Tollef Fog Heen wrote:
| I could not find an OpenSSL function that would provide a canonical list | of supported ciphers (that is not to say such a funtion definitely does | not exist).«ltrace openssl ciphers» seem to show it calling SSL_get_cipher_list multiple times, so maybe that's a useful starting point?
Will have to look, I suspect this may be a different cipher list to that required by EVP, the SSL cipher list is significantly more involved. As Joe points out, using the SSL* library to initialise the EVP library is lame, but there are constraints that OpenSSL limits you to. For example, you can set the certificates you want to use using SSL_CTX_use_certificate (IIRC), but there is no corresponding getter function to retrieve the certificate again. The only way around it that I have yet found is to create an SSL* context, and use the getters from that to retrieve the cert. This is not ideal, but it does behave the same way as apr_ssl_* and friends, which follows the principle of least astonishment.
Regards, Graham --
smime.p7s
Description: S/MIME Cryptographic Signature
