Excerpts from Tom Lane's message of mié jun 20 11:49:51 -0400 2012:
>
> Alvaro Herrera <[email protected]> writes:
> > I looked at the code (apps/ciphers.c) and it looks pretty easy to obtain
> > the list of ciphers starting from the stringified configuration
> > parameter and iterate on them.
>
> Do you mean that it will produce an expansion of the set of ciphers
> meeting criteria like "!aNULL"?
Attached is a simple program that does that. You pass 'ALL:!aNULL' as
its first arg and it produces such a list.
> If so, I think we are set; we can
> easily check to see if the active cipher is in that list, no?
Great.
--
Álvaro Herrera <[email protected]>
The PostgreSQL Company - Command Prompt, Inc.
PostgreSQL Replication, Consulting, Custom Development, 24x7 support
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <openssl/err.h>
#include <openssl/ssl.h>
int main(int argc, char *argv[])
{
const SSL_METHOD *method = TLSv1_client_method();
SSL_CTX *ctx;
SSL *ssl = NULL;
char *ciphers;
int i;
if (argc < 2)
{
fprintf(stderr, "ciphers not specified\n");
exit(1);
}
ciphers = argv[1];
SSL_library_init();
ctx = SSL_CTX_new(method);
if (!ctx)
{
fprintf(stderr, "something went wrong\n");
exit(1);
}
if (!SSL_CTX_set_cipher_list(ctx, ciphers))
{
fprintf(stderr, "unable to set cipher list\n");
exit(1);
}
ssl = SSL_new(ctx);
if (!ssl)
{
fprintf(stderr, "unable to create the SSL object\n");
exit(1);
}
for (i = 0;; i++)
{
const char *cipher;
cipher = SSL_get_cipher_list(ssl, i);
if (cipher == NULL)
{
fprintf(stderr, "end of cipher list?\n");
break;
}
printf("cipher: %s\n", cipher);
}
SSL_CTX_free(ctx);
SSL_free(ssl);
return 0;
}
--
Sent via pgsql-hackers mailing list ([email protected])
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers
