From: Frank Lichtenheld <fr...@lichtenheld.com> Just some misc cleanups found while looking at the code.
Change-Id: Ifa06a3cb843dbf6a9639164d12aabe572aab162c Signed-off-by: Frank Lichtenheld <fr...@lichtenheld.com> Acked-by: Gert Doering <g...@greenie.muc.de> --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to master. Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/860 This mail reflects revision 1 of this Change. Acked-by according to Gerrit (reflected above): Gert Doering <g...@greenie.muc.de> diff --git a/src/openvpn/ssl_backend.h b/src/openvpn/ssl_backend.h index a6a9695..e25727f 100644 --- a/src/openvpn/ssl_backend.h +++ b/src/openvpn/ssl_backend.h @@ -529,12 +529,12 @@ * ***************************************/ -/* +/** * Print a one line summary of SSL/TLS session handshake. */ void print_details(struct key_state_ssl *ks_ssl, const char *prefix); -/* +/** * Show the TLS ciphers that are available for us to use in the * library depending on the TLS version. This function prints * a list of ciphers without headers/footers. @@ -549,17 +549,11 @@ const char *tls_cert_profile, bool tls13); -/* +/** * Show the available elliptic curves in the crypto library */ void show_available_curves(void); -/* - * The OpenSSL library has a notion of preference in TLS ciphers. Higher - * preference == more secure. Return the highest preference cipher. - */ -void get_highest_preference_tls_cipher(char *buf, int size); - /** * return a pointer to a static memory area containing the * name and version number of the SSL library in use diff --git a/src/openvpn/ssl_mbedtls.c b/src/openvpn/ssl_mbedtls.c index 56eef36..92b52fe 100644 --- a/src/openvpn/ssl_mbedtls.c +++ b/src/openvpn/ssl_mbedtls.c @@ -1585,20 +1585,6 @@ } } -void -get_highest_preference_tls_cipher(char *buf, int size) -{ - const char *cipher_name; - const int *ciphers = mbedtls_ssl_list_ciphersuites(); - if (*ciphers == 0) - { - msg(M_FATAL, "Cannot retrieve list of supported SSL ciphers."); - } - - cipher_name = mbedtls_ssl_get_ciphersuite_name(*ciphers); - strncpynt(buf, cipher_name, size); -} - const char * get_ssl_library_version(void) { diff --git a/src/openvpn/ssl_openssl.c b/src/openvpn/ssl_openssl.c index 98eba9d..89d0328 100644 --- a/src/openvpn/ssl_openssl.c +++ b/src/openvpn/ssl_openssl.c @@ -354,7 +354,7 @@ return true; } -void +static void convert_tls_list_to_openssl(char *openssl_ciphers, size_t len, const char *ciphers) { /* Parse supplied cipher list and pass on to OpenSSL */ @@ -461,7 +461,7 @@ } } -void +static void convert_tls13_list_to_openssl(char *openssl_ciphers, size_t len, const char *ciphers) { @@ -2638,31 +2638,6 @@ #endif /* ifndef OPENSSL_NO_EC */ } -void -get_highest_preference_tls_cipher(char *buf, int size) -{ - SSL_CTX *ctx; - SSL *ssl; - const char *cipher_name; - - ctx = SSL_CTX_new(SSLv23_method()); - if (!ctx) - { - crypto_msg(M_FATAL, "Cannot create SSL_CTX object"); - } - ssl = SSL_new(ctx); - if (!ssl) - { - crypto_msg(M_FATAL, "Cannot create SSL object"); - } - - cipher_name = SSL_get_cipher_list(ssl, 0); - strncpynt(buf, cipher_name, size); - - SSL_free(ssl); - SSL_CTX_free(ctx); -} - const char * get_ssl_library_version(void) { _______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
