diff options
| author | Theo Buehler <tb@cvs.openbsd.org> | 2022-07-14 08:07:55 +0000 |
|---|---|---|
| committer | Theo Buehler <tb@cvs.openbsd.org> | 2022-07-14 08:07:55 +0000 |
| commit | e45032fdf687bf0781c88c261ba8618f82630e7e (patch) | |
| tree | 876e2916eb1b1012d112aea25b4805ae8cbb4622 /usr.bin | |
| parent | bc04f46e989b47e5616441b19dd18cd7caee8e18 (diff) | |
Add -s option to openssl ciphers
With this option, the command only shows the ciphers supported by the
SSL method.
ok beck jsing
Diffstat (limited to 'usr.bin')
| -rw-r--r-- | usr.bin/openssl/ciphers.c | 24 |
1 files changed, 20 insertions, 4 deletions
diff --git a/usr.bin/openssl/ciphers.c b/usr.bin/openssl/ciphers.c index a20f19c3afd..6a96dfcc923 100644 --- a/usr.bin/openssl/ciphers.c +++ b/usr.bin/openssl/ciphers.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ciphers.c,v 1.10 2019/07/14 03:30:45 guenther Exp $ */ +/* $OpenBSD: ciphers.c,v 1.11 2022/07/14 08:07:54 tb Exp $ */ /* * Copyright (c) 2014 Joel Sing <jsing@openbsd.org> * @@ -26,6 +26,7 @@ struct { int usage; + int use_supported; int verbose; } ciphers_config; @@ -41,6 +42,12 @@ static const struct option ciphers_options[] = { .opt.flag = &ciphers_config.usage, }, { + .name = "s", + .desc = "Only list ciphers that are supported by the TLS method", + .type = OPTION_FLAG, + .opt.flag = &ciphers_config.use_supported, + }, + { .name = "tls1", .desc = "This option is deprecated since it is the default", .type = OPTION_DISCARD, @@ -65,7 +72,7 @@ static const struct option ciphers_options[] = { static void ciphers_usage(void) { - fprintf(stderr, "usage: ciphers [-hVv] [-tls1] [cipherlist]\n"); + fprintf(stderr, "usage: ciphers [-hsVv] [-tls1] [cipherlist]\n"); options_usage(ciphers_options); } @@ -74,6 +81,7 @@ ciphers_main(int argc, char **argv) { char *cipherlist = NULL; STACK_OF(SSL_CIPHER) *ciphers; + STACK_OF(SSL_CIPHER) *supported_ciphers = NULL; const SSL_CIPHER *cipher; SSL_CTX *ssl_ctx = NULL; SSL *ssl = NULL; @@ -112,8 +120,15 @@ ciphers_main(int argc, char **argv) if ((ssl = SSL_new(ssl_ctx)) == NULL) goto err; - if ((ciphers = SSL_get_ciphers(ssl)) == NULL) - goto err; + if (ciphers_config.use_supported) { + if ((supported_ciphers = + SSL_get1_supported_ciphers(ssl)) == NULL) + goto err; + ciphers = supported_ciphers; + } else { + if ((ciphers = SSL_get_ciphers(ssl)) == NULL) + goto err; + } for (i = 0; i < sk_SSL_CIPHER_num(ciphers); i++) { cipher = sk_SSL_CIPHER_value(ciphers, i); @@ -145,6 +160,7 @@ ciphers_main(int argc, char **argv) rv = 1; done: + sk_SSL_CIPHER_free(supported_ciphers); SSL_CTX_free(ssl_ctx); SSL_free(ssl); |