new option "openssl ciphers -V"

diff --git a/CHANGES b/CHANGES
index c41c967dedb4dc9e4b1f901b58af49c30f2fda1b..f220bbe15e9dc0204c8d2b1e194efd048085a078 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -4,6 +4,10 @@
 
  Changes between 0.9.8a and 0.9.9  [xx XXX xxxx]
 
 
  Changes between 0.9.8a and 0.9.9  [xx XXX xxxx]
 

+  *) New option -V for 'openssl ciphers'. This prints the ciphersuite code
+     in addition to the text details.
+     [Bodo Moeller]
+

   *) Very, very preliminary EXPERIMENTAL support for printing of general
      ASN1 structures. This currently produces rather ugly output and doesn't
      handle several customised structures at all.
   *) Very, very preliminary EXPERIMENTAL support for printing of general
      ASN1 structures. This currently produces rather ugly output and doesn't
      handle several customised structures at all.

diff --git a/apps/ciphers.c b/apps/ciphers.c
index f5e8700a0103127ced77063ec04650e4b1c80e96..aa76ae2853532a3dc7d40b0616fd6af0ed508e68 100644 (file)
--- a/apps/ciphers.c
+++ b/apps/ciphers.c
@@ -71,7 +71,8 @@
 
 static const char *ciphers_usage[]={
 "usage: ciphers args\n",
 
 static const char *ciphers_usage[]={
 "usage: ciphers args\n",

-" -v          - verbose mode, a textual listing of the ciphers in SSLeay\n",
+" -v          - verbose mode, a textual listing of the SSL/TLS ciphers in OpenSSL\n",
+" -V          - even more verbose\n",

 " -ssl2       - SSL2 mode\n",
 " -ssl3       - SSL3 mode\n",
 " -tls1       - TLS1 mode\n",
 " -ssl2       - SSL2 mode\n",
 " -ssl3       - SSL3 mode\n",
 " -tls1       - TLS1 mode\n",


@@ -83,7 +84,7 @@ int MAIN(int, char **);
 int MAIN(int argc, char **argv)
        {
        int ret=1,i;
 int MAIN(int argc, char **argv)
        {
        int ret=1,i;

-       int verbose=0;
+       int verbose=0,Verbose=0;

        const char **pp;
        const char *p;
        int badops=0;
        const char **pp;
        const char *p;
        int badops=0;


@@ -121,6 +122,8 @@ int MAIN(int argc, char **argv)
                {
                if (strcmp(*argv,"-v") == 0)
                        verbose=1;
                {
                if (strcmp(*argv,"-v") == 0)
                        verbose=1;

+               else if (strcmp(*argv,"-V") == 0)
+                       verbose=Verbose=1;

 #ifndef OPENSSL_NO_SSL2
                else if (strcmp(*argv,"-ssl2") == 0)
                        meth=SSLv2_client_method();
 #ifndef OPENSSL_NO_SSL2
                else if (strcmp(*argv,"-ssl2") == 0)
                        meth=SSLv2_client_method();


@@ -179,15 +182,33 @@ int MAIN(int argc, char **argv)
                        }
                BIO_printf(STDout,"\n");
                }
                        }
                BIO_printf(STDout,"\n");
                }

-       else
+       else /* verbose */

                {
                sk=SSL_get_ciphers(ssl);
 
                for (i=0; i<sk_SSL_CIPHER_num(sk); i++)
                        {
                {
                sk=SSL_get_ciphers(ssl);
 
