Add a SSL_get_pending_cipher API. Conscrypt needs to, in the certificate verification callback, know the key exchange + auth method of the current cipher suite to pass into X509TrustManager.checkServerTrusted. Currently it reaches into the struct to get it. Add an API for this. Change-Id: Ib4e0a1fbf1d9ea24e0114f760b7524e1f7bafe33 Reviewed-on: https://boringssl-review.googlesource.com/6881 Reviewed-by: David Benjamin <davidben@google.com>

commit: f6494f49289a521edb0ccbc7027a2e7e8a54a850 [log] [tgz]
author: David Benjamin <davidben@chromium.org> Thu Jan 07 12:37:41 2016 -0800
committer: David Benjamin <davidben@google.com> Tue Jan 26 21:51:02 2016 +0000
tree: 59d43d4e69dd015b2b1731c1b9608791a0fb1de5
parent: 7027d25c6b049de7a7e3130198657528f8f7d8ac [diff] [blame]
diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h
index af1f7b8..f261219 100644
--- a/include/openssl/ssl.h
+++ b/include/openssl/ssl.h

@@ -2880,6 +2880,10 @@
 OPENSSL_EXPORT size_t SSL_get_server_random(const SSL *ssl, uint8_t *out,
                                             size_t max_out);
 
+/* SSL_get_pending_cipher returns the cipher suite for the current handshake or
+ * NULL if one has not been negotiated yet or there is no pending handshake. */
+OPENSSL_EXPORT const SSL_CIPHER *SSL_get_pending_cipher(const SSL *ssl);
+
 
 /* Deprecated functions. */
commit	f6494f49289a521edb0ccbc7027a2e7e8a54a850	[log] [tgz]
author	David Benjamin <davidben@chromium.org>	Thu Jan 07 12:37:41 2016 -0800
committer	David Benjamin <davidben@google.com>	Tue Jan 26 21:51:02 2016 +0000
tree	59d43d4e69dd015b2b1731c1b9608791a0fb1de5
parent	7027d25c6b049de7a7e3130198657528f8f7d8ac [diff] [blame]