static int test_v3(void)
{
STACK_OF(SSL_CIPHER) *sk = NULL, *scsv = NULL;
/* ECDHE-ECDSA-AES256GCM, ECDHE-ECDSA-CHACHAPOLY, DHE-RSA-AES256GCM,
* EMPTY-RENEGOTIATION-INFO-SCSV, FALLBACK-SCSV */
const unsigned char bytes[] = {0x00, 0x2f, 0x00, 0x33, 0x00, 0x9f, 0x00, 0xff,
0x56, 0x00};
int ret = 0;
if (!SSL_bytes_to_cipher_list(s, bytes, sizeof(bytes), 0, &sk, &scsv)
|| !TEST_ptr(sk)
|| !TEST_int_eq(sk_SSL_CIPHER_num(sk), 3)
|| !TEST_ptr(scsv)
|| !TEST_int_eq(sk_SSL_CIPHER_num(scsv), 2)
|| !TEST_str_eq(SSL_CIPHER_get_name(sk_SSL_CIPHER_value(sk, 0)),
"AES128-SHA")
|| !TEST_str_eq(SSL_CIPHER_get_name(sk_SSL_CIPHER_value(sk, 1)),
"DHE-RSA-AES128-SHA")
|| !TEST_str_eq(SSL_CIPHER_get_name(sk_SSL_CIPHER_value(sk, 2)),
"DHE-RSA-AES256-GCM-SHA384")
|| !TEST_str_eq(SSL_CIPHER_get_name(sk_SSL_CIPHER_value(scsv, 0)),
"TLS_EMPTY_RENEGOTIATION_INFO_SCSV")
|| !TEST_str_eq(SSL_CIPHER_get_name(sk_SSL_CIPHER_value(scsv, 1)),
"TLS_FALLBACK_SCSV"))
goto err;
ret = 1;
err:
sk_SSL_CIPHER_free(sk);
sk_SSL_CIPHER_free(scsv);
return ret;
}
static int test_v2(void)
{
STACK_OF(SSL_CIPHER) *sk, *scsv;
/* ECDHE-ECDSA-AES256GCM, SSL2_RC4_1238_WITH_MD5,
* ECDHE-ECDSA-CHACHA20-POLY1305 */
const unsigned char bytes[] = {0x00, 0x00, 0x35, 0x01, 0x00, 0x80,
0x00, 0x00, 0x33};
int ret = 0;
if (!TEST_true(SSL_bytes_to_cipher_list(s, bytes, sizeof(bytes), 1,
&sk, &scsv))
|| !TEST_ptr(sk)
|| !TEST_int_eq(sk_SSL_CIPHER_num(sk), 2)
|| !TEST_ptr(scsv)
|| !TEST_int_eq(sk_SSL_CIPHER_num(scsv), 0))
goto err;
if (strcmp(SSL_CIPHER_get_name(sk_SSL_CIPHER_value(sk, 0)),
"AES256-SHA") != 0 ||
strcmp(SSL_CIPHER_get_name(sk_SSL_CIPHER_value(sk, 1)),
"DHE-RSA-AES128-SHA") != 0)
goto err;
ret = 1;
err:
sk_SSL_CIPHER_free(sk);
sk_SSL_CIPHER_free(scsv);
return ret;
}
static int test_default_cipherlist(SSL_CTX *ctx)
{
STACK_OF(SSL_CIPHER) *ciphers = NULL;
SSL *ssl = NULL;
int i, ret = 0, num_expected_ciphers, num_ciphers;
uint32_t expected_cipher_id, cipher_id;
if (ctx == NULL)
return 0;
if (!TEST_ptr(ssl = SSL_new(ctx))
|| !TEST_ptr(ciphers = SSL_get1_supported_ciphers(ssl)))
goto err;
num_expected_ciphers = OSSL_NELEM(default_ciphers_in_order);
num_ciphers = sk_SSL_CIPHER_num(ciphers);
if (!TEST_int_eq(num_ciphers, num_expected_ciphers))
goto err;
for (i = 0; i < num_ciphers; i++) {
expected_cipher_id = default_ciphers_in_order[i];
cipher_id = SSL_CIPHER_get_id(sk_SSL_CIPHER_value(ciphers, i));
if (!TEST_int_eq(cipher_id, expected_cipher_id)) {
TEST_info("Wrong cipher at position %d", i);
goto err;
}
}
ret = 1;
err:
sk_SSL_CIPHER_free(ciphers);
SSL_free(ssl);
return ret;
}
void
SSL_SESSION_free(SSL_SESSION *ss)
{
int i;
if (ss == NULL)
return;
i = CRYPTO_add(&ss->references, -1, CRYPTO_LOCK_SSL_SESSION);
if (i > 0)
return;
CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL_SESSION, ss, &ss->internal->ex_data);
explicit_bzero(ss->master_key, sizeof ss->master_key);
