Merge pull request #356 from erikjohnston/conninfo

Add support for SSL_CIPHER
author: Steven Fackler <[email protected]> 2016-03-01 09:20:36 -0800
committer: Steven Fackler <[email protected]> 2016-03-01 09:20:36 -0800
commit: 1f5800fe2cc0d7ec896114c3dd7dcc92b3445475 (patch)
tree: a8e0a17f50f51476645e90714e6cedb0e32a5930
parent: Merge pull request #355 from KalitaAlexey/master (diff)
parent: Make SSLCipher.bits() return a struct. (diff)
download: rust-openssl-1f5800fe2cc0d7ec896114c3dd7dcc92b3445475.tar.xz
rust-openssl-1f5800fe2cc0d7ec896114c3dd7dcc92b3445475.zip
2 files changed, 96 insertions, 0 deletions
diff --git a/openssl-sys/src/lib.rs b/openssl-sys/src/lib.rs
index eb2717f3..eaa2188f 100644
--- a/openssl-sys/src/lib.rs
+++ b/openssl-sys/src/lib.rs
@@ -24,6 +24,7 @@ pub type EVP_CIPHER_CTX = c_void;
 pub type EVP_MD = c_void;
 pub type EVP_PKEY_CTX = c_void;
 pub type SSL = c_void;
+pub type SSL_CIPHER = c_void;
 pub type SSL_CTX = c_void;
 pub type SSL_METHOD = c_void;
 pub type X509 = c_void;
@@ -642,6 +643,7 @@ extern "C" {
     pub fn SSL_get_current_compression(ssl: *mut SSL) -> *const COMP_METHOD;
     pub fn SSL_get_peer_certificate(ssl: *mut SSL) -> *mut X509;
     pub fn SSL_get_ssl_method(ssl: *mut SSL) -> *const SSL_METHOD;
+    pub fn SSL_get_version(ssl: *mut SSL) -> *const c_char;
     pub fn SSL_state_string(ssl: *mut SSL) -> *const c_char;
     pub fn SSL_state_string_long(ssl: *mut SSL) -> *const c_char;
 
@@ -649,6 +651,13 @@ extern "C" {
 
     pub fn SSL_COMP_get_name(comp: *const COMP_METHOD) -> *const c_char;
 
+    pub fn SSL_get_current_cipher(ssl: *const SSL) -> *const SSL_CIPHER;
+
+    pub fn SSL_CIPHER_get_name(cipher: *const SSL_CIPHER) -> *const c_char;
+    pub fn SSL_CIPHER_get_bits(cipher: *const SSL_CIPHER, alg_bits: *const c_int) -> c_int;
+    pub fn SSL_CIPHER_get_version(cipher: *const SSL_CIPHER) -> *const c_char;
+    pub fn SSL_CIPHER_description(cipher: *const SSL_CIPHER, buf: *mut c_char, size: c_int) -> *const c_char;
+
     pub fn SSL_CTX_new(method: *const SSL_METHOD) -> *mut SSL_CTX;
     pub fn SSL_CTX_free(ctx: *mut SSL_CTX);
     pub fn SSL_CTX_set_verify(ctx: *mut SSL_CTX, mode: c_int,
diff --git a/openssl/src/ssl/mod.rs b/openssl/src/ssl/mod.rs
index 8e6d061d..b4c73479 100644
--- a/openssl/src/ssl/mod.rs
+++ b/openssl/src/ssl/mod.rs
@@ -769,6 +769,71 @@ impl SslContext {
     }
 }
 
