X-Git-Url: https://git.openssl.org/gitweb/?p=openssl.git;a=blobdiff_plain;f=ssl%2Fssl_lib.c;h=06d972349a9dab25ef1c551b233f35dcb5d38f27;hp=5a6e6a7060cc8abc0c3f6ef348f88fdd1d639c47;hb=d064e6ab52ac8e7b80b2a5d11b31bca583b769c7;hpb=43341433a88a6a2cd38c35359f48653e809b10cd

diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index 5a6e6a7060..06d972349a 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -142,9 +142,7 @@
  * OTHERWISE.
  */
 
-#ifdef REF_DEBUG
-# include <assert.h>
-#endif
+#include <assert.h>
 #include <stdio.h>
 #include "ssl_locl.h"
 #include <openssl/objects.h>
@@ -259,7 +257,7 @@ static void tlsa_free(danetls_record *t)
     OPENSSL_free(t);
 }
 
-static void dane_final(struct dane_st *dane)
+static void dane_final(SSL_DANE *dane)
 {
     sk_danetls_record_pop_free(dane->trecs, tlsa_free);
     dane->trecs = NULL;
@@ -346,7 +344,7 @@ static int dane_mtype_set(
     return 1;
 }
 
-static const EVP_MD *tlsa_md_get(struct dane_st *dane, uint8_t mtype)
+static const EVP_MD *tlsa_md_get(SSL_DANE *dane, uint8_t mtype)
 {
     if (mtype > dane->dctx->mdmax)
         return NULL;
@@ -354,7 +352,7 @@ static const EVP_MD *tlsa_md_get(struct dane_st *dane, uint8_t mtype)
 }
 
 static int dane_tlsa_add(
-    struct dane_st *dane,
+    SSL_DANE *dane,
     uint8_t usage,
     uint8_t selector,
     uint8_t mtype,
@@ -885,7 +883,7 @@ int SSL_CTX_dane_enable(SSL_CTX *ctx)
 
 int SSL_dane_enable(SSL *s, const char *basedomain)
 {
-    struct dane_st *dane = &s->dane;
+    SSL_DANE *dane = &s->dane;
 
     if (s->ctx->dane.mdmax == 0) {
         SSLerr(SSL_F_SSL_DANE_ENABLE, SSL_R_CONTEXT_NOT_DANE_ENABLED);
@@ -928,7 +926,7 @@ int SSL_dane_enable(SSL *s, const char *basedomain)
 
 int SSL_get0_dane_authority(SSL *s, X509 **mcert, EVP_PKEY **mspki)
 {
-    struct dane_st *dane = &s->dane;
+    SSL_DANE *dane = &s->dane;
 
     if (!DANETLS_ENABLED(dane) || s->verify_result != X509_V_OK)
         return -1;
@@ -944,7 +942,7 @@ int SSL_get0_dane_authority(SSL *s, X509 **mcert, EVP_PKEY **mspki)
 int SSL_get0_dane_tlsa(SSL *s, uint8_t *usage, uint8_t *selector,
                        uint8_t *mtype, unsigned const char **data, size_t *dlen)
 {
-    struct dane_st *dane = &s->dane;
+    SSL_DANE *dane = &s->dane;
 
     if (!DANETLS_ENABLED(dane) || s->verify_result != X509_V_OK)
         return -1;
@@ -963,7 +961,7 @@ int SSL_get0_dane_tlsa(SSL *s, uint8_t *usage, uint8_t *selector,
     return dane->mdpth;
 }
 
-struct dane_st *SSL_get0_dane(SSL *s)
+SSL_DANE *SSL_get0_dane(SSL *s)
 {
     return &s->dane;
 }
@@ -2001,6 +1999,15 @@ const char *SSL_get_cipher_list(const SSL *s, int n)
     return (c->name);
 }
 
+/** return a STACK of the ciphers available for the SSL_CTX and in order of
+ * preference */
+STACK_OF(SSL_CIPHER) *SSL_CTX_get_ciphers(const SSL_CTX *ctx)
+{
+    if (ctx != NULL)
+        return ctx->cipher_list;
+    return NULL;
+}
+
 /** specify the ciphers to be used by default by the SSL_CTX */
 int SSL_CTX_set_cipher_list(SSL_CTX *ctx, const char *str)
 {
@@ -3318,13 +3325,7 @@ void ssl_free_wbio_buffer(SSL *s)
     if (s->bbio == s->wbio) {
         /* remove buffering */
         s->wbio = BIO_pop(s->wbio);
-#ifdef REF_DEBUG
-        /*
-         * not the usual REF_DEBUG, but this avoids
-         * adding one more preprocessor symbol
-         */
         assert(s->wbio != NULL);
-#endif
     }
     BIO_free(s->bbio);
     s->bbio = NULL;
@@ -4123,7 +4124,7 @@ int ssl_validate_ct(SSL *s)
     int ret = 0;
     X509 *cert = s->session != NULL ? s->session->peer : NULL;
     X509 *issuer;
-    struct dane_st *dane = &s->dane;
+    SSL_DANE *dane = &s->dane;
     CT_POLICY_EVAL_CTX *ctx = NULL;
     const STACK_OF(SCT) *scts;