### Changes between 3.0 and 3.1 [xx XXX xxxx]
+ * The SSL_CTX_set_cipher_list family functions now accept ciphers using their
+ IANA standard names.
+
+ *Erik Lax*
+
* The PVK key derivation function has been moved from b2i_PVK_bio_ex() into
the legacy crypto provider as an EVP_KDF. Applications requiring this KDF
will need to load the legacy crypto provider.
The cipher list consists of one or more I<cipher strings> separated by colons.
Commas or spaces are also acceptable separators but colons are normally used.
+The cipher string may reference a cipher using its standard name.
+
The actual cipher string can take several different forms.
It can consist of a single cipher suite such as B<RC4-SHA>.
while (((ch >= 'A') && (ch <= 'Z')) ||
((ch >= '0') && (ch <= '9')) ||
((ch >= 'a') && (ch <= 'z')) ||
- (ch == '-') || (ch == '.') || (ch == '='))
+ (ch == '-') || (ch == '_') || (ch == '.') || (ch == '='))
#else
- while (isalnum((unsigned char)ch) || (ch == '-') || (ch == '.')
+ while (isalnum((unsigned char)ch) || (ch == '-') || (ch == '_') || (ch == '.')
|| (ch == '='))
#endif
{
&& (ca_list[j]->name[buflen] == '\0')) {
found = 1;
break;
+ } else if (ca_list[j]->stdname != NULL
+ && strncmp(buf, ca_list[j]->stdname, buflen) == 0
+ && ca_list[j]->stdname[buflen] == '\0') {
+ found = 1;
+ break;
} else
j++;
}
return result;
}
+/* SSL_CTX_set_cipher_list matching with cipher standard name */
+static int test_stdname_cipherlist(void)
+{
+ SETUP_CIPHERLIST_TEST_FIXTURE();
+ if (!TEST_true(SSL_CTX_set_cipher_list(fixture->server, TLS1_RFC_RSA_WITH_AES_128_SHA))
+ || !TEST_true(SSL_CTX_set_cipher_list(fixture->client, TLS1_RFC_RSA_WITH_AES_128_SHA))) {
+ goto end;
+ }
+ result = 1;
+end:
+ tear_down(fixture);
+ fixture = NULL;
+ return result;
+}
+
int setup_tests(void)
{
ADD_TEST(test_default_cipherlist_implicit);
ADD_TEST(test_default_cipherlist_explicit);
ADD_TEST(test_default_cipherlist_clear);
+ ADD_TEST(test_stdname_cipherlist);
return 1;
}