@@ -529,12 +529,12 @@
*
***************************************/
-/*
+/**
* Print a one line summary of SSL/TLS session handshake.
*/
void print_details(struct key_state_ssl *ks_ssl, const char *prefix);
-/*
+/**
* Show the TLS ciphers that are available for us to use in the
* library depending on the TLS version. This function prints
* a list of ciphers without headers/footers.
@@ -549,17 +549,11 @@
const char *tls_cert_profile,
bool tls13);
-/*
+/**
* Show the available elliptic curves in the crypto library
*/
void show_available_curves(void);
-/*
- * The OpenSSL library has a notion of preference in TLS ciphers. Higher
- * preference == more secure. Return the highest preference cipher.
- */
-void get_highest_preference_tls_cipher(char *buf, int size);
-
/**
* return a pointer to a static memory area containing the
* name and version number of the SSL library in use
@@ -1585,20 +1585,6 @@
}
}
-void
-get_highest_preference_tls_cipher(char *buf, int size)
-{
- const char *cipher_name;
- const int *ciphers = mbedtls_ssl_list_ciphersuites();
- if (*ciphers == 0)
- {
- msg(M_FATAL, "Cannot retrieve list of supported SSL ciphers.");
- }
-
- cipher_name = mbedtls_ssl_get_ciphersuite_name(*ciphers);
- strncpynt(buf, cipher_name, size);
-}
-
const char *
get_ssl_library_version(void)
{
@@ -354,7 +354,7 @@
return true;
}
-void
+static void
convert_tls_list_to_openssl(char *openssl_ciphers, size_t len, const char *ciphers)
{
/* Parse supplied cipher list and pass on to OpenSSL */
@@ -461,7 +461,7 @@
}
}
-void
+static void
convert_tls13_list_to_openssl(char *openssl_ciphers, size_t len,
const char *ciphers)
{
@@ -2638,31 +2638,6 @@
#endif /* ifndef OPENSSL_NO_EC */
}
-void
-get_highest_preference_tls_cipher(char *buf, int size)
-{
- SSL_CTX *ctx;
- SSL *ssl;
- const char *cipher_name;
-
- ctx = SSL_CTX_new(SSLv23_method());
- if (!ctx)
- {
- crypto_msg(M_FATAL, "Cannot create SSL_CTX object");
- }
- ssl = SSL_new(ctx);
- if (!ssl)
- {
- crypto_msg(M_FATAL, "Cannot create SSL object");
- }
-
- cipher_name = SSL_get_cipher_list(ssl, 0);
- strncpynt(buf, cipher_name, size);
-
- SSL_free(ssl);
- SSL_CTX_free(ctx);
-}
-
const char *
get_ssl_library_version(void)
{
Attention is currently required from: plaisthos. Hello plaisthos, I'd like you to do a code review. Please visit http://gerrit.openvpn.net/c/openvpn/+/860?usp=email to review the following change. Change subject: ssl_openssl: Clean up unused functions and add missing "static" ...................................................................... ssl_openssl: Clean up unused functions and add missing "static" Just some misc cleanups found while looking at the code. Change-Id: Ifa06a3cb843dbf6a9639164d12aabe572aab162c Signed-off-by: Frank Lichtenheld <frank@lichtenheld.com> --- M src/openvpn/ssl_backend.h M src/openvpn/ssl_mbedtls.c M src/openvpn/ssl_openssl.c 3 files changed, 5 insertions(+), 50 deletions(-) git pull ssh://gerrit.openvpn.net:29418/openvpn refs/changes/60/860/1