From 88a7032f4b78895eaeeb72d3837dd698e571e882 Mon Sep 17 00:00:00 2001
From: Steven Fackler <sfackler@gmail.com>
Date: Wed, 4 Jan 2017 20:59:46 -0800
Subject: Types and accessor for SslSession

---
 openssl/src/ssl/mod.rs | 7 +++++++
 1 file changed, 7 insertions(+)

(limited to 'openssl/src')

diff --git a/openssl/src/ssl/mod.rs b/openssl/src/ssl/mod.rs
index 3eead8f2..d1ed55fe 100644
--- a/openssl/src/ssl/mod.rs
+++ b/openssl/src/ssl/mod.rs
@@ -1334,6 +1334,11 @@ impl SslRef {
     pub fn verify_result(&self) -> Option<X509VerifyError> {
         unsafe { X509VerifyError::from_raw(ffi::SSL_get_verify_result(self.as_ptr())) }
     }
+
+    /// Returns the SSL session.
+    pub fn session(&self) -> &SslSessionRef {
+        unsafe { SslSessionRef::from_ptr(ffi::SSL_get_session(self.as_ptr())) }
+    }
 }
 
 unsafe impl Sync for Ssl {}
@@ -1345,6 +1350,8 @@ impl fmt::Debug for Ssl {
     }
 }
 
+type_!(SslSession, SslSessionRef, ffi::SSL_SESSION, ffi::SSL_SESSION_free);
+
 impl Ssl {
     pub fn new(ctx: &SslContext) -> Result<Ssl, ErrorStack> {
         unsafe {
-- 
cgit v1.2.3


From 5d53405597f2e8dc3a6543e8c4a56705b0ecd47a Mon Sep 17 00:00:00 2001
From: Steven Fackler <sfackler@gmail.com>
Date: Wed, 4 Jan 2017 21:07:51 -0800
Subject: Provide access to the session ID

---
 openssl/src/ssl/mod.rs | 15 +++++++++++++--
 1 file changed, 13 insertions(+), 2 deletions(-)

(limited to 'openssl/src')

diff --git a/openssl/src/ssl/mod.rs b/openssl/src/ssl/mod.rs
index d1ed55fe..3949210d 100644
--- a/openssl/src/ssl/mod.rs
+++ b/openssl/src/ssl/mod.rs
@@ -1029,6 +1029,19 @@ impl SslCipherRef {
     }
 }
 
+type_!(SslSession, SslSessionRef, ffi::SSL_SESSION, ffi::SSL_SESSION_free);
+
+impl SslSessionRef {
+    /// Returns the SSL session ID.
+    pub fn id(&self) -> &[u8] {
+        unsafe {
+            let mut len = 0;
+            let p = ffi::SSL_SESSION_get_id(self.as_ptr(), &mut len);
+            slice::from_raw_parts(p as *const u8, len as usize)
+        }
+    }
+}
+
 type_!(Ssl, SslRef, ffi::SSL, ffi::SSL_free);
 
 impl fmt::Debug for SslRef {
@@ -1350,8 +1363,6 @@ impl fmt::Debug for Ssl {
     }
 }
 
-type_!(SslSession, SslSessionRef, ffi::SSL_SESSION, ffi::SSL_SESSION_free);
-
 impl Ssl {
     pub fn new(ctx: &SslContext) -> Result<Ssl, ErrorStack> {
         unsafe {
-- 
cgit v1.2.3


From 0b1bfee46d6c986d6cb073c922045ae98b598900 Mon Sep 17 00:00:00 2001
From: Steven Fackler <sfackler@gmail.com>
Date: Wed, 4 Jan 2017 21:15:09 -0800
Subject: session is nullable

---
 openssl/src/ssl/mod.rs | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

(limited to 'openssl/src')

diff --git a/openssl/src/ssl/mod.rs b/openssl/src/ssl/mod.rs
index 3949210d..ce9d65ef 100644
--- a/openssl/src/ssl/mod.rs
+++ b/openssl/src/ssl/mod.rs
@@ -1349,8 +1349,15 @@ impl SslRef {
     }
 
     /// Returns the SSL session.
-    pub fn session(&self) -> &SslSessionRef {
-        unsafe { SslSessionRef::from_ptr(ffi::SSL_get_session(self.as_ptr())) }
+    pub fn session(&self) -> Option<&SslSessionRef> {
+        unsafe {
+            let p = ffi::SSL_get_session(self.as_ptr());
+            if p.is_null() {
+                None
+            } else {
+                Some(SslSessionRef::from_ptr(p))
+            }
+        }
     }
 }
 
-- 
cgit v1.2.3


From a2c118bf82ac4fbb13d5dd32b931490862ccd930 Mon Sep 17 00:00:00 2001
From: Steven Fackler <sfackler@gmail.com>
Date: Wed, 4 Jan 2017 21:18:13 -0800
Subject: Add basic session tests

---
 openssl/src/ssl/tests/mod.rs | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

(limited to 'openssl/src')

diff --git a/openssl/src/ssl/tests/mod.rs b/openssl/src/ssl/tests/mod.rs
index e685d658..744b2688 100644
--- a/openssl/src/ssl/tests/mod.rs
+++ b/openssl/src/ssl/tests/mod.rs
@@ -1372,6 +1372,22 @@ fn tmp_ecdh_callback_ssl() {
     assert!(CALLED_BACK.load(Ordering::SeqCst));
 }
 