                for (i=0; i<sk_SSL_CIPHER_num(sk); i++)
                        {

-                       BIO_puts(STDout,SSL_CIPHER_description(
-                               sk_SSL_CIPHER_value(sk,i),
-                               buf,sizeof buf));
+                       SSL_CIPHER *c;
+
+                       c = sk_SSL_CIPHER_value(sk,i);
+                       
+                       if (Verbose)
+                               {
+                               unsigned long id = c->id;
+                               int id0 = (int)(id >> 24);
+                               int id1 = (int)((id >> 16) & 0xffL);
+                               int id2 = (int)((id >> 8) & 0xffL);
+                               int id3 = (int)(i & 0xffL);
+                               
+                               if ((id & 0xff000000L) == 0x02000000L)
+                                       BIO_printf(STDout, "     0x%02X,0x%02X,0x%02X - ", id1, id2, id3); /* SSL2 cipher */
+                               else if ((id & 0xff000000L) == 0x03000000L)
+                                       BIO_printf(STDout, "          0x%02X,0x%02X - ", id2, id3); /* SSL3 cipher */
+                               else
+                                       BIO_printf(STDout, "0x%02X,0x%02X,0x%02X,0x%02X - ", id0, id1, id2, id3); /* whatever */
+                               }
+
+                       BIO_puts(STDout,SSL_CIPHER_description(c,buf,sizeof buf));

                        }
                }
 
                        }
                }
 

diff --git a/doc/apps/ciphers.pod b/doc/apps/ciphers.pod
index 81a2c43893ef1c43b8c9b23f50c252f61bc4d7b0..00d4cb1fd802b7702ae550389676f5c742c5968d 100644 (file)
--- a/doc/apps/ciphers.pod
+++ b/doc/apps/ciphers.pod
@@ -8,6 +8,7 @@ ciphers - SSL cipher display and cipher list tool.
 
 B<openssl> B<ciphers>
 [B<-v>]
 
 B<openssl> B<ciphers>
 [B<-v>]

+[B<-V>]

 [B<-ssl2>]
 [B<-ssl3>]
 [B<-tls1>]
 [B<-ssl2>]
 [B<-ssl3>]
 [B<-tls1>]


@@ -15,7 +16,7 @@ B<openssl> B<ciphers>
 
 =head1 DESCRIPTION
 
 
 =head1 DESCRIPTION
 

-The B<cipherlist> command converts OpenSSL cipher lists into ordered
+The B<ciphers> command converts textual OpenSSL cipher lists into ordered

 SSL cipher preference lists. It can be used as a test tool to determine
 the appropriate cipherlist.
 
 SSL cipher preference lists. It can be used as a test tool to determine
 the appropriate cipherlist.
 


@@ -25,7 +26,7 @@ the appropriate cipherlist.
 
 =item B<-v>
 
 
 =item B<-v>
 

-verbose option. List ciphers with a complete description of
+Verbose option. List ciphers with a complete description of

 protocol version (SSLv2 or SSLv3; the latter includes TLS), key exchange,
 authentication, encryption and mac algorithms used along with any key size
 restrictions and whether the algorithm is classed as an "export" cipher.
 protocol version (SSLv2 or SSLv3; the latter includes TLS), key exchange,
 authentication, encryption and mac algorithms used along with any key size
 restrictions and whether the algorithm is classed as an "export" cipher.


@@ -33,6 +34,10 @@ Note that without the B<-v> option, ciphers may seem to appear twice
 in a cipher list; this is when similar ciphers are available for
 SSL v2 and for SSL v3/TLS v1.
 
 in a cipher list; this is when similar ciphers are available for
 SSL v2 and for SSL v3/TLS v1.
 

+=item B<-V>
+
+Like B<-V>, but include cipher suite codes in output (hex format).
+

 =item B<-ssl3>
 
 only include SSL v3 ciphers.
 =item B<-ssl3>
 
 only include SSL v3 ciphers.


@@ -388,7 +393,8 @@ L<s_client(1)|s_client(1)>, L<s_server(1)|s_server(1)>, L<ssl(3)|ssl(3)>
 
 =head1 HISTORY
 
 
 =head1 HISTORY
 

-The B<COMPLENTOFALL> and B<COMPLEMENTOFDEFAULT> selection options were
-added in version 0.9.7.
+The B<COMPLENTOFALL> and B<COMPLEMENTOFDEFAULT> selection options
+for cipherlist strings were added in OpenSSL 0.9.7.
+The B<-V> option for the B<ciphers> command was added in OpenSSL 0.9.9.

 
 =cut
 
 =cut