explicit_bzero(ss->session_id, sizeof ss->session_id);
ssl_sess_cert_free(ss->internal->sess_cert);
X509_free(ss->peer);
sk_SSL_CIPHER_free(ss->ciphers);
free(ss->tlsext_hostname);
free(ss->tlsext_tick);
free(ss->internal->tlsext_ecpointformatlist);
free(ss->internal->tlsext_supportedgroups);
freezero(ss->internal, sizeof(*ss->internal));
freezero(ss, sizeof(*ss));
}
static int test_empty(void)
{
STACK_OF(SSL_CIPHER) *sk = NULL, *scsv = NULL;
const unsigned char bytes[] = {0x00};
int ret = 0;
if (!TEST_int_eq(SSL_bytes_to_cipher_list(s, bytes, 0, 0, &sk, &scsv), 0)
|| !TEST_ptr_null(sk)
|| !TEST_ptr_null(scsv))
goto err;
ret = 1;
err:
sk_SSL_CIPHER_free(sk);
sk_SSL_CIPHER_free(scsv);
return ret;
}
static int test_unsupported(void)
{
STACK_OF(SSL_CIPHER) *sk, *scsv;
/* ECDH-RSA-AES256 (unsupported), ECDHE-ECDSA-AES128, <unassigned> */
const unsigned char bytes[] = {0xc0, 0x0f, 0x00, 0x2f, 0x01, 0x00};
int ret = 0;
if (!TEST_true(SSL_bytes_to_cipher_list(s, bytes, sizeof(bytes),
0, &sk, &scsv))
|| !TEST_ptr(sk)
|| !TEST_int_eq(sk_SSL_CIPHER_num(sk), 1)
|| !TEST_ptr(scsv)
|| !TEST_int_eq(sk_SSL_CIPHER_num(scsv), 0)
|| !TEST_str_eq(SSL_CIPHER_get_name(sk_SSL_CIPHER_value(sk, 0)),
"AES128-SHA"))
goto err;
ret = 1;
err:
sk_SSL_CIPHER_free(sk);
sk_SSL_CIPHER_free(scsv);
return ret;
}
/** Free all global TLS structures. */
void
tor_tls_free_all(void)
{
if (global_tls_context) {
tor_tls_context_decref(global_tls_context);
global_tls_context = NULL;
}
if (!HT_EMPTY(&tlsmap_root)) {
log_warn(LD_MM, "Still have entries in the tlsmap at shutdown.");
}
HT_CLEAR(tlsmap, &tlsmap_root);
#ifdef V2_HANDSHAKE_CLIENT
if (CLIENT_CIPHER_DUMMIES)
tor_free(CLIENT_CIPHER_DUMMIES);
if (CLIENT_CIPHER_STACK)
sk_SSL_CIPHER_free(CLIENT_CIPHER_STACK);
#endif
}
void SSL_SESSION_free(SSL_SESSION *ss)
{
int i;
if (ss == NULL)
return;
CRYPTO_DOWN_REF(&ss->references, &i, ss->lock);
REF_PRINT_COUNT("SSL_SESSION", ss);
if (i > 0)
return;
REF_ASSERT_ISNT(i < 0);
CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL_SESSION, ss, &ss->ex_data);
OPENSSL_cleanse(ss->master_key, sizeof ss->master_key);
OPENSSL_cleanse(ss->session_id, sizeof ss->session_id);
X509_free(ss->peer);
sk_X509_pop_free(ss->peer_chain, X509_free);
sk_SSL_CIPHER_free(ss->ciphers);
OPENSSL_free(ss->ext.hostname);
OPENSSL_free(ss->ext.tick);
#ifndef OPENSSL_NO_EC
OPENSSL_free(ss->ext.ecpointformats);
ss->ext.ecpointformats = NULL;
ss->ext.ecpointformats_len = 0;
OPENSSL_free(ss->ext.supportedgroups);
ss->ext.supportedgroups = NULL;
ss->ext.supportedgroups_len = 0;
#endif /* OPENSSL_NO_EC */
#ifndef OPENSSL_NO_PSK
OPENSSL_free(ss->psk_identity_hint);
OPENSSL_free(ss->psk_identity);
#endif
#ifndef OPENSSL_NO_SRP
OPENSSL_free(ss->srp_username);
#endif
OPENSSL_free(ss->ext.alpn_selected);
OPENSSL_free(ss->ext.tick_nonce);
CRYPTO_THREAD_lock_free(ss->lock);
OPENSSL_clear_free(ss, sizeof(*ss));
