GH1446: Add SSL_SESSION_get0_cipher

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1451)

4 files changed, 49 insertions, 0 deletions

diff --git a/doc/ssl/SSL_SESSION_get0_cipher.pod b/doc/ssl/SSL_SESSION_get0_cipher.pod
new file mode 100644
index 0000000000..fdd36edc0c
--- /dev/null
+++ b/doc/ssl/SSL_SESSION_get0_cipher.pod
@@ -0,0 +1,42 @@
+=pod
+
+=head1 NAME
+
+SSL_SESSION_get0_cipher - retrieve the SSL cipher associated with a session
+
+=head1 SYNOPSIS
+
+ #include <openssl/ssl.h>
+
+ const SSL_CIPHER *SSL_SESSION_get0_cipher(const SSL_SESSSION *s);
+
+=head1 DESCRIPTION
+
+SSL_SESSION_get0_cipher() retrieves the cipher that was used by the
+connection when the session was created, or NULL if it cannot be determined.
+
+The value returned is a pointer to an object maintained within B<s> and
+should not be released.
+
+=head1 SEE ALSO
+
+L<ssl(3)>,
+L<d2i_SSL_SESSION(3)>,
+L<SSL_SESSION_get_time(3)>,
+L<SSL_SESSION_get0_hostname(3)>,
+L<SSL_SESSION_free(3)>
+
+=head1 HISTORY
+
+SSL_SESSION_get0_cipher() was first added to OpenSSL 1.1.0
+
+=head1 COPYRIGHT
+
+Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h
index e58ad30099..014570733d 100644
--- a/include/openssl/ssl.h
+++ b/include/openssl/ssl.h
@@ -1395,6 +1395,7 @@ __owur long SSL_SESSION_get_timeout(const SSL_SESSION *s);
 __owur long SSL_SESSION_set_timeout(SSL_SESSION *s, long t);
 __owur int SSL_SESSION_get_protocol_version(const SSL_SESSION *s);
 __owur const char *SSL_SESSION_get0_hostname(const SSL_SESSION *s);
+__owur const SSL_CIPHER *SSL_SESSION_get0_cipher(const SSL_SESSION *s);
 __owur int SSL_SESSION_has_ticket(const SSL_SESSION *s);
 __owur unsigned long SSL_SESSION_get_ticket_lifetime_hint(const SSL_SESSION *s);
 void SSL_SESSION_get0_ticket(const SSL_SESSION *s, unsigned char **tick,
diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c
index 44bc8a377b..4a58fa52df 100644
--- a/ssl/ssl_sess.c
+++ b/ssl/ssl_sess.c
@@ -827,6 +827,11 @@ int SSL_SESSION_get_protocol_version(const SSL_SESSION *s)
     return s->ssl_version;
 }
 
+const SSL_CIPHER *SSL_SESSION_get0_cipher(const SSL_SESSION *s)
+{
+    return s->cipher;
+}
+
 const char *SSL_SESSION_get0_hostname(const SSL_SESSION *s)
 {
     return s->tlsext_hostname;
diff --git a/util/libssl.num b/util/libssl.num
index a285dcffbb..02dfacef56 100644
--- a/util/libssl.num
+++ b/util/libssl.num
@@ -400,3 +400,4 @@ SSL_CTX_dane_set_flags                  400	1_1_0	EXIST::FUNCTION:
 SSL_dane_set_flags                      401	1_1_0	EXIST::FUNCTION:
 SSL_CTX_dane_clear_flags                402	1_1_0	EXIST::FUNCTION:
 SSL_dane_clear_flags                    403	1_1_0	EXIST::FUNCTION:
+SSL_SESSION_get0_cipher                 404	1_1_0	EXIST::FUNCTION: