diff options
-rw-r--r-- | ssl.c | 26 | ||||
-rw-r--r-- | ssl.h | 2 | ||||
-rw-r--r-- | ssl_backend.h | 6 | ||||
-rw-r--r-- | ssl_openssl.c | 21 |
4 files changed, 27 insertions, 28 deletions
@@ -2450,32 +2450,6 @@ print_details (SSL * c_ssl, const char *prefix) } /* - * The OpenSSL library has a notion of preference in TLS - * ciphers. Higher preference == more secure. - * Return the highest preference cipher. - */ -void -get_highest_preference_tls_cipher (char *buf, int size) -{ - SSL_CTX *ctx; - SSL *ssl; - const char *cipher_name; - - ctx = SSL_CTX_new (TLSv1_method ()); - if (!ctx) - msg (M_SSLERR, "Cannot create SSL_CTX object"); - ssl = SSL_new (ctx); - if (!ssl) - msg (M_SSLERR, "Cannot create SSL object"); - - cipher_name = SSL_get_cipher_list (ssl, 0); - strncpynt (buf, cipher_name, size); - - SSL_free (ssl); - SSL_CTX_free (ctx); -} - -/* * Map internal constants to ascii names. */ static const char * @@ -824,8 +824,6 @@ void tls_post_encrypt (struct tls_multi *multi, struct buffer *buf); /** @} name Functions for managing security parameter state for data channel packets */ -void get_highest_preference_tls_cipher (char *buf, int size); - void pem_password_setup (const char *auth_file); int pem_password_callback (char *buf, int size, int rwflag, void *u); void auth_user_pass_setup (const char *auth_file, const struct static_challenge_info *sc_info); diff --git a/ssl_backend.h b/ssl_backend.h index 336e923..103eea4 100644 --- a/ssl_backend.h +++ b/ssl_backend.h @@ -70,4 +70,10 @@ void tls_clear_error(); */ void show_available_tls_ciphers (); +/* + * The OpenSSL library has a notion of preference in TLS ciphers. Higher + * preference == more secure. Return the highest preference cipher. + */ +void get_highest_preference_tls_cipher (char *buf, int size); + #endif /* SSL_BACKEND_H_ */ diff --git a/ssl_openssl.c b/ssl_openssl.c index 6f6f1b3..c80dfb1 100644 --- a/ssl_openssl.c +++ b/ssl_openssl.c @@ -100,3 +100,24 @@ show_available_tls_ciphers () SSL_free (ssl); SSL_CTX_free (ctx); } + +void +get_highest_preference_tls_cipher (char *buf, int size) +{ + SSL_CTX *ctx; + SSL *ssl; + const char *cipher_name; + + ctx = SSL_CTX_new (TLSv1_method ()); + if (!ctx) + msg (M_SSLERR, "Cannot create SSL_CTX object"); + ssl = SSL_new (ctx); + if (!ssl) + msg (M_SSLERR, "Cannot create SSL object"); + + cipher_name = SSL_get_cipher_list (ssl, 0); + strncpynt (buf, cipher_name, size); + + SSL_free (ssl); + SSL_CTX_free (ctx); +} |