apr-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Graham Leggett <minf...@sharp.fm>
Subject Re: svn commit: r597209 - in /apr/apr-util/trunk: CHANGES build/ssl.m4 include/apr_buckets.h include/apr_ssl.h include/private/apr_ssl_openssl_private.h ssl/apr_ssl_openssl.c ssl/apr_ssl_winsock.c
Date Fri, 23 Nov 2007 00:19:05 GMT
Tollef Fog Heen wrote:

> | I could not find an OpenSSL function that would provide a canonical list
> | of supported ciphers (that is not to say such a funtion definitely does
> | not exist).
> 
> «ltrace openssl ciphers» seem to show it calling SSL_get_cipher_list
> multiple times, so maybe that's a useful starting point?

Will have to look, I suspect this may be a different cipher list to that 
required by EVP, the SSL cipher list is significantly more involved. As 
Joe points out, using the SSL* library to initialise the EVP library is 
lame, but there are constraints that OpenSSL limits you to. For example, 
you can set the certificates you want to use using 
SSL_CTX_use_certificate (IIRC), but there is no corresponding getter 
function to retrieve the certificate again. The only way around it that 
I have yet found is to create an SSL* context, and use the getters from 
that to retrieve the cert. This is not ideal, but it does behave the 
same way as apr_ssl_* and friends, which follows the principle of least 
astonishment.

Regards,
Graham
--


Mime
View raw message