Write an SSL_get_shared_ciphers(3) manual from scratch; another one

where BUGS is longer than DESCRIPTION.  The function is listed in
ssl(3) and <openssl/ssl.h>, so it's clearly public.

The code looks slightly mysterious to me, so it would be welcome if
somebody more familiar with TLS protocols could check factual accuracy.

1 files changed, 70 insertions, 0 deletions

diff --git a/lib/libssl/man/SSL_get_shared_ciphers.3 b/lib/libssl/man/SSL_get_shared_ciphers.3
new file mode 100644
index 00000000000..915ad682151
--- /dev/null
+++ b/lib/libssl/man/SSL_get_shared_ciphers.3
@@ -0,0 +1,70 @@
+.\"	$OpenBSD: SSL_get_shared_ciphers.3,v 1.1 2016/12/10 14:56:56 schwarze Exp $
+.\"
+.\" Copyright (c) 2016 Ingo Schwarze <schwarze@openbsd.org>
+.\"
+.\" Permission to use, copy, modify, and distribute this software for any
+.\" purpose with or without fee is hereby granted, provided that the above
+.\" copyright notice and this permission notice appear in all copies.
+.\"
+.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+.\"
+.Dd $Mdocdate: December 10 2016 $
+.Dt SSL_GET_SHARED_CIPHERS 3
+.Os
+.Sh NAME
+.Nm SSL_get_shared_ciphers
+.Nd ciphers supported by both client and server
+.Sh SYNOPSIS
+.In openssl/ssl.h
+.Ft char *
+.Fo SSL_get_shared_ciphers
+.Fa "const SSL *ssl"
+.Fa "char *buf"
+.Fa "int len"
+.Fc
+.Sh DESCRIPTION
+.Fn SSL_get_shared_ciphers
+puts the names of the ciphers that are supported by both the client
+and the server of
+.Fa ssl
+into the buffer
+.Fa buf .
+Names are separated by colons.
+At most
+.Fa len
+bytes are written to
+.Fa buf
+including the terminating NUL character.
+.Sh RETURN VALUES
+If
+.Fa ssl
+contains no session, if the session contains no shared ciphers,
+or if
+.Fa len
+is less than 2,
+.Fn SSL_get_shared_ciphers
+returns
+.Dv NULL .
+Otherwise, it returns
+.Fa buf .
+.Sh HISTORY
+.Fn SSL_get_shared_ciphers
+is available in all versions of OpenSSL.
+.Sh BUGS
+If the list is too long to fit into
+.Fa len
+bytes, it is silently truncated after the last cipher name that fits,
+and all following ciphers are skipped.
+If the buffer is very short such that even the first cipher name
+does not fit, an empty string is returned even when some shared
+ciphers are actually available.
+.Pp
+There is no easy way to find out how much space is required for
+.Fa buf
+or whether the supplied space was sufficient.