Ben wrote:
>
> Jeffrey Altman wrote:
> >
> > For the Kerberos 5 ciphers, I want to filter the allowed ciphers based
> > upon whether or not there is a keytab file on the server side; or
> > client credentials on the client side. Could some one point out to me
> > the appropriate place in the SSL code to insert these filters?
>
> The first one sounds like you can do it in advance (i.e. before the
> connection is established), in which case, you need
> SSL_CTX_set_cipher_list(). The second you just check after the
> connection is established, using SSL_get_cipher().
>
> Or were you wanting to do something more sophisticated?
>
I was thinking of something more sophisticated but this might be good
enough. I assume you meant SSL_get_ciphers() and not
SSL_get_cipher()?
Perhaps a better place to put it in the client would be in
ssl_cipher_list_to_bytes() and for the server
ssl_bytes_to_cipher_list() as they appear to translator/filter
functions that are used in the appropriate places.
Does that seem reasonable?
- Jeff
Jeffrey Altman * Sr.Software Designer
The Kermit Project * Columbia University
612 West 115th St * New York, NY * 10025 * USA
http://www.kermit-project.org/ * [EMAIL PROTECTED]
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
