diff --git a/libratbox/include/rb_commio.h b/libratbox/include/rb_commio.h index f37677a4..fb83dd54 100644 --- a/libratbox/include/rb_commio.h +++ b/libratbox/include/rb_commio.h @@ -186,4 +186,6 @@ void rb_ssl_clear_handshake_count(rb_fde_t *F); int rb_pass_fd_to_process(rb_fde_t *, pid_t, rb_fde_t *); rb_fde_t *rb_recv_fd(rb_fde_t *); +const char *rb_ssl_get_cipher(rb_fde_t *F); + #endif /* INCLUDED_commio_h */ diff --git a/libratbox/src/export-syms.txt b/libratbox/src/export-syms.txt index 0caa7687..42760d04 100644 --- a/libratbox/src/export-syms.txt +++ b/libratbox/src/export-syms.txt @@ -153,3 +153,4 @@ rb_getpid rb_waitpid rb_basename rb_dirname +rb_ssl_get_cipher diff --git a/libratbox/src/gnutls.c b/libratbox/src/gnutls.c index 77ad47ef..a2d4c3bf 100644 --- a/libratbox/src/gnutls.c +++ b/libratbox/src/gnutls.c @@ -632,5 +632,18 @@ rb_get_ssl_info(char *buf, size_t len) LIBGNUTLS_VERSION, gnutls_check_version(NULL)); } +const char * +rb_ssl_get_cipher(rb_fde_t *F) +{ + static char buf[1024]; + + rb_snprintf(buf, sizeof(buf), "%s-%s-%s-%s", + gnutls_protocol_get_name(gnutls_protocol_get_version(SSL_P(F))), + gnutls_kx_get_name(gnutls_kx_get(SSL_P(F))), + gnutls_cipher_get_name(gnutls_cipher_get(SSL_P(F))), + gnutls_mac_get_name(gnutls_mac_get(SSL_P(F)))); + + return buf; +} #endif /* HAVE_GNUTLS */ diff --git a/libratbox/src/mbedtls.c b/libratbox/src/mbedtls.c index 6a8c6b5e..e819d983 100644 --- a/libratbox/src/mbedtls.c +++ b/libratbox/src/mbedtls.c @@ -595,5 +595,12 @@ rb_get_ssl_info(char *buf, size_t len) MBEDTLS_VERSION_STRING, version_str); } +const char * +rb_ssl_get_cipher(rb_fde_t *F) +{ + if(F == NULL || F->ssl == NULL) + return NULL; + return mbedtls_ssl_get_ciphersuite(SSL_P(F)); +} #endif /* HAVE_GNUTLS */ diff --git a/libratbox/src/openssl.c b/libratbox/src/openssl.c index 59e4a16f..fbdeefdf 100644 --- a/libratbox/src/openssl.c +++ b/libratbox/src/openssl.c @@ -745,5 +745,18 @@ rb_get_ssl_info(char *buf, size_t len) (long)OPENSSL_VERSION_NUMBER, SSLeay()); } +const char * +rb_ssl_get_cipher(rb_fde_t *F) +{ + const SSL_CIPHER *sslciph; + + if(F == NULL || F->ssl == NULL) + return NULL; + + if((sslciph = SSL_get_current_cipher(F->ssl)) == NULL) + return NULL; + + return SSL_CIPHER_get_name(sslciph); +} #endif /* HAVE_OPESSL */