From b769bcaecab85091f348cf5c186e7b820fe0489f Mon Sep 17 00:00:00 2001 From: schwarze <> Date: Sat, 10 Dec 2016 14:56:56 +0000 Subject: Write an SSL_get_shared_ciphers(3) manual from scratch; another one where BUGS is longer than DESCRIPTION. The function is listed in ssl(3) and , so it's clearly public. The code looks slightly mysterious to me, so it would be welcome if somebody more familiar with TLS protocols could check factual accuracy. --- src/lib/libssl/man/Makefile | 3 +- src/lib/libssl/man/SSL_get_shared_ciphers.3 | 70 +++++++++++++++++++++++++++++ 2 files changed, 72 insertions(+), 1 deletion(-) create mode 100644 src/lib/libssl/man/SSL_get_shared_ciphers.3 (limited to 'src/lib') diff --git a/src/lib/libssl/man/Makefile b/src/lib/libssl/man/Makefile index d1d7bf3cc6..40e0d32a79 100644 --- a/src/lib/libssl/man/Makefile +++ b/src/lib/libssl/man/Makefile @@ -1,4 +1,4 @@ -# $OpenBSD: Makefile,v 1.51 2016/12/10 13:54:32 schwarze Exp $ +# $OpenBSD: Makefile,v 1.52 2016/12/10 14:56:56 schwarze Exp $ .include @@ -73,6 +73,7 @@ MAN = BIO_f_ssl.3 \ SSL_get_peer_certificate.3 \ SSL_get_rbio.3 \ SSL_get_session.3 \ + SSL_get_shared_ciphers.3 \ SSL_get_state.3 \ SSL_get_verify_result.3 \ SSL_get_version.3 \ diff --git a/src/lib/libssl/man/SSL_get_shared_ciphers.3 b/src/lib/libssl/man/SSL_get_shared_ciphers.3 new file mode 100644 index 0000000000..915ad68215 --- /dev/null +++ b/src/lib/libssl/man/SSL_get_shared_ciphers.3 @@ -0,0 +1,70 @@ +.\" $OpenBSD: SSL_get_shared_ciphers.3,v 1.1 2016/12/10 14:56:56 schwarze Exp $ +.\" +.\" Copyright (c) 2016 Ingo Schwarze +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.Dd $Mdocdate: December 10 2016 $ +.Dt SSL_GET_SHARED_CIPHERS 3 +.Os +.Sh NAME +.Nm SSL_get_shared_ciphers +.Nd ciphers supported by both client and server +.Sh SYNOPSIS +.In openssl/ssl.h +.Ft char * +.Fo SSL_get_shared_ciphers +.Fa "const SSL *ssl" +.Fa "char *buf" +.Fa "int len" +.Fc +.Sh DESCRIPTION +.Fn SSL_get_shared_ciphers +puts the names of the ciphers that are supported by both the client +and the server of +.Fa ssl +into the buffer +.Fa buf . +Names are separated by colons. +At most +.Fa len +bytes are written to +.Fa buf +including the terminating NUL character. +.Sh RETURN VALUES +If +.Fa ssl +contains no session, if the session contains no shared ciphers, +or if +.Fa len +is less than 2, +.Fn SSL_get_shared_ciphers +returns +.Dv NULL . +Otherwise, it returns +.Fa buf . +.Sh HISTORY +.Fn SSL_get_shared_ciphers +is available in all versions of OpenSSL. +.Sh BUGS +If the list is too long to fit into +.Fa len +bytes, it is silently truncated after the last cipher name that fits, +and all following ciphers are skipped. +If the buffer is very short such that even the first cipher name +does not fit, an empty string is returned even when some shared +ciphers are actually available. +.Pp +There is no easy way to find out how much space is required for +.Fa buf +or whether the supplied space was sufficient. -- cgit v1.2.3-55-g6feb