> //Ciphers list. It is stored after the Session ID.
> const unsigned char *ciphers = hello + 44 + sessIDLen;
> int ciphersLen = (ciphers[0] << 8) | ciphers[1];
> ciphers += 2;
> if (ciphersLen) {
> const SSL_METHOD *method = SSLv3_method();
> int cs = method->put_cipher_by_char(NULL, NULL);
> assert(cs > 0);
> for (int i = 0; i < ciphersLen; i += cs) {
> const SSL_CIPHER *c = method->get_cipher_by_char((ciphers +
> i));
> if (c != NULL) {
> if (!clientRequestedCiphers.empty())
> clientRequestedCiphers.append(":");
> clientRequestedCiphers.append(c->name);
> } else
> unknownCiphers = true;
> }
> }
> debugs(83, 7, "Ciphers requested by client: " <<
> clientRequestedCiphers);
>
> Does anyone have advice on porting this for use wth libressl? Or would
> I be better off spending the time working out how to build it with OpenSSL
> instead? (It's from ssl proxy code which forwards a client connection to
> a server and looks at the serverhello to decide whether to intercept or
> splice the connection).
Uses of get_cipher_by_char() could be replaced by
ssl3_get_cipher_by_id(), after extracting a cipher id from the char *.
Except that ssl3_get_cipher_by_id() is not currently a public interface.
However, if all this code cares about is to print the ciphers name, I
believe this could be achieved by invoking ssl_bytes_to_cipher_list()
first to build a STACK_OF(SSL_CIPHER) * for the cipher list buffer, and
then, if the STACK is not empty, get sk_SSL_CIPHER_value(stack, i) with
i going from 0 to sk_SSL_CIPHER_num(stack) - 1, and printing the ->name
field of that SSL_CIPHER object. And then free that stack.
This is less efficient than the existing code because it will allocate
memory. But the existing code will only work for ciphers supported by
SSLv3_method(), and is likely to break silently in the future.
Miod
