diff options
| author | Benjamin Kaduk <bkaduk@akamai.com> | 2017-02-06 11:30:16 -0600 |
|---|---|---|
| committer | Richard Levitte <levitte@openssl.org> | 2017-02-23 19:24:37 +0100 |
| commit | 60d685d196e8d594d754751e4852f01d80d8c0cc (patch) | |
| tree | f8e7d0739c62f6a312fcc85004ebe811dba68aad /ssl/ssl_ciph.c | |
| parent | 650c6e41d60905fa1396dff2c7fe4d6fbb7239ba (diff) | |
| download | openssl-60d685d196e8d594d754751e4852f01d80d8c0cc.zip openssl-60d685d196e8d594d754751e4852f01d80d8c0cc.tar.gz openssl-60d685d196e8d594d754751e4852f01d80d8c0cc.tar.bz2 | |
Let ssl_get_cipher_by_char yield not-valid ciphers
Now that we have made SCSVs into more of a first-class object, provide
a way for the bytes-to-SSL_CIPHER conversion to actually return them.
Add a flag 'all' to ssl_get_cipher_by_char to indicate that we want
all the known ciphers, not just the ones valid for encryption. This will,
in practice, let the caller retrieve the SCSVs.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2279)
Diffstat (limited to 'ssl/ssl_ciph.c')
| -rw-r--r-- | ssl/ssl_ciph.c | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c index 2d2395c..e64e3da 100644 --- a/ssl/ssl_ciph.c +++ b/ssl/ssl_ciph.c @@ -1915,11 +1915,12 @@ int ssl_cipher_get_cert_index(const SSL_CIPHER *c) return -1; } -const SSL_CIPHER *ssl_get_cipher_by_char(SSL *ssl, const unsigned char *ptr) +const SSL_CIPHER *ssl_get_cipher_by_char(SSL *ssl, const unsigned char *ptr, + int all) { const SSL_CIPHER *c = ssl->method->get_cipher_by_char(ptr); - if (c == NULL || c->valid == 0) + if (c == NULL || (!all && c->valid == 0)) return NULL; return c; } |