Add functions to get erlang or openssl formatted ciphers.

hairyhum · hairyhum · commit 310bf16da17c · 2019-04-24T14:46:53.000-04:00
SSL application provides API to get ciphers by format or by default/all/anonymous, but not both, so it's not possible to get all openssl-formatted ciphers. OTP-20 and OTP-21 have different modules containing cipher formatting functions - using function_exported to support both. Addresses rabbitmq/rabbitmq-cli#342
diff --git a/src/rabbit_ssl.erl b/src/rabbit_ssl.erl
@@ -20,13 +20,78 @@
 
 -export([peer_cert_issuer/1, peer_cert_subject/1, peer_cert_validity/1]).
 -export([peer_cert_subject_items/2, peer_cert_auth_name/1]).
+-export([cipher_suites_erlang/2, cipher_suites_erlang/1,
+         cipher_suites_openssl/2, cipher_suites_openssl/1,
+         cipher_suites/1]).
 
 %%--------------------------------------------------------------------------
 
 -export_type([certificate/0]).
 
 -type certificate() :: rabbit_cert_info:certificate().
 
+-type cipher_suites_mode() :: default | all | anonymous.
+
+-spec cipher_suites(cipher_suites_mode()) -> ssl:ciphers().
+cipher_suites(Mode) ->
+    Version = get_highest_protocol_version(),
+    ssl:cipher_suites(Mode, Version).
+
+-spec cipher_suites_erlang(cipher_suites_mode()) ->
+    [ssl:old_cipher_suite()].
+cipher_suites_erlang(Mode) ->
+    Version = get_highest_protocol_version(),
+    cipher_suites_erlang(Mode, Version).
+
+-spec cipher_suites_erlang(cipher_suites_mode(),
+                           ssl:protocol_version() | tls_record:tls_version()) ->
+    [ssl:old_cipher_suite()].
+cipher_suites_erlang(Mode, Version) ->
+    [ format_cipher_erlang(C)
+      || C <- ssl:cipher_suites(Mode, Version) ].
+
+-spec cipher_suites_openssl(cipher_suites_mode()) ->
+    [ssl:old_cipher_suite()].
+cipher_suites_openssl(Mode) ->
+    Version = get_highest_protocol_version(),
+    cipher_suites_openssl(Mode, Version).
+
+-spec cipher_suites_openssl(cipher_suites_mode(),
+                           ssl:protocol_version() | tls_record:tls_version()) ->
+    [ssl:old_cipher_suite()].
+cipher_suites_openssl(Mode, Version) ->
+    lists:filtermap(fun(C) ->
+        OpenSSL = format_cipher_openssl(C),
+        case is_list(OpenSSL) of
+            true  -> {true, OpenSSL};
+            false -> false
+        end
+    end,
+    ssl:cipher_suites(Mode, Version)).
+
+
+%% OTP-20.3 and OTP-21 have different modules containing cipher format functions
+%% This is not a hot codepath and `function_exported` should not slow things down much.
+format_cipher_erlang(Cipher) ->
+    case erlang:function_exported(ssl_cipher_format, suite, 1) of
+        true ->
+            ssl_cipher_format:erl_suite_definition(ssl_cipher_format:suite(Cipher));
+        false ->
+            ssl_cipher:erl_suite_definition(ssl_cipher:suite(Cipher))
+    end.
+
+format_cipher_openssl(Cipher) ->
+    case erlang:function_exported(ssl_cipher_format, suite, 1) of
+        true ->
+            ssl_cipher_format:openssl_suite_name(ssl_cipher_format:suite(Cipher));
+        false ->
+            ssl_cipher:openssl_suite_name(ssl_cipher:suite(Cipher))
+    end.
+
+-spec get_highest_protocol_version() -> tls_record:tls_version().
+get_highest_protocol_version() ->
+    tls_record:highest_protocol_version([]).
+
 %%--------------------------------------------------------------------------
 %% High-level functions used by reader
 %%--------------------------------------------------------------------------