}
static int test_default_cipherlist(SSL_CTX *ctx)
{
STACK_OF(SSL_CIPHER) *ciphers;
SSL *ssl;
int i, ret = 0, num_expected_ciphers, num_ciphers;
uint32_t expected_cipher_id, cipher_id;
ssl = SSL_new(ctx);
OPENSSL_assert(ssl != NULL);
ciphers = SSL_get1_supported_ciphers(ssl);
OPENSSL_assert(ciphers != NULL);
num_expected_ciphers = OSSL_NELEM(default_ciphers_in_order);
num_ciphers = sk_SSL_CIPHER_num(ciphers);
if (num_ciphers != num_expected_ciphers) {
fprintf(stderr, "Expected %d supported ciphers, got %d.\n",
num_expected_ciphers, num_ciphers);
goto err;
}
for (i = 0; i < num_ciphers; i++) {
expected_cipher_id = default_ciphers_in_order[i];
cipher_id = SSL_CIPHER_get_id(sk_SSL_CIPHER_value(ciphers, i));
if (cipher_id != expected_cipher_id) {
fprintf(stderr, "Wrong cipher at position %d: expected %x, "
"got %x\n", i, expected_cipher_id, cipher_id);
goto err;
}
}
ret = 1;
err:
sk_SSL_CIPHER_free(ciphers);
SSL_free(ssl);
return ret;
}
const SSL_CIPHER *ssl3_choose_cipher(
SSL *ssl, const struct ssl_early_callback_ctx *client_hello,
const struct ssl_cipher_preference_list_st *server_pref) {
const SSL_CIPHER *c, *ret = NULL;
STACK_OF(SSL_CIPHER) *srvr = server_pref->ciphers, *prio, *allow;
int ok;
size_t cipher_index;
uint32_t alg_k, alg_a, mask_k, mask_a;
/* in_group_flags will either be NULL, or will point to an array of bytes
* which indicate equal-preference groups in the |prio| stack. See the
* comment about |in_group_flags| in the |ssl_cipher_preference_list_st|
* struct. */
const uint8_t *in_group_flags;
/* group_min contains the minimal index so far found in a group, or -1 if no
* such value exists yet. */
int group_min = -1;
STACK_OF(SSL_CIPHER) *clnt = ssl_parse_client_cipher_list(client_hello);
if (clnt == NULL) {
return NULL;
}
if (ssl->options & SSL_OP_CIPHER_SERVER_PREFERENCE) {
prio = srvr;
in_group_flags = server_pref->in_group_flags;
allow = clnt;
} else {
prio = clnt;
in_group_flags = NULL;
allow = srvr;
}
ssl_get_compatible_server_ciphers(ssl, &mask_k, &mask_a);
for (size_t i = 0; i < sk_SSL_CIPHER_num(prio); i++) {
c = sk_SSL_CIPHER_value(prio, i);
ok = 1;
/* Check the TLS version. */
if (SSL_CIPHER_get_min_version(c) > ssl3_protocol_version(ssl) ||
SSL_CIPHER_get_max_version(c) < ssl3_protocol_version(ssl)) {
ok = 0;
}
alg_k = c->algorithm_mkey;
alg_a = c->algorithm_auth;
ok = ok && (alg_k & mask_k) && (alg_a & mask_a);
if (ok && sk_SSL_CIPHER_find(allow, &cipher_index, c)) {
if (in_group_flags != NULL && in_group_flags[i] == 1) {
/* This element of |prio| is in a group. Update the minimum index found
* so far and continue looking. */
if (group_min == -1 || (size_t)group_min > cipher_index) {
group_min = cipher_index;
}
} else {
if (group_min != -1 && (size_t)group_min < cipher_index) {
cipher_index = group_min;
}
ret = sk_SSL_CIPHER_value(allow, cipher_index);
break;
}
}
