenie.muc.de>
Signed-off-by: David Sommerseth <davids@redhat.com>
-rw-r--r-- | ssl.c | 26 | ||||
-rw-r--r-- | ssl.h | 2 | ||||
-rw-r--r-- | ssl_backend.h | 6 | ||||
-rw-r--r-- | ssl_openssl.c | 21 |
4 files changed, 27 insertions, 28 deletions
@@ -2450,32 +2450,6 @@ print_details (SSL * c_ssl, const char *prefix) } /* - * The OpenSSL library has a notion of preference in TLS - * ciphers. Higher preference == more secure. - * Return the highest preference cipher. - */ -void -get_highest_preference_tls_cipher (char *buf, int size) -{ - SSL_CTX *ctx; - SSL *ssl; - const char *cipher_name; - - ctx = SSL_CTX_new (TLSv1_method ()); - if (!ctx) - msg (M_SSLERR, "Cannot create SSL_CTX object"); - ssl = SSL_new (ctx); - if (!ssl) - msg (M_SSLERR, "Cannot create SSL object"); - - cipher_name = SSL_get_cipher_list (ssl, 0); - strncpynt (buf, cipher_name, size); - - SSL_free (ssl); - SSL_CTX_free (ctx); -} - -/* * Map internal constants to ascii names. */ static const char * @@ -824,8 +824,6 @@ void tls_post_encrypt (struct tls_multi *multi, struct buffer *buf); /** @} name Functions for managing security parameter state for data channel packets */ -void get_highest_preference_tls_cipher (char *buf, int size); - void pem_password_setup (const char *auth_file); int pem_password_callback (char *buf, int size, int rwflag, void *u); void auth_user_pass_setup (const char *auth_file, const struct static_challenge_info *sc_info); diff --git a/ssl_backend.h b/ssl_backend.h index 336e923..103eea4 100644 --- a/ssl_backend.h +++ b/ssl_backend.h @@ -70,4 +70,10 @@ void tls_clear_error(); */ void show_available_tls_ciphers (); +/* + * The OpenSSL library has a notion of preference in TLS ciphers. Higher + * preference == more secure. Return the highest preference cipher. + */ +void get_highest_preference_tls_cipher (char *buf, int size); + #endif /* SSL_BACKEND_H_ */ diff --git a/ssl_openssl.c b/ssl_openssl.c index 6f6f1b3..c80dfb1 100644 --- a/ssl_openssl.c +++ b/ssl_openssl.c @@ -100,3 +100,24 @@ show_available_tls_ciphers () SSL_free (ssl); SSL_CTX_free (ctx); } + +void +get_highest_preference_tls_cipher (char *buf, int size) +{ + SSL_CTX *ctx; + SSL *ssl; + const char *cipher_name; + + ctx = SSL_CTX_new (TLSv1_method ()); + if (!ctx) + msg (M_SSLERR, "Cannot create SSL_CTX object"); + ssl = SSL_new (ctx); + if (!ssl) + msg (M_SSLERR, "Cannot create SSL object"); + + cipher_name = SSL_get_cipher_list (ssl, 0); + strncpynt (buf, cipher_name, size); + + SSL_free (ssl); + SSL_CTX_free (ctx); +} |