#include <openssl/engine.h>
#include <openssl/async.h>
#include <openssl/ct.h>
+#include <openssl/trace.h>
#include "internal/cryptlib.h"
#include "internal/refcount.h"
#include "internal/ktls.h"
return NULL;
}
+/*
+ * Distinguish between ciphers controlled by set_ciphersuite() and
+ * set_cipher_list() when counting.
+ */
+static int cipher_list_tls12_num(STACK_OF(SSL_CIPHER) *sk)
+{
+ int i, num = 0;
+ const SSL_CIPHER *c;
+
+ if (sk == NULL)
+ return 0;
+ for (i = 0; i < sk_SSL_CIPHER_num(sk); ++i) {
+ c = sk_SSL_CIPHER_value(sk, i);
+ if (c->min_tls >= TLS1_3_VERSION)
+ continue;
+ num++;
+ }
+ return num;
+}
+
/** specify the ciphers to be used by default by the SSL_CTX */
int SSL_CTX_set_cipher_list(SSL_CTX *ctx, const char *str)
{
*/
if (sk == NULL)
return 0;
- else if (sk_SSL_CIPHER_num(sk) == 0) {
+ else if (cipher_list_tls12_num(sk) == 0) {
SSLerr(SSL_F_SSL_CTX_SET_CIPHER_LIST, SSL_R_NO_CIPHER_MATCH);
return 0;
}
/* see comment in SSL_CTX_set_cipher_list */
if (sk == NULL)
return 0;
- else if (sk_SSL_CIPHER_num(sk) == 0) {
+ else if (cipher_list_tls12_num(sk) == 0) {
SSLerr(SSL_F_SSL_SET_CIPHER_LIST, SSL_R_NO_CIPHER_MATCH);
return 0;
}
mask_k = 0;
mask_a = 0;
-#ifdef CIPHER_DEBUG
- fprintf(stderr, "dht=%d re=%d rs=%d ds=%d\n",
- dh_tmp, rsa_enc, rsa_sign, dsa_sign);
-#endif
+ OSSL_TRACE4(TLS_CIPHER, "dh_tmp=%d rsa_enc=%d rsa_sign=%d dsa_sign=%d\n",
+ dh_tmp, rsa_enc, rsa_sign, dsa_sign);
#ifndef OPENSSL_NO_GOST
if (ssl_has_cert(s, SSL_PKEY_GOST12_512)) {