* Perform ALPN after the SNI callback; the SSL_CTX may change due to
that processing
* Add flags to indicate that we actually sent ALPN, to properly error
out if unexpectedly received.
* clean up ssl3_free() no need to explicitly clear when doing memset
* document ALPN functions
Signed-off-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
[Todd Short]
*) Add SSL_CIPHER queries for authentication and key-exchange.
[Todd Short]
*) Add SSL_CIPHER queries for authentication and key-exchange.
+
+ *) Modify behavior of ALPN to invoke callback after SNI/servername
+ callback, such that updates to the SSL_CTX affect ALPN.
[Todd Short]
*) Changes to the DEFAULT cipherlist:
[Todd Short]
*) Changes to the DEFAULT cipherlist:
const SSL_CIPHER *ssl_get_cipher_by_char(SSL *ssl, const unsigned char *ptr)
{
const SSL_CIPHER *ssl_get_cipher_by_char(SSL *ssl, const unsigned char *ptr)
{
- const SSL_CIPHER *c;
- c = ssl->method->get_cipher_by_char(ptr);
+ const SSL_CIPHER *c = ssl->method->get_cipher_by_char(ptr);
+
if (c == NULL || c->valid == 0)
return NULL;
return c;
if (c == NULL || c->valid == 0)
return NULL;
return c;
int SSL_CIPHER_get_digest_nid(const SSL_CIPHER *c)
{
int SSL_CIPHER_get_digest_nid(const SSL_CIPHER *c)
{
- int i;
- if (c == NULL)
- return NID_undef;
- i = ssl_cipher_info_lookup(ssl_cipher_table_mac, c->algorithm_mac);
+ int i = ssl_cipher_info_lookup(ssl_cipher_table_mac, c->algorithm_mac);
+
if (i == -1)
return NID_undef;
return ssl_cipher_table_mac[i].nid;
if (i == -1)
return NID_undef;
return ssl_cipher_table_mac[i].nid;
int SSL_CIPHER_get_kx_nid(const SSL_CIPHER *c)
{
int i = ssl_cipher_info_lookup(ssl_cipher_table_kx, c->algorithm_mkey);
int SSL_CIPHER_get_kx_nid(const SSL_CIPHER *c)
{
int i = ssl_cipher_info_lookup(ssl_cipher_table_kx, c->algorithm_mkey);
if (i == -1)
return NID_undef;
return ssl_cipher_table_kx[i].nid;
if (i == -1)
return NID_undef;
return ssl_cipher_table_kx[i].nid;
int SSL_CIPHER_get_auth_nid(const SSL_CIPHER *c)
{
int SSL_CIPHER_get_auth_nid(const SSL_CIPHER *c)
{
- int i = ssl_cipher_info_lookup(ssl_cipher_table_kx, c->algorithm_auth);
+ int i = ssl_cipher_info_lookup(ssl_cipher_table_auth, c->algorithm_auth);
+
if (i == -1)
return NID_undef;
return ssl_cipher_table_kx[i].nid;
if (i == -1)
return NID_undef;
return ssl_cipher_table_kx[i].nid;