Add SSL_get_extms_support documentation.

Document SSL_get_extms_support().

Modify behaviour of SSL_get_extms_support() so it returns -1 if the
master secret support of the peer is not known (e.g. handshake in progress).
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>

diff --git a/doc/ssl/SSL_get_extms_support.pod b/doc/ssl/SSL_get_extms_support.pod
new file mode 100644 (file)
index 0000000..427819a
--- /dev/null
+++ b/doc/ssl/SSL_get_extms_support.pod
@@ -0,0 +1,33 @@
+=pod
+
+=head1 NAME
+
+SSL_get_extms_support - extended master secret support
+
+=head1 SYNOPSIS
+
+ #include <openssl/ssl.h>
+
+ int SSL_get_extms_support(SSL *ssl);
+
+=head1 DESCRIPTION
+
+SSL_get_extms_support() indicates whether the current session used extended
+master secret.
+
+This function is implemented as a macro.
+
+=head1 RETURN VALUES
+
+SSL_get_extms_support() returns 1 if the current session used extended
+master secret, 0 if it did not and -1 if a handshake is currently in
+progress i.e. it is not possible to determine if extended master secret
+was used.
+
+=back
+
+=head1 SEE ALSO
+
+L<ssl(3)|ssl(3)>
+
+=cut

diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index d618d64bc54f7cf7d2f7ca8aebdbb88ae3c5eb27..bcb6be133a755d63a4dee50a4a13786639cf1c59 100644 (file)
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -1135,7 +1135,9 @@ long SSL_ctrl(SSL *s, int cmd, long larg, void *parg)
         } else
             return ssl_put_cipher_by_char(s, NULL, NULL);
     case SSL_CTRL_GET_EXTMS_SUPPORT:
-        if (s->session && s->session->flags & SSL_SESS_FLAG_EXTMS)
+        if (!s->session || SSL_in_init(s) || s->in_handshake)
+               return -1;
+       if (s->session->flags & SSL_SESS_FLAG_EXTMS)
             return 1;
         else
             return 0;