Mercurial > hg > nginx-quic
comparison src/event/ngx_event_openssl.c @ 6816:ea93c7d8752a
SSL: $ssl_ciphers (ticket #870).
The variable contains list of ciphers as supported by the client.
Known ciphers are listed by their names, unknown ones are shown
in hex, e.g., ""AES128-SHA:AES256-SHA:0x00ff".
The variable is fully supported only when using OpenSSL 1.0.2 and above.
With older version there is an attempt to provide some information
using SSL_get_shared_ciphers(). It only lists known ciphers though.
Moreover, as OpenSSL uses session data for SSL_get_shared_ciphers(),
and it doesn't store relevant data when serializing a session. As
a result $ssl_ciphers is only available for new sessions (and not
available for reused ones) when using OpenSSL older than 1.0.2.
author | Maxim Dounin <mdounin@mdounin.ru> |
---|---|
date | Mon, 05 Dec 2016 22:23:23 +0300 |
parents | 2d15fff64e3c |
children | e75e854657ba |
comparison
equal
deleted
inserted
replaced
6815:2d15fff64e3c | 6816:ea93c7d8752a |
---|---|
3292 return NGX_OK; | 3292 return NGX_OK; |
3293 } | 3293 } |
3294 | 3294 |
3295 | 3295 |
3296 ngx_int_t | 3296 ngx_int_t |
3297 ngx_ssl_get_ciphers(ngx_connection_t *c, ngx_pool_t *pool, ngx_str_t *s) | |
3298 { | |
3299 #ifdef SSL_CTRL_GET_RAW_CIPHERLIST | |
3300 | |
3301 int n, i, bytes; | |
3302 size_t len; | |
3303 u_char *ciphers, *p; | |
3304 const SSL_CIPHER *cipher; | |
3305 | |
3306 bytes = SSL_get0_raw_cipherlist(c->ssl->connection, NULL); | |
3307 n = SSL_get0_raw_cipherlist(c->ssl->connection, &ciphers); | |
3308 | |
3309 if (n <= 0) { | |
3310 s->len = 0; | |
3311 return NGX_OK; | |
3312 } | |
3313 | |
3314 len = 0; | |
3315 n /= bytes; | |
3316 | |
3317 for (i = 0; i < n; i++) { | |
3318 cipher = SSL_CIPHER_find(c->ssl->connection, ciphers + i * bytes); | |
3319 | |
3320 if (cipher) { | |
3321 len += ngx_strlen(SSL_CIPHER_get_name(cipher)); | |
3322 | |
3323 } else { | |
3324 len += sizeof("0x") - 1 + bytes * (sizeof("00") - 1); | |
3325 } | |
3326 | |
3327 len += sizeof(":") - 1; | |
3328 } | |
3329 | |
3330 s->data = ngx_pnalloc(pool, len); | |
3331 if (s->data == NULL) { | |
3332 return NGX_ERROR; | |
3333 } | |
3334 | |
3335 p = s->data; | |
3336 | |
3337 for (i = 0; i < n; i++) { | |
3338 cipher = SSL_CIPHER_find(c->ssl->connection, ciphers + i * bytes); | |
3339 | |
3340 if (cipher) { | |
3341 p = ngx_sprintf(p, "%s", SSL_CIPHER_get_name(cipher)); | |
3342 | |
3343 } else { | |
3344 p = ngx_sprintf(p, "0x"); | |
3345 p = ngx_hex_dump(p, ciphers + i * bytes, bytes); | |
3346 } | |
3347 | |
3348 *p++ = ':'; | |
3349 } | |
3350 | |
3351 p--; | |
3352 | |
3353 s->len = p - s->data; | |
3354 | |
3355 #else | |
3356 | |
3357 u_char buf[4096]; | |
3358 | |
3359 if (SSL_get_shared_ciphers(c->ssl->connection, (char *) buf, 4096) | |
3360 == NULL) | |
3361 { | |
3362 s->len = 0; | |
3363 return NGX_OK; | |
3364 } | |
3365 | |
3366 s->len = ngx_strlen(buf); | |
3367 s->data = ngx_pnalloc(pool, s->len); | |
3368 if (s->data == NULL) { | |
3369 return NGX_ERROR; | |
3370 } | |
3371 | |
3372 ngx_memcpy(s->data, buf, s->len); | |
3373 | |
3374 #endif | |
3375 | |
3376 return NGX_OK; | |
3377 } | |
3378 | |
3379 | |
3380 ngx_int_t | |
3297 ngx_ssl_get_session_id(ngx_connection_t *c, ngx_pool_t *pool, ngx_str_t *s) | 3381 ngx_ssl_get_session_id(ngx_connection_t *c, ngx_pool_t *pool, ngx_str_t *s) |
3298 { | 3382 { |
3299 u_char *buf; | 3383 u_char *buf; |
3300 SSL_SESSION *sess; | 3384 SSL_SESSION *sess; |
3301 unsigned int len; | 3385 unsigned int len; |