+#[test]
+fn idle_session() {
+    let ctx = SslContext::builder(SslMethod::tls()).unwrap().build();
+    let ssl = Ssl::new(&ctx).unwrap();
+    assert!(ssl.session().is_none());
+}
+
+#[test]
+fn active_session() {
+    let connector = SslConnectorBuilder::new(SslMethod::tls()).unwrap().build();
+
+    let s = TcpStream::connect("google.com:443").unwrap();
+    let socket = connector.connect("google.com", s).unwrap();
+    assert!(socket.ssl().session().is_some());
+}
+
 fn _check_kinds() {
     fn is_send<T: Send>() {}
     fn is_sync<T: Sync>() {}
-- 
cgit v1.2.3


From 404e0341d82d5aab58daaa48b864eaf1a281d101 Mon Sep 17 00:00:00 2001
From: Steven Fackler <sfackler@gmail.com>
Date: Wed, 4 Jan 2017 21:33:47 -0800
Subject: Provide master key access

---
 openssl/src/ssl/mod.rs       | 28 +++++++++++++++++++++++++++-
 openssl/src/ssl/tests/mod.rs | 10 +++++++++-
 2 files changed, 36 insertions(+), 2 deletions(-)

(limited to 'openssl/src')

diff --git a/openssl/src/ssl/mod.rs b/openssl/src/ssl/mod.rs
index ce9d65ef..6d49f2b1 100644
--- a/openssl/src/ssl/mod.rs
+++ b/openssl/src/ssl/mod.rs
@@ -1040,6 +1040,18 @@ impl SslSessionRef {
             slice::from_raw_parts(p as *const u8, len as usize)
         }
     }
+
+    /// Returns the length of the master key.
+    pub fn master_key_len(&self) -> usize {
+        unsafe { compat::SSL_SESSION_get_master_key(self.as_ptr(), ptr::null_mut(), 0) }
+    }
+
+    /// Copies the master key into the provided buffer.
+    ///
+    /// Returns the number of bytes written.
+    pub fn master_key(&self, buf: &mut [u8]) -> usize {
+        unsafe { compat::SSL_SESSION_get_master_key(self.as_ptr(), buf.as_mut_ptr(), buf.len()) }
+    }
 }
 
 type_!(Ssl, SslRef, ffi::SSL, ffi::SSL_free);
@@ -1728,6 +1740,7 @@ mod compat {
 
     pub use ffi::{SSL_CTX_get_options, SSL_CTX_set_options};
     pub use ffi::{SSL_CTX_clear_options, SSL_CTX_up_ref};
+    pub use ffi::SSL_SESSION_get_master_key;
 
     pub unsafe fn get_new_idx(f: ffi::CRYPTO_EX_free) -> c_int {
         ffi::CRYPTO_get_ex_new_index(ffi::CRYPTO_EX_INDEX_SSL_CTX,
@@ -1762,7 +1775,7 @@ mod compat {
     use std::ptr;
 
     use ffi;
-    use libc::{self, c_long, c_ulong, c_int};
+    use libc::{self, c_long, c_ulong, c_int, size_t, c_uchar};
 
     pub unsafe fn SSL_CTX_get_options(ctx: *const ffi::SSL_CTX) -> c_ulong {
         ffi::SSL_CTX_ctrl(ctx as *mut _, ffi::SSL_CTRL_OPTIONS, 0, ptr::null_mut()) as c_ulong
@@ -1799,6 +1812,19 @@ mod compat {
         0
     }
 
+    pub unsafe fn SSL_SESSION_get_master_key(session: *const ffi::SSL_SESSION,
+                                             out: *mut c_uchar,
+                                             mut outlen: size_t) -> size_t {
+        if outlen == 0 {
+            return (*session).master_key_length as size_t;
+        }
+        if outlen > (*session).master_key_length as size_t {
+            outlen = (*session).master_key_length as size_t;
+        }
+        ptr::copy_nonoverlapping((*session).master_key.as_ptr(), out, outlen);
+        outlen
+    }
+
     pub fn tls_method() -> *const ffi::SSL_METHOD {
         unsafe { ffi::SSLv23_method() }
     }
diff --git a/openssl/src/ssl/tests/mod.rs b/openssl/src/ssl/tests/mod.rs
index 744b2688..14bb2f71 100644
--- a/openssl/src/ssl/tests/mod.rs
+++ b/openssl/src/ssl/tests/mod.rs
@@ -1385,7 +1385,15 @@ fn active_session() {
 
     let s = TcpStream::connect("google.com:443").unwrap();
     let socket = connector.connect("google.com", s).unwrap();
-    assert!(socket.ssl().session().is_some());
+    let session = socket.ssl().session().unwrap();
+    let len = session.master_key_len();
+    let mut buf = vec![0; len - 1];
+    let copied = session.master_key(&mut buf);
+    assert_eq!(copied, buf.len());
+    let mut buf = vec![0; len + 1];
+    let copied = session.master_key(&mut buf);
+    assert_eq!(copied, len);
+
 }
 
 fn _check_kinds() {
-- 
cgit v1.2.3