+
+pub struct CipherBits {
+    /// The number of secret bits used for the cipher.
+    pub secret: i32,
+    /// The number of bits processed by the chosen algorithm, if not None.
+    pub algorithm: Option<i32>,
+}
+
+
+pub struct SslCipher<'a> {
+    cipher: *const ffi::SSL_CIPHER,
+    ph: PhantomData<&'a ()>,
+}
+
+impl <'a> SslCipher<'a> {
+    /// Returns the name of cipher.
+    pub fn name(&self) -> &'static str {
+        let name = unsafe {
+            let ptr = ffi::SSL_CIPHER_get_name(self.cipher);
+            CStr::from_ptr(ptr as *const _)
+        };
+
+        str::from_utf8(name.to_bytes()).unwrap()
+    }
+
+    /// Returns the SSL/TLS protocol version that first defined the cipher.
+    pub fn version(&self) -> &'static str {
+        let version = unsafe {
+            let ptr = ffi::SSL_CIPHER_get_version(self.cipher);
+            CStr::from_ptr(ptr as *const _)
+        };
+
+        str::from_utf8(version.to_bytes()).unwrap()
+    }
+
+    /// Returns the number of bits used for the cipher.
+    pub fn bits(&self) -> CipherBits {
+        unsafe {
+            let algo_bits : *mut c_int = ptr::null_mut();
+            let secret_bits = ffi::SSL_CIPHER_get_bits(self.cipher, algo_bits);
+            if !algo_bits.is_null() {
+                CipherBits { secret: secret_bits, algorithm: Some(*algo_bits) }
+            } else {
+                CipherBits { secret: secret_bits, algorithm: None }
+            }
+        }
+    }
+
+    /// Returns a textual description of the cipher used
+    pub fn description(&self) -> Option<String> {
+        unsafe {
+            // SSL_CIPHER_description requires a buffer of at least 128 bytes.
+            let mut buf = [0i8; 128];
+            let desc_ptr = ffi::SSL_CIPHER_description(self.cipher, &mut buf[0], 128);
+
+            if !desc_ptr.is_null() {
+                String::from_utf8(CStr::from_ptr(desc_ptr).to_bytes().to_vec()).ok()
+            } else {
+                None
+            }
+        }
+    }
+}
+
+
 pub struct Ssl {
     ssl: *mut ffi::SSL,
 }
@@ -836,6 +901,18 @@ impl Ssl {
         }
     }
 
+    pub fn get_current_cipher<'a>(&'a self) -> Option<SslCipher<'a>> {
+        unsafe {
+            let ptr = ffi::SSL_get_current_cipher(self.ssl);
+
+            if ptr.is_null() {
+                None
+            } else {
+                Some(SslCipher{ cipher: ptr, ph: PhantomData })
+            }
+        }
+    }
+
     pub fn state_string(&self) -> &'static str {
         let state = unsafe {
             let ptr = ffi::SSL_state_string(self.ssl);
@@ -881,6 +958,16 @@ impl Ssl {
         }
     }
 
+    /// Returns the name of the protocol used for the connection, e.g. "TLSv1.2", "SSLv3", etc.
+    pub fn version(&self) -> &'static str {
+        let version = unsafe {
+             let ptr = ffi::SSL_get_version(self.ssl);
+             CStr::from_ptr(ptr as *const _)
+        };
+
+        str::from_utf8(version.to_bytes()).unwrap()
+    }
+
     /// Returns the protocol selected by performing Next Protocol Negotiation, if any.
     ///
     /// The protocol's name is returned is an opaque sequence of bytes. It is up to the client
author	Steven Fackler <[email protected]>	2016-03-01 09:20:36 -0800
committer	Steven Fackler <[email protected]>	2016-03-01 09:20:36 -0800
commit	1f5800fe2cc0d7ec896114c3dd7dcc92b3445475 (patch)
tree	a8e0a17f50f51476645e90714e6cedb0e32a5930
parent	Merge pull request #355 from KalitaAlexey/master (diff)
parent	Make SSLCipher.bits() return a struct. (diff)
download	rust-openssl-1f5800fe2cc0d7ec896114c3dd7dcc92b3445475.tar.xz rust-openssl-1f5800fe2cc0d7ec896114c3dd7dcc92b3445475.zip