Add functions for SSL{_CTX}_get_verify_mode and SSL_is_init_finished

2020-03-24 14:25:07 -05:00 · 2020-03-24 14:25:07 -05:00 · 1e9cc8426e
parent dbc5459d63
commit 1e9cc8426e
2 changed files with 41 additions and 0 deletions
--- a/openssl-sys/src/ssl.rs
+++ b/openssl-sys/src/ssl.rs
@ -672,6 +672,21 @@ extern "C" {

    pub fn SSL_get_finished(s: *const SSL, buf: *mut c_void, count: size_t) -> size_t;
    pub fn SSL_get_peer_finished(s: *const SSL, buf: *mut c_void, count: size_t) -> size_t;
+
+    pub fn SSL_CTX_get_verify_mode(ctx: *const SSL_CTX) -> c_int;
+    pub fn SSL_get_verify_mode(s: *const SSL) -> c_int;
+}
+
+cfg_if! {
+    if #[cfg(ossl111)] {
+        extern "C" {
+            pub fn SSL_is_init_finished(s: *const SSL) -> c_int;
+        }
+    } else if #[cfg(ossl110)] {
+        extern "C" {
+            pub fn SSL_is_init_finished(s: *mut SSL) -> c_int;
+        }
+    }
 }

 pub const SSL_AD_ILLEGAL_PARAMETER: c_int = SSL3_AD_ILLEGAL_PARAMETER;
--- a/openssl/src/ssl/mod.rs
+++ b/openssl/src/ssl/mod.rs
@ -1944,6 +1944,16 @@ impl SslContextRef {
    pub fn session_cache_size(&self) -> i64 {
        unsafe { ffi::SSL_CTX_sess_get_cache_size(self.as_ptr()).into() }
    }
+
+    /// Returns the verify mode that was set on this context from [`SslContextBuilder::set_verify`].
+    ///
+    /// This corresponds to `SSL_CTX_get_verify_mode`.
+    ///
+    /// [`SslContextBuilder::set_verify`]: struct.SslContextBuilder.html#method.set_verify
+    pub fn verify_mode(&self) -> SslVerifyMode {
+        let mode = unsafe { ffi::SSL_CTX_get_verify_mode(self.as_ptr()) };
+        SslVerifyMode::from_bits(mode).expect("SSL_CTX_get_verify_mode returned invalid mode")
+    }
 }

 /// Information about the state of a cipher.
@ -2394,6 +2404,14 @@ impl SslRef {
        unsafe { ffi::SSL_set_verify(self.as_ptr(), mode.bits as c_int, None) }
    }

+    /// Returns the verify mode that was set using `set_verify`.
+    ///
+    /// This corresponds to `SSL_get_verify_mode`.
+    pub fn verify_mode(&self) -> SslVerifyMode {
+        let mode = unsafe { ffi::SSL_get_verify_mode(self.as_ptr()) };
+        SslVerifyMode::from_bits(mode).expect("SSL_get_verify_mode returned invalid mode")
+    }
+
    /// Like [`SslContextBuilder::set_verify_callback`].
    ///
    /// This corresponds to [`SSL_set_verify`].
@ -3172,6 +3190,14 @@ impl SslRef {
        }
    }

+    /// Determines if the initial handshake has been completed.
+    ///
+    /// This corresponds to `SSL_is_init_finished`.
+    #[cfg(ossl110)]
+    pub fn init_finished(&self) -> bool {
+        unsafe { ffi::SSL_is_init_finished(self.as_ptr()) != 0 }
+    }
+
    /// Determines if the client's hello message is in the SSLv2 format.
    ///
    /// This can only be used inside of the client hello callback. Otherwise, `false` is returned.