From 04cbf049c06fbc9b244bdbe22f244c0bc6e9c8b0 Mon Sep 17 00:00:00 2001
From: Erik Johnston <erikj@jki.re>
Date: Thu, 18 Feb 2016 20:47:42 +0000
Subject: [PATCH] Add SSL_get_version

---
 openssl-sys/src/lib.rs |  3 +--
 openssl/src/ssl/mod.rs | 53 +++++++++++++++++++++++++++++++++---------
 2 files changed, 43 insertions(+), 13 deletions(-)

diff --git a/openssl-sys/src/lib.rs b/openssl-sys/src/lib.rs
index 5b57606f6..eaa2188f8 100644
--- a/openssl-sys/src/lib.rs
+++ b/openssl-sys/src/lib.rs
@@ -643,6 +643,7 @@ extern "C" {
     pub fn SSL_get_current_compression(ssl: *mut SSL) -> *const COMP_METHOD;
     pub fn SSL_get_peer_certificate(ssl: *mut SSL) -> *mut X509;
     pub fn SSL_get_ssl_method(ssl: *mut SSL) -> *const SSL_METHOD;
+    pub fn SSL_get_version(ssl: *mut SSL) -> *const c_char;
     pub fn SSL_state_string(ssl: *mut SSL) -> *const c_char;
     pub fn SSL_state_string_long(ssl: *mut SSL) -> *const c_char;
 
@@ -656,8 +657,6 @@ extern "C" {
     pub fn SSL_CIPHER_get_bits(cipher: *const SSL_CIPHER, alg_bits: *const c_int) -> c_int;
     pub fn SSL_CIPHER_get_version(cipher: *const SSL_CIPHER) -> *const c_char;
     pub fn SSL_CIPHER_description(cipher: *const SSL_CIPHER, buf: *mut c_char, size: c_int) -> *const c_char;
-    pub fn SSL_CIPHER_get_cipher_nid(cipher: *const SSL_CIPHER) -> c_int;
-    pub fn SSL_CIPHER_get_digest_nid(cipher: *const SSL_CIPHER) -> c_int;
 
     pub fn SSL_CTX_new(method: *const SSL_METHOD) -> *mut SSL_CTX;
     pub fn SSL_CTX_free(ctx: *mut SSL_CTX);
diff --git a/openssl/src/ssl/mod.rs b/openssl/src/ssl/mod.rs
index f5605b608..039a0514c 100644
--- a/openssl/src/ssl/mod.rs
+++ b/openssl/src/ssl/mod.rs
@@ -769,11 +769,13 @@ impl SslContext {
     }
 }
 
-pub struct SslCipher {
+pub struct SslCipher<'a> {
     cipher: *const ffi::SSL_CIPHER,
+    ph: PhantomData<&'a ()>,
 }
 
-impl SslCipher {
+impl <'a> SslCipher<'a> {
+    /// Returns the name of cipher.
     pub fn name(&self) -> &'static str {
         let name = unsafe {
             let ptr = ffi::SSL_CIPHER_get_name(self.cipher);
@@ -783,6 +785,7 @@ impl SslCipher {
         str::from_utf8(name.to_bytes()).unwrap()
     }
 
+    /// Returns the SSL/TLS protocol version that first defined the cipher.
     pub fn version(&self) -> &'static str {
         let version = unsafe {
             let ptr = ffi::SSL_CIPHER_get_version(self.cipher);
@@ -792,18 +795,36 @@ impl SslCipher {
         str::from_utf8(version.to_bytes()).unwrap()
     }
 
-    pub fn bits(&self) -> (i32, i32) {
+    /// Returns the number of secret bits used for the cipher.
+    ///
+    /// The first element is the number of secret bits used for the cipher.
+    ///
+    /// The second element, if not None, is the number of bits processed by
+    /// the chosen algorithm,
+    pub fn bits(&self) -> (i32, Option<i32>) {
         unsafe {
-            let mut algo_bits : c_int = 0;
-            let actual_bits = ffi::SSL_CIPHER_get_bits(self.cipher, &mut algo_bits);
-            (actual_bits, algo_bits)
+            let algo_bits : *mut c_int = ptr::null_mut();
+            let actual_bits = ffi::SSL_CIPHER_get_bits(self.cipher, algo_bits);
+            if !algo_bits.is_null() {
+                (actual_bits, Some(*algo_bits))
+            } else {
+                (actual_bits, None)
+            }
         }
     }
 
-    pub fn description(&self) -> String {
+    /// Returns a textual description of the cipher used
+    pub fn description(&self) -> Option<String> {
         unsafe {
-            let desc_ptr = ffi::SSL_CIPHER_description(self.cipher, ptr::null_mut(), 0);
-            String::from_utf8(CStr::from_ptr(desc_ptr).to_bytes().to_vec()).unwrap()
+            // SSL_CIPHER_description requires a buffer of at least 128 bytes.
+            let mut buf = [0i8; 128];
+            let desc_ptr = ffi::SSL_CIPHER_description(self.cipher, &mut buf[0], 128);
+
+            if !desc_ptr.is_null() {
+                String::from_utf8(CStr::from_ptr(desc_ptr).to_bytes().to_vec()).ok()
+            } else {
+                None
+            }
         }
     }
 }
@@ -876,14 +897,14 @@ impl Ssl {
         }
     }
 
-    pub fn get_current_cipher(&self) -> Option<SslCipher> {
+    pub fn get_current_cipher<'a>(&'a self) -> Option<SslCipher<'a>> {
         unsafe {
             let ptr = ffi::SSL_get_current_cipher(self.ssl);
 
             if ptr.is_null() {
                 None
             } else {
-                Some(SslCipher{ cipher: ptr })
+                Some(SslCipher{ cipher: ptr, ph: PhantomData })
             }
         }
     }
@@ -933,6 +954,16 @@ impl Ssl {
         }
     }
 
+    /// Returns the name of the protocol used for the connection, e.g. "TLSv1.2", "SSLv3", etc.
+    pub fn version(&self) -> &'static str {
+        let version = unsafe {
+             let ptr = ffi::SSL_get_version(self.ssl);
+             CStr::from_ptr(ptr as *const _)
+        };
+
+        str::from_utf8(version.to_bytes()).unwrap()
+    }
+
     /// Returns the protocol selected by performing Next Protocol Negotiation, if any.
     ///
     /// The protocol's name is returned is an opaque sequence of bytes. It is up to the client
-- 
GitLab