Add option to retrieve hex representation of client ciphers
authorAnirudh Ramachandran <avr@fb.com>
Mon, 21 Mar 2016 22:46:23 +0000 (15:46 -0700)
committerFacebook Github Bot 3 <facebook-github-bot-3-bot@fb.com>
Mon, 21 Mar 2016 22:51:21 +0000 (15:51 -0700)
Summary: A more compact hex representation of ciphers in ClientHello can be useful, e.g., for logging.

Reviewed By: knekritz

Differential Revision: D3052308

fb-gh-sync-id: beaf6fcd4705d4d7fae652d8d8b95b52ca9e07a9
shipit-source-id: beaf6fcd4705d4d7fae652d8d8b95b52ca9e07a9

folly/io/async/AsyncSSLSocket.h

index 4900d2f..a952704 100644 (file)
@@ -538,7 +538,9 @@ class AsyncSSLSocket : public virtual AsyncSocket {
    * Get the list of supported ciphers sent by the client in the client's
    * preference order.
    */
-  void getSSLClientCiphers(std::string& clientCiphers) const {
+  void getSSLClientCiphers(
+      std::string& clientCiphers,
+      bool convertToString = true) const {
     std::stringstream ciphersStream;
     std::string cipherName;
 
@@ -550,22 +552,25 @@ class AsyncSSLSocket : public virtual AsyncSocket {
 
     for (auto originalCipherCode : clientHelloInfo_->clientHelloCipherSuites_)
     {
-      // OpenSSL expects code as a big endian char array
-      auto cipherCode = htons(originalCipherCode);
+      const SSL_CIPHER* cipher = nullptr;
+      if (convertToString) {
+        // OpenSSL expects code as a big endian char array
+        auto cipherCode = htons(originalCipherCode);
 
 #if defined(SSL_OP_NO_TLSv1_2)
-      const SSL_CIPHER* cipher =
-          TLSv1_2_method()->get_cipher_by_char((unsigned char*)&cipherCode);
+        cipher =
+            TLSv1_2_method()->get_cipher_by_char((unsigned char*)&cipherCode);
 #elif defined(SSL_OP_NO_TLSv1_1)
-      const SSL_CIPHER* cipher =
-          TLSv1_1_method()->get_cipher_by_char((unsigned char*)&cipherCode);
+        cipher =
+            TLSv1_1_method()->get_cipher_by_char((unsigned char*)&cipherCode);
 #elif defined(SSL_OP_NO_TLSv1)
-      const SSL_CIPHER* cipher =
-          TLSv1_method()->get_cipher_by_char((unsigned char*)&cipherCode);
+        cipher =
+            TLSv1_method()->get_cipher_by_char((unsigned char*)&cipherCode);
 #else
-      const SSL_CIPHER* cipher =
-          SSLv3_method()->get_cipher_by_char((unsigned char*)&cipherCode);
+        cipher =
+            SSLv3_method()->get_cipher_by_char((unsigned char*)&cipherCode);
 #endif
+      }
 
       if (cipher == nullptr) {
         ciphersStream << std::setfill('0') << std::setw(4) << std::hex