Add SSL_get_tlsext_status_type() method

The tlsext_status_type field in SSL is used by e.g. OpenResty to determine
if the client requested the certificate status, but SSL is now opaque.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>

3 files changed, 9 insertions, 0 deletions

diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h
index 9989b7eed2..2c897c40c8 100644
--- a/include/openssl/ssl.h
+++ b/include/openssl/ssl.h
@@ -1133,6 +1133,7 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
 # define SSL_CTRL_SET_MAX_PROTO_VERSION          124
 # define SSL_CTRL_SET_SPLIT_SEND_FRAGMENT        125
 # define SSL_CTRL_SET_MAX_PIPELINES              126
+# define SSL_CTRL_GET_TLSEXT_STATUS_REQ_TYPE     127
 # define SSL_CERT_SET_FIRST                      1
 # define SSL_CERT_SET_NEXT                       2
 # define SSL_CERT_SET_SERVER                     3
diff --git a/include/openssl/tls1.h b/include/openssl/tls1.h
index 0537828afa..25a9b36f9a 100644
--- a/include/openssl/tls1.h
+++ b/include/openssl/tls1.h
@@ -252,6 +252,9 @@ SSL_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_DEBUG_CB,(void (*)(void))cb)
 # define SSL_set_tlsext_debug_arg(ssl, arg) \
 SSL_ctrl(ssl,SSL_CTRL_SET_TLSEXT_DEBUG_ARG,0, (void *)arg)
 
+# define SSL_get_tlsext_status_type(ssl, arg) \
+SSL_ctrl(ssl,SSL_CTRL_GET_TLSEXT_STATUS_REQ_TYPE,0, (void *)arg)
+
 # define SSL_set_tlsext_status_type(ssl, type) \
 SSL_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE,type, NULL)
 
diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
index de7f1c08f2..025c003b3e 100644
--- a/ssl/s3_lib.c
+++ b/ssl/s3_lib.c
@@ -2971,6 +2971,11 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
         ret = 1;
         break;
 
+    case SSL_CTRL_GET_TLSEXT_STATUS_REQ_TYPE:
+        *(int *)parg = s->tlsext_status_type;
+        ret = 1;
+        break;
+
     case SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE:
         s->tlsext_status_type = larg;
         ret = 1;