On Thu, Jun 12, 2014 at 05:21:47PM +0200, Remi Gacogne wrote: > > > I don't understand, that was precisely the intent of using > > SSL_cipher_description() which always returns "Kx=DH" in all circumstances. > > Is there any case you're aware where this does not work ? From what I saw > > in the code, it was a direct mapping of your test of the bit mask, so I'm > > a bit confused :-/ > > Yes, it's my fault. I decided not to use SSL_CIPHER_description() > because it returns a string composed of several values that is computed > for every call, and instead I used SSL_CIPHER_get_name(), which returns > a const hardcoded string. I totally forgot that we had previously > discussed the fact that the ciphers naming convention was, well, fuzzy. > > Would you prefer that I submit a patch replacing the use of > SSL_CIPHER_get_name() by SSL_CIPHER_description(), in order to have a > single strstr() instead of possibly 4 strncmp() ?
Yes I think it's better exactly for the reason you reported (inconsistent naming over time). I'm having a hard time believing that Kx=DH has any reason to change as often as the internal bitfields or cipher names given that the output is even documented in the man page. Thanks, Willy
