summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authortb <>2022-07-14 08:07:54 +0000
committertb <>2022-07-14 08:07:54 +0000
commitdc36ee8ca5f18dac8cf20bf35adb100e7341117e (patch)
treeac3c7d42e3640cb508519ab7cd6a0eb1a9bc7e2a /src
parentd7bc04c4f3f7e5a12e7d603ad46e0b82f1451126 (diff)
downloadopenbsd-dc36ee8ca5f18dac8cf20bf35adb100e7341117e.tar.gz
openbsd-dc36ee8ca5f18dac8cf20bf35adb100e7341117e.tar.bz2
openbsd-dc36ee8ca5f18dac8cf20bf35adb100e7341117e.zip
Add -s option to openssl ciphers
With this option, the command only shows the ciphers supported by the SSL method. ok beck jsing
Diffstat (limited to 'src')
-rw-r--r--src/usr.bin/openssl/ciphers.c24
1 files changed, 20 insertions, 4 deletions
diff --git a/src/usr.bin/openssl/ciphers.c b/src/usr.bin/openssl/ciphers.c
index a20f19c3af..6a96dfcc92 100644
--- a/src/usr.bin/openssl/ciphers.c
+++ b/src/usr.bin/openssl/ciphers.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ciphers.c,v 1.10 2019/07/14 03:30:45 guenther Exp $ */ 1/* $OpenBSD: ciphers.c,v 1.11 2022/07/14 08:07:54 tb Exp $ */
2/* 2/*
3 * Copyright (c) 2014 Joel Sing <jsing@openbsd.org> 3 * Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
4 * 4 *
@@ -26,6 +26,7 @@
26 26
27struct { 27struct {
28 int usage; 28 int usage;
29 int use_supported;
29 int verbose; 30 int verbose;
30} ciphers_config; 31} ciphers_config;
31 32
@@ -41,6 +42,12 @@ static const struct option ciphers_options[] = {
41 .opt.flag = &ciphers_config.usage, 42 .opt.flag = &ciphers_config.usage,
42 }, 43 },
43 { 44 {
45 .name = "s",
46 .desc = "Only list ciphers that are supported by the TLS method",
47 .type = OPTION_FLAG,
48 .opt.flag = &ciphers_config.use_supported,
49 },
50 {
44 .name = "tls1", 51 .name = "tls1",
45 .desc = "This option is deprecated since it is the default", 52 .desc = "This option is deprecated since it is the default",
46 .type = OPTION_DISCARD, 53 .type = OPTION_DISCARD,
@@ -65,7 +72,7 @@ static const struct option ciphers_options[] = {
65static void 72static void
66ciphers_usage(void) 73ciphers_usage(void)
67{ 74{
68 fprintf(stderr, "usage: ciphers [-hVv] [-tls1] [cipherlist]\n"); 75 fprintf(stderr, "usage: ciphers [-hsVv] [-tls1] [cipherlist]\n");
69 options_usage(ciphers_options); 76 options_usage(ciphers_options);
70} 77}
71 78
@@ -74,6 +81,7 @@ ciphers_main(int argc, char **argv)
74{ 81{
75 char *cipherlist = NULL; 82 char *cipherlist = NULL;
76 STACK_OF(SSL_CIPHER) *ciphers; 83 STACK_OF(SSL_CIPHER) *ciphers;
84 STACK_OF(SSL_CIPHER) *supported_ciphers = NULL;
77 const SSL_CIPHER *cipher; 85 const SSL_CIPHER *cipher;
78 SSL_CTX *ssl_ctx = NULL; 86 SSL_CTX *ssl_ctx = NULL;
79 SSL *ssl = NULL; 87 SSL *ssl = NULL;
@@ -112,8 +120,15 @@ ciphers_main(int argc, char **argv)
112 if ((ssl = SSL_new(ssl_ctx)) == NULL) 120 if ((ssl = SSL_new(ssl_ctx)) == NULL)
113 goto err; 121 goto err;
114 122
115 if ((ciphers = SSL_get_ciphers(ssl)) == NULL) 123 if (ciphers_config.use_supported) {
116 goto err; 124 if ((supported_ciphers =
125 SSL_get1_supported_ciphers(ssl)) == NULL)
126 goto err;
127 ciphers = supported_ciphers;
128 } else {
129 if ((ciphers = SSL_get_ciphers(ssl)) == NULL)
130 goto err;
131 }
117 132
118 for (i = 0; i < sk_SSL_CIPHER_num(ciphers); i++) { 133 for (i = 0; i < sk_SSL_CIPHER_num(ciphers); i++) {
119 cipher = sk_SSL_CIPHER_value(ciphers, i); 134 cipher = sk_SSL_CIPHER_value(ciphers, i);
@@ -145,6 +160,7 @@ ciphers_main(int argc, char **argv)
145 rv = 1; 160 rv = 1;
146 161
147 done: 162 done:
163 sk_SSL_CIPHER_free(supported_ciphers);
148 SSL_CTX_free(ssl_ctx); 164 SSL_CTX_free(ssl_ctx);
149 SSL_free(ssl); 165 SSL_free(ssl);
150 166
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-20 22:49:46 +0000