Add SSL_get_extms_support documentation.

Document SSL_get_extms_support(). Modify behaviour of SSL_get_extms_support() so it returns -1 if the master secret support of the peer is not known (e.g. handshake in progress). Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
2015-01-24 17:09:55 +00:00 · 2015-01-24 17:09:55 +00:00 · 156a872233
commit 156a872233
parent 6668b6b8b0
2 changed files with 36 additions and 1 deletions
--- a/doc/ssl/SSL_get_extms_support.pod
+++ b/doc/ssl/SSL_get_extms_support.pod
@ -0,0 +1,33 @@
+=pod
+
+=head1 NAME
+
+SSL_get_extms_support - extended master secret support
+
+=head1 SYNOPSIS
+
+ #include <openssl/ssl.h>
+
+ int SSL_get_extms_support(SSL *ssl);
+
+=head1 DESCRIPTION
+
+SSL_get_extms_support() indicates whether the current session used extended
+master secret.
+
+This function is implemented as a macro.
+
+=head1 RETURN VALUES
+
+SSL_get_extms_support() returns 1 if the current session used extended
+master secret, 0 if it did not and -1 if a handshake is currently in
+progress i.e. it is not possible to determine if extended master secret
+was used.
+
+=back
+
+=head1 SEE ALSO
+
+L<ssl(3)|ssl(3)>
+
+=cut
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@ -1135,7 +1135,9 @@ long SSL_ctrl(SSL *s, int cmd, long larg, void *parg)
        } else
            return ssl_put_cipher_by_char(s, NULL, NULL);
    case SSL_CTRL_GET_EXTMS_SUPPORT:
-        if (s->session && s->session->flags & SSL_SESS_FLAG_EXTMS)
+        if (!s->session || SSL_in_init(s) || s->in_handshake)
+		return -1;
+	if (s->session->flags & SSL_SESS_FLAG_EXTMS)
            return 1;
        else
            return 0;