if (in_group_flags != NULL && in_group_flags[i] == 0 && group_min != -1) {
/* We are about to leave a group, but we found a match in it, so that's
* our answer. */
ret = sk_SSL_CIPHER_value(allow, group_min);
break;
}
}
sk_SSL_CIPHER_free(clnt);
return ret;
}
int ciphers_main(int argc, char **argv)
{
SSL_CTX *ctx = NULL;
SSL *ssl = NULL;
STACK_OF(SSL_CIPHER) *sk = NULL;
const SSL_METHOD *meth = TLS_server_method();
int ret = 1, i, verbose = 0, Verbose = 0, use_supported = 0;
#ifndef OPENSSL_NO_SSL_TRACE
int stdname = 0;
#endif
#ifndef OPENSSL_NO_PSK
int psk = 0;
#endif
#ifndef OPENSSL_NO_SRP
int srp = 0;
#endif
const char *p;
char *ciphers = NULL, *prog;
char buf[512];
OPTION_CHOICE o;
int min_version = 0, max_version = 0;
prog = opt_init(argc, argv, ciphers_options);
while ((o = opt_next()) != OPT_EOF) {
switch (o) {
case OPT_EOF:
case OPT_ERR:
opthelp:
BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
goto end;
case OPT_HELP:
opt_help(ciphers_options);
ret = 0;
goto end;
case OPT_V:
verbose = 1;
break;
case OPT_UPPER_V:
verbose = Verbose = 1;
break;
case OPT_S:
use_supported = 1;
break;
case OPT_STDNAME:
#ifndef OPENSSL_NO_SSL_TRACE
stdname = verbose = 1;
#endif
break;
case OPT_SSL3:
min_version = SSL3_VERSION;
max_version = SSL3_VERSION;
break;
case OPT_TLS1:
min_version = TLS1_VERSION;
max_version = TLS1_VERSION;
break;
case OPT_TLS1_1:
min_version = TLS1_1_VERSION;
max_version = TLS1_1_VERSION;
break;
case OPT_TLS1_2:
min_version = TLS1_2_VERSION;
max_version = TLS1_2_VERSION;
break;
case OPT_TLS1_3:
min_version = TLS1_3_VERSION;
max_version = TLS1_3_VERSION;
break;
case OPT_PSK:
#ifndef OPENSSL_NO_PSK
psk = 1;
#endif
break;
case OPT_SRP:
#ifndef OPENSSL_NO_SRP
srp = 1;
#endif
break;
}
}
argv = opt_rest();
argc = opt_num_rest();
if (argc == 1)
ciphers = *argv;
else if (argc != 0)
goto opthelp;
ctx = SSL_CTX_new(meth);
if (ctx == NULL)
goto err;
if (SSL_CTX_set_min_proto_version(ctx, min_version) == 0)
goto err;
if (SSL_CTX_set_max_proto_version(ctx, max_version) == 0)
goto err;
#ifndef OPENSSL_NO_PSK
if (psk)
SSL_CTX_set_psk_client_callback(ctx, dummy_psk);
#endif
#ifndef OPENSSL_NO_SRP
if (srp)
SSL_CTX_set_srp_client_pwd_callback(ctx, dummy_srp);
#endif
if (ciphers != NULL) {
if (!SSL_CTX_set_cipher_list(ctx, ciphers)) {
BIO_printf(bio_err, "Error in cipher list\n");
goto err;
}
}
ssl = SSL_new(ctx);
if (ssl == NULL)
goto err;
if (use_supported)
sk = SSL_get1_supported_ciphers(ssl);
else
sk = SSL_get_ciphers(ssl);
if (!verbose) {
for (i = 0; i < sk_SSL_CIPHER_num(sk); i++) {
const SSL_CIPHER *c = sk_SSL_CIPHER_value(sk, i);
p = SSL_CIPHER_get_name(c);
if (p == NULL)
break;
if (i != 0)
BIO_printf(bio_out, ":");
BIO_printf(bio_out, "%s", p);
}
BIO_printf(bio_out, "\n");
} else {
for (i = 0; i < sk_SSL_CIPHER_num(sk); i++) {
const SSL_CIPHER *c;
c = sk_SSL_CIPHER_value(sk, i);
if (Verbose) {
unsigned long id = SSL_CIPHER_get_id(c);
