From 6ec1883fa68a019f70ec6ab4292e8aeed9b2d0cc Mon Sep 17 00:00:00 2001
From: Ad Schellevis <ad@opnsense.org>
Date: Sat, 15 Aug 2020 14:48:10 +0200
Subject: [PATCH] security/tinc. list_ciphers compatibility with both libre and
 open ssl. closes https://github.com/opnsense/plugins/issues/1976

---
 .../opnsense/scripts/OPNsense/Tinc/list_ciphers.py | 14 +++++++++-----
 1 file changed, 9 insertions(+), 5 deletions(-)

diff --git a/security/tinc/src/opnsense/scripts/OPNsense/Tinc/list_ciphers.py b/security/tinc/src/opnsense/scripts/OPNsense/Tinc/list_ciphers.py
index 76e2c9981..893ac68cb 100755
--- a/security/tinc/src/opnsense/scripts/OPNsense/Tinc/list_ciphers.py
+++ b/security/tinc/src/opnsense/scripts/OPNsense/Tinc/list_ciphers.py
@@ -34,11 +34,15 @@ import ujson
 response = dict()
 
 p = subprocess.run(['/usr/local/bin/openssl', 'enc', '-ciphers'], capture_output=True, text=True)
-for line in p.stdout.split("\n"):
-    if not line.startswith('Supported'):
-        for item in line.split():
-            if len(item) > 1:
-                response[item[1:]] = item[1:]
+ciphers_start = False
+for f in [p.stdout, p.stderr]:
+    for line in f.split("\n"):
+        if line.startswith('Supported ciphers:') or line.startswith('Valid ciphername values:'):
+            ciphers_start = True
+        elif ciphers_start:
+            for item in line.split():
+                if len(item) > 1:
+                    response[item[1:]] = item[1:]
 
 response["none"] = "None"
 # output generated keys