From bd01f6498c2c5007df64ba88c5d88ff15b0376cb Mon Sep 17 00:00:00 2001
From: TJ Saunders <tj@castaglia.org>
Date: Thu, 26 May 2016 15:40:13 -0700
Subject: [PATCH] Add an SSL_SESSION accessor for obtaining the protocol
 version number, with accompanying documentation.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1135)
---
 doc/ssl/SSL_SESSION_get_protocol_version.pod | 54 ++++++++++++++++++++
 include/openssl/ssl.h                        |  1 +
 ssl/ssl_sess.c                               |  7 +++
 3 files changed, 62 insertions(+)
 create mode 100644 doc/ssl/SSL_SESSION_get_protocol_version.pod

diff --git a/doc/ssl/SSL_SESSION_get_protocol_version.pod b/doc/ssl/SSL_SESSION_get_protocol_version.pod
new file mode 100644
index 0000000000..e9e4f6df50
--- /dev/null
+++ b/doc/ssl/SSL_SESSION_get_protocol_version.pod
@@ -0,0 +1,54 @@
+=pod
+
+=head1 NAME
+
+SSL_SESSION_get_protocol_version - retrieve session protocol version
+
+=head1 SYNOPSIS
+
+ #include <openssl/ssl.h>
+
+ int SSL_SESSION_get_protocol_version(const SSL_SESSION *s);
+
+=head1 DESCRIPTION
+
+SSL_SESSION_get_protocol_version() returns the time at which the session B<s> was
+established. The time is given in seconds since the Epoch and therefore
+compatible to the time delivered by the time() call.
+
+SSL_SESSION_set_time() replaces the creation time of the session B<s> with
+the chosen value B<tm>.
+
+SSL_SESSION_get_timeout() returns the timeout value set for session B<s>
+in seconds.
+
+SSL_SESSION_set_timeout() sets the timeout value for session B<s> in seconds
+to B<tm>.
+
+The SSL_get_time(), SSL_set_time(), SSL_get_timeout(), and SSL_set_timeout()
+functions are synonyms for the SSL_SESSION_*() counterparts.
+
+=head1 RETURN VALUES
+
+SSL_SESSION_get_protocol_version() returns a number indicating the protocol
+version used for the session; this number matches the constants I<e.g.>
+B<TLS1_VERSION> or B<TLS1_2_VERSION>.
+
+If the function is passed the NULL pointer for the session B<s>, 0 is returned.
+
+=head1 SEE ALSO
+
+L<ssl(3)>,
+L<SSL_CTX_set_timeout(3)>,
+L<SSL_get_default_timeout(3)>
+
+=head1 COPYRIGHT
+
+Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h
index f019f64aa8..c6c357642a 100644
--- a/include/openssl/ssl.h
+++ b/include/openssl/ssl.h
@@ -1376,6 +1376,7 @@ __owur long SSL_SESSION_get_time(const SSL_SESSION *s);
 __owur long SSL_SESSION_set_time(SSL_SESSION *s, long t);
 __owur long SSL_SESSION_get_timeout(const SSL_SESSION *s);
 __owur long SSL_SESSION_set_timeout(SSL_SESSION *s, long t);
+__owur int SSL_SESSION_get_protocol_version(const SSL_SESSION *s);
 __owur const char *SSL_SESSION_get0_hostname(const SSL_SESSION *s);
 __owur int SSL_SESSION_has_ticket(const SSL_SESSION *s);
 __owur unsigned long SSL_SESSION_get_ticket_lifetime_hint(const SSL_SESSION *s);
diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c
index f168900dea..128d2d7942 100644
--- a/ssl/ssl_sess.c
+++ b/ssl/ssl_sess.c
@@ -828,6 +828,13 @@ long SSL_SESSION_set_time(SSL_SESSION *s, long t)
     return (t);
 }
 
+int SSL_SESSION_get_protocol_version(const SSL_SESSION *s)
+{
+    if (s == NULL)
+        return (0);
+    return s->ssl_version;
+}
+
 const char *SSL_SESSION_get0_hostname(const SSL_SESSION *s)
 {
     return s->tlsext_hostname;
-- 
2.34.1