int id0 = (int)(id >> 24);
int id1 = (int)((id >> 16) & 0xffL);
int id2 = (int)((id >> 8) & 0xffL);
int id3 = (int)(id & 0xffL);
if ((id & 0xff000000L) == 0x03000000L)
BIO_printf(bio_out, " 0x%02X,0x%02X - ", id2, id3); /* SSL3
* cipher */
else
BIO_printf(bio_out, "0x%02X,0x%02X,0x%02X,0x%02X - ", id0, id1, id2, id3); /* whatever */
}
#ifndef OPENSSL_NO_SSL_TRACE
if (stdname) {
const char *nm = SSL_CIPHER_standard_name(c);
if (nm == NULL)
nm = "UNKNOWN";
BIO_printf(bio_out, "%s - ", nm);
}
#endif
BIO_puts(bio_out, SSL_CIPHER_description(c, buf, sizeof buf));
}
}
ret = 0;
goto end;
err:
ERR_print_errors(bio_err);
end:
if (use_supported)
sk_SSL_CIPHER_free(sk);
SSL_CTX_free(ctx);
SSL_free(ssl);
return (ret);
}
MONO_API int
mono_btls_ssl_ctx_set_ciphers (MonoBtlsSslCtx *ctx, int count, const uint16_t *data,
int allow_unsupported)
{
STACK_OF(SSL_CIPHER) *ciphers = NULL;
struct ssl_cipher_preference_list_st *pref_list = NULL;
uint8_t *in_group_flags = NULL;
int i;
ciphers = sk_SSL_CIPHER_new_null ();
if (!ciphers)
goto err;
for (i = 0; i < count; i++) {
const SSL_CIPHER *cipher = SSL_get_cipher_by_value (data [i]);
if (!cipher) {
debug_printf (ctx, "mono_btls_ssl_ctx_set_ciphers(): unknown cipher %02x", data [i]);
if (!allow_unsupported)
goto err;
continue;
}
if (!sk_SSL_CIPHER_push (ciphers, cipher))
goto err;
}
pref_list = OPENSSL_malloc (sizeof (struct ssl_cipher_preference_list_st));
if (!pref_list)
goto err;
memset (pref_list, 0, sizeof (struct ssl_cipher_preference_list_st));
pref_list->ciphers = sk_SSL_CIPHER_dup (ciphers);
if (!pref_list->ciphers)
goto err;
pref_list->in_group_flags = OPENSSL_malloc (sk_SSL_CIPHER_num (ciphers));
if (!pref_list->in_group_flags)
goto err;
if (ctx->ctx->cipher_list)
ssl_cipher_preference_list_free (ctx->ctx->cipher_list);
if (ctx->ctx->cipher_list_by_id)
sk_SSL_CIPHER_free (ctx->ctx->cipher_list_by_id);
if (ctx->ctx->cipher_list_tls10) {
ssl_cipher_preference_list_free (ctx->ctx->cipher_list_tls10);
ctx->ctx->cipher_list_tls10 = NULL;
}
if (ctx->ctx->cipher_list_tls11) {
ssl_cipher_preference_list_free (ctx->ctx->cipher_list_tls11);
ctx->ctx->cipher_list_tls11 = NULL;
}
ctx->ctx->cipher_list = pref_list;
ctx->ctx->cipher_list_by_id = ciphers;
return (int)sk_SSL_CIPHER_num (ciphers);
err:
sk_SSL_CIPHER_free (ciphers);
OPENSSL_free (pref_list);
OPENSSL_free (in_group_flags);
return 0;
}
int MAIN(int argc, char **argv)
{
int ret=1,i;
int verbose=0,Verbose=0;
int use_supported = 0;
#ifndef OPENSSL_NO_SSL_TRACE
int stdname = 0;
#endif
const char **pp;
const char *p;
int badops=0;
SSL_CTX *ctx=NULL;
SSL *ssl=NULL;
char *ciphers=NULL;
const SSL_METHOD *meth=NULL;
STACK_OF(SSL_CIPHER) *sk=NULL;
char buf[512];
BIO *STDout=NULL;
#if !defined(OPENSSL_NO_SSL2) && !defined(OPENSSL_NO_SSL3)
meth=SSLv23_server_method();
#elif !defined(OPENSSL_NO_SSL3)
meth=SSLv3_server_method();
