Add method to query Extended Master Secret support
Change-Id: I4c285f4b3dd77f8fc7249c7504b5e4eb9b62959f
Reviewed-on: https://boringssl-review.googlesource.com/5920
Reviewed-by: Adam Langley <agl@google.com>
diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h
index 63a0bdd..88f11f9 100644
--- a/include/openssl/ssl.h
+++ b/include/openssl/ssl.h
@@ -962,6 +962,10 @@
OPENSSL_EXPORT int SSL_get_tls_unique(const SSL *ssl, uint8_t *out,
size_t *out_len, size_t max_out);
+/* SSL_get_extms_support returns one if the Extended Master Secret
+ * extension was negotiated. Otherwise, it returns zero. */
+OPENSSL_EXPORT int SSL_get_extms_support(const SSL *ssl);
+
/* Custom extensions.
*
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index 6ff088f..662f093 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -1199,6 +1199,10 @@
return X509_VERIFY_PARAM_get_depth(s->param);
}
+int SSL_get_extms_support(const SSL *s) {
+ return s->s3->tmp.extended_master_secret == 1;
+}
+
int (*SSL_get_verify_callback(const SSL *s))(int, X509_STORE_CTX *) {
return s->verify_callback;
}
