Add SSL_version binding

openssl-sys/src/lib.rs

@@ -1307,6 +1307,11 @@ pub const SSL_SESS_CACHE_NO_INTERNAL_STORE: c_long = 0x200;
 pub const SSL_SESS_CACHE_NO_INTERNAL: c_long =
     SSL_SESS_CACHE_NO_INTERNAL_LOOKUP | SSL_SESS_CACHE_NO_INTERNAL_STORE;
 
+pub const SSL3_VERSION: c_int = 0x300;
+pub const TLS1_VERSION: c_int = 0x301;
+pub const TLS1_1_VERSION: c_int = 0x302;
+pub const TLS1_2_VERSION: c_int = 0x303;
+
 pub const TLSEXT_NAMETYPE_host_name: c_int = 0;
 
 pub const TLSEXT_STATUSTYPE_ocsp: c_int = 1;
@@ -2374,6 +2379,7 @@ extern "C" {
     pub fn SSL_get_peer_cert_chain(ssl: *const SSL) -> *mut stack_st_X509;
     pub fn SSL_get_ssl_method(ssl: *mut SSL) -> *const SSL_METHOD;
     pub fn SSL_get_version(ssl: *const SSL) -> *const c_char;
+    pub fn SSL_version(ssl: *const SSL) -> c_int;
     pub fn SSL_state_string(ssl: *const SSL) -> *const c_char;
     pub fn SSL_state_string_long(ssl: *const SSL) -> *const c_char;
     pub fn SSL_set_verify(

openssl-sys/src/ossl110.rs

@@ -44,6 +44,9 @@ pub const SSL_OP_SINGLE_ECDH_USE: c_ulong = 0x00000000;
 pub const SSL_OP_SINGLE_DH_USE: c_ulong = 0x00000000;
 pub const SSL_OP_NO_SSLv2: c_ulong = 0x00000000;
 
+#[cfg(ossl111)]
+pub const TLS1_3_VERSION: c_int = 0x304;
+
 pub const OPENSSL_VERSION: c_int = 0;
 pub const OPENSSL_CFLAGS: c_int = 1;
 pub const OPENSSL_BUILT_ON: c_int = 2;

openssl/src/ssl/mod.rs

@@ -518,6 +518,30 @@ impl AlpnError {
     pub const NOACK: AlpnError = AlpnError(ffi::SSL_TLSEXT_ERR_NOACK);
 }
 
+/// An SSL/TLS protocol version.
+#[derive(Debug, Copy, Clone)]
+pub struct SslVersion(c_int);
+
+impl SslVersion {
+    /// SSLv3
+    pub const SSL3: SslVersion = SslVersion(ffi::SSL3_VERSION);
+
+    /// TLSv1.0
+    pub const TLS1: SslVersion = SslVersion(ffi::TLS1_VERSION);
+
+    /// TLSv1.1
+    pub const TLS1_1: SslVersion = SslVersion(ffi::TLS1_1_VERSION);
+
+    /// TLSv1.2
+    pub const TLS1_2: SslVersion = SslVersion(ffi::TLS1_2_VERSION);
+
+    /// TLSv1.3
+    ///
+    /// Requires OpenSSL 1.1.1 and the corresponding Cargo feature.
+    #[cfg(all(feature = "v111", ossl111))]
+    pub const TLS1_3: SslVersion = SslVersion(ffi::TLS1_3_VERSION);
+}
+
 /// A standard implementation of protocol selection for Application Layer Protocol Negotiation
 /// (ALPN).
 ///
@@ -1906,12 +1930,21 @@ impl SslRef {
         }
     }
 
+    /// Returns the protocol version of the session.
+    ///
+    /// This corresponds to [`SSL_version`].
+    ///
+    /// [`SSL_version`]: https://www.openssl.org/docs/manmaster/man3/SSL_version.html
+    pub fn version2(&self) -> SslVersion {
+        unsafe { SslVersion(ffi::SSL_version(self.as_ptr())) }
+    }
+
     /// Returns a string describing the protocol version of the session.
     ///
     /// This corresponds to [`SSL_get_version`].
     ///
     /// [`SSL_get_version`]: https://www.openssl.org/docs/man1.1.0/ssl/SSL_get_version.html
-    pub fn version(&self) -> &'static str {
+    pub fn version_str(&self) -> &'static str {
         let version = unsafe {
             let ptr = ffi::SSL_get_version(self.as_ptr());
             CStr::from_ptr(ptr as *const _)
@@ -1920,6 +1953,11 @@ impl SslRef {
         str::from_utf8(version.to_bytes()).unwrap()
     }
 
+    #[deprecated(since = "0.10.4", note = "renamed to version_str")]
+    pub fn version(&self) -> &'static str {
+        self.version_str()
+    }
+
     /// Returns the protocol selected via Application Layer Protocol Negotiation (ALPN).
     ///
     /// The protocol's name is returned is an opaque sequence of bytes. It is up to the client
@@ -1953,7 +1991,7 @@ impl SslRef {
     /// If this is greater than 0, the next call to `read` will not call down to the underlying
     /// stream.
     ///
-    /// This corresponds to [`SSL_pending]`.
+    /// This corresponds to [`SSL_pending`].
     ///
     /// [`SSL_pending`]: https://www.openssl.org/docs/man1.1.0/ssl/SSL_pending.html
     pub fn pending(&self) -> usize {