#elif !defined(OPENSSL_NO_SSL2)
meth=SSLv2_server_method();
#endif
apps_startup();
if (bio_err == NULL)
bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);
STDout=BIO_new_fp(stdout,BIO_NOCLOSE);
#ifdef OPENSSL_SYS_VMS
{
BIO *tmpbio = BIO_new(BIO_f_linebuffer());
STDout = BIO_push(tmpbio, STDout);
}
#endif
if (!load_config(bio_err, NULL))
goto end;
argc--;
argv++;
while (argc >= 1)
{
if (strcmp(*argv,"-v") == 0)
verbose=1;
else if (strcmp(*argv,"-V") == 0)
verbose=Verbose=1;
else if (strcmp(*argv,"-s") == 0)
use_supported = 1;
#ifndef OPENSSL_NO_SSL_TRACE
else if (strcmp(*argv,"-stdname") == 0)
stdname=verbose=1;
#endif
#ifndef OPENSSL_NO_SSL2
else if (strcmp(*argv,"-ssl2") == 0)
meth=SSLv2_client_method();
#endif
#ifndef OPENSSL_NO_SSL3
else if (strcmp(*argv,"-ssl3") == 0)
meth=SSLv3_client_method();
#endif
#ifndef OPENSSL_NO_TLS1
else if (strcmp(*argv,"-tls1") == 0)
meth=TLSv1_client_method();
#endif
else if ((strncmp(*argv,"-h",2) == 0) ||
(strcmp(*argv,"-?") == 0))
{
badops=1;
break;
}
else
{
ciphers= *argv;
}
argc--;
argv++;
}
if (badops)
{
for (pp=ciphers_usage; (*pp != NULL); pp++)
BIO_printf(bio_err,"%s",*pp);
goto end;
}
OpenSSL_add_ssl_algorithms();
ctx=SSL_CTX_new(meth);
if (ctx == NULL) goto err;
if (ciphers != NULL) {
if(!SSL_CTX_set_cipher_list(ctx,ciphers)) {
BIO_printf(bio_err, "Error in cipher list\n");
goto err;
}
}
ssl=SSL_new(ctx);
if (ssl == NULL) goto err;
if (use_supported)
sk=SSL_get1_supported_ciphers(ssl);
else
sk=SSL_get_ciphers(ssl);
if (!verbose)
{
for (i=0; i<sk_SSL_CIPHER_num(sk); i++)
{
SSL_CIPHER *c = sk_SSL_CIPHER_value(sk,i);
p = SSL_CIPHER_get_name(c);
if (p == NULL) break;
if (i != 0) BIO_printf(STDout,":");
BIO_printf(STDout,"%s",p);
}
BIO_printf(STDout,"\n");
}
else /* verbose */
{
for (i=0; i<sk_SSL_CIPHER_num(sk); i++)
{
SSL_CIPHER *c;
c = sk_SSL_CIPHER_value(sk,i);
if (Verbose)
{
unsigned long id = SSL_CIPHER_get_id(c);
int id0 = (int)(id >> 24);
int id1 = (int)((id >> 16) & 0xffL);
int id2 = (int)((id >> 8) & 0xffL);
int id3 = (int)(id & 0xffL);
if ((id & 0xff000000L) == 0x02000000L)
BIO_printf(STDout, " 0x%02X,0x%02X,0x%02X - ", id1, id2, id3); /* SSL2 cipher */
else if ((id & 0xff000000L) == 0x03000000L)
BIO_printf(STDout, " 0x%02X,0x%02X - ", id2, id3); /* SSL3 cipher */
else
BIO_printf(STDout, "0x%02X,0x%02X,0x%02X,0x%02X - ", id0, id1, id2, id3); /* whatever */
}
#ifndef OPENSSL_NO_SSL_TRACE
if (stdname)
{
const char *nm = SSL_CIPHER_standard_name(c);
if (nm == NULL)
nm = "UNKNOWN";
BIO_printf(STDout, "%s - ", nm);
}
#endif
BIO_puts(STDout,SSL_CIPHER_description(c,buf,sizeof buf));
}
}
ret=0;
if (0)
{
err:
SSL_load_error_strings();
ERR_print_errors(bio_err);
}
end:
if (use_supported && sk)
sk_SSL_CIPHER_free(sk);
if (ctx != NULL) SSL_CTX_free(ctx);
if (ssl != NULL) SSL_free(ssl);
if (STDout != NULL) BIO_free_all(STDout);
apps_shutdown();
OPENSSL_EXIT(ret);
}
