New method get_ems_support that returns whether the current session u…

…sed extended master secret
nabla-c0d3 · Nov 8, 2024 · 77a3887 · 77a3887
1 parent fe914c0
commit 77a3887
Show file tree

Hide file tree

Showing 2 changed files with 17 additions and 0 deletions.
diff --git a/nassl/_nassl/nassl_SSL.c b/nassl/_nassl/nassl_SSL.c
@@ -304,6 +304,12 @@ static PyObject* nassl_SSL_set1_groups(nassl_SSL_Object *self, PyObject *args)
     PyMem_Free(listOfNids);
     Py_RETURN_NONE;
 }
+
+static PyObject *nassl_SSL_get_extms_support(nassl_SSL_Object *self)
+{
+    long returnValue = SSL_get_extms_support(self->ssl);
+    return Py_BuildValue("l", returnValue);
+}
 #endif
 
 static PyObject* nassl_SSL_shutdown(nassl_SSL_Object *self, PyObject *args)
@@ -1187,6 +1193,9 @@ static PyMethodDef nassl_SSL_Object_methods[] =
     {"set1_groups", (PyCFunction)nassl_SSL_set1_groups, METH_VARARGS,
     "OpenSSL's SSL_set1_groups()"
     },
+    {"get_extms_support", (PyCFunction)nassl_SSL_get_extms_support, METH_NOARGS,
+    "Returns whether the current session used extended master secret."
+    },
 #endif
     {"get_peer_cert_chain", (PyCFunction)nassl_SSL_get_peer_cert_chain, METH_NOARGS,
      "OpenSSL's SSL_get_peer_cert_chain(). Returns an array of _nassl.X509 objects."

diff --git a/nassl/ssl_client.py b/nassl/ssl_client.py
@@ -409,6 +409,14 @@ def get_received_chain(self) -> List[str]:
         """
         return [x509.as_pem() for x509 in self._ssl.get_peer_cert_chain()]
 
+    def get_ems_support(self) -> Optional[bool]:
+        support = self._ssl.get_extms_support()
+        if support == 1:
+            return True
+        if support == 0:
+            return False
+        return None
+
 
 class OpenSslEarlyDataStatusEnum(IntEnum):
     """Early data status constants."""