From b64ffdcf09edd7110c1f851942d0e8d4e05d883c Mon Sep 17 00:00:00 2001
From: Adriaan de Jong <dejong@fox-it.com>
Date: Mon, 27 Jun 2011 09:52:59 +0200
Subject: Refactored get_highest_preference_tls_cipher

Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: Gert Doering <gert@greenie.muc.de>
Signed-off-by: David Sommerseth <davids@redhat.com>
---
 ssl.c         | 26 --------------------------
 ssl.h         |  2 --
 ssl_backend.h |  6 ++++++
 ssl_openssl.c | 21 +++++++++++++++++++++
 4 files changed, 27 insertions(+), 28 deletions(-)

diff --git a/ssl.c b/ssl.c
index 2935088..e94342f 100644
--- a/ssl.c
+++ b/ssl.c
@@ -2449,32 +2449,6 @@ print_details (SSL * c_ssl, const char *prefix)
   msg (D_HANDSHAKE, "%s%s", s1, s2);
 }
 
-/*
- * The OpenSSL library has a notion of preference in TLS
- * ciphers.  Higher preference == more secure.
- * Return the highest preference cipher.
- */
-void
-get_highest_preference_tls_cipher (char *buf, int size)
-{
-  SSL_CTX *ctx;
-  SSL *ssl;
-  const char *cipher_name;
-
-  ctx = SSL_CTX_new (TLSv1_method ());
-  if (!ctx)
-    msg (M_SSLERR, "Cannot create SSL_CTX object");
-  ssl = SSL_new (ctx);
-  if (!ssl)
-    msg (M_SSLERR, "Cannot create SSL object");
-
-  cipher_name = SSL_get_cipher_list (ssl, 0);
-  strncpynt (buf, cipher_name, size);
-
-  SSL_free (ssl);
-  SSL_CTX_free (ctx);
-}
-
 /*
  * Map internal constants to ascii names.
  */
diff --git a/ssl.h b/ssl.h
index 2ff4c4d..c23a946 100644
--- a/ssl.h
+++ b/ssl.h
@@ -824,8 +824,6 @@ void tls_post_encrypt (struct tls_multi *multi, struct buffer *buf);
 
 /** @} name Functions for managing security parameter state for data channel packets */
 
-void get_highest_preference_tls_cipher (char *buf, int size);
-
 void pem_password_setup (const char *auth_file);
 int pem_password_callback (char *buf, int size, int rwflag, void *u);
 void auth_user_pass_setup (const char *auth_file, const struct static_challenge_info *sc_info);
diff --git a/ssl_backend.h b/ssl_backend.h
index 336e923..103eea4 100644
--- a/ssl_backend.h
+++ b/ssl_backend.h
@@ -70,4 +70,10 @@ void tls_clear_error();
  */
 void show_available_tls_ciphers ();
 
+/*
+ * The OpenSSL library has a notion of preference in TLS ciphers.  Higher
+ * preference == more secure. Return the highest preference cipher.
+ */
+void get_highest_preference_tls_cipher (char *buf, int size);
+
 #endif /* SSL_BACKEND_H_ */
diff --git a/ssl_openssl.c b/ssl_openssl.c
index 6f6f1b3..c80dfb1 100644
--- a/ssl_openssl.c
+++ b/ssl_openssl.c
@@ -100,3 +100,24 @@ show_available_tls_ciphers ()
   SSL_free (ssl);
   SSL_CTX_free (ctx);
 }
+
+void
+get_highest_preference_tls_cipher (char *buf, int size)
+{
+  SSL_CTX *ctx;
+  SSL *ssl;
+  const char *cipher_name;
+
+  ctx = SSL_CTX_new (TLSv1_method ());
+  if (!ctx)
+    msg (M_SSLERR, "Cannot create SSL_CTX object");
+  ssl = SSL_new (ctx);
+  if (!ssl)
+    msg (M_SSLERR, "Cannot create SSL object");
+
+  cipher_name = SSL_get_cipher_list (ssl, 0);
+  strncpynt (buf, cipher_name, size);
+
+  SSL_free (ssl);
+  SSL_CTX_free (ctx);
+}
-- 
cgit