commit 5747b93d4c6eee7551fcff5e879c3e281f052036
author Fedor Brunner <fedor.brunner@azet.sk> Wed Mar 05 14:22:34 2014 +0100
committer Fedor Brunner <fedor.brunner@azet.sk> Wed Mar 05 14:23:29 2014 +0100
tree b7f3c504bb9ec96ad83921ee617e9689b7bbb7a2
parent bc87f85db60a9d2b712ab83147b40ea41e17f96a

Interface for the SSL_get_peer_finished, SSL_get_finished.

OpenSSL/SSL.py

diff --git a/OpenSSL/SSL.py b/OpenSSL/SSL.py
index 67e4c82..e4d2d3b 100644
--- a/OpenSSL/SSL.py
+++ b/OpenSSL/SSL.py
@@ -1417,6 +1417,38 @@
         if not result:
             _raise_current_error()
 
+    def get_finished(self):
+        """
+        Obtain latest Finished message that we sent.
+
+        :return: A string representing the Finished message
+        """
+        # The size of Finished message is 12 bytes in TLS,
+        # 36 bytes in SSL protocol, but let's be safe with
+        # 128 bytes buffer
+        bufsiz = 128
+        buf = _ffi.new("char[]", bufsiz)
+        result = _lib.SSL_get_finished(self._ssl, buf, bufsiz)
+        if result == 0:
+            return None # no Finished so far
+        else:
+            return _ffi.buffer(buf, result)[:]
+
+    def get_peer_finished(self):
+        """
+        Obtain latest Finished message that we expected from peer.
+
+        :return: A string representing the Finished message
+        """
+        # Same buffer size as in get_finished
+        bufsiz = 128
+        buf = _ffi.new("char[]", bufsiz)
+        result = _lib.SSL_get_peer_finished(self._ssl, buf, bufsiz)
+        if result == 0:
+            return None # no Finished so far
+        else:
+            return _ffi.buffer(buf, result)[:]
+
 ConnectionType = Connection
 
 # This is similar to the initialization calls at the end of OpenSSL/crypto.py

OpenSSL/test/test_ssl.py

diff --git a/OpenSSL/test/test_ssl.py b/OpenSSL/test/test_ssl.py
index a6f0127..8861972 100644
--- a/OpenSSL/test/test_ssl.py
+++ b/OpenSSL/test/test_ssl.py
@@ -1932,7 +1932,27 @@
 
     # XXX want_read
 
+    def test_finished(self):
+        """
+        :py:obj:`Connection.get_finished` and :py:obj:`Connection.get_peer_finished`
+        methods return the TLS Finished messages. Finished messages are send
+        during TLS handshake. Before handshake :py:obj:`Connection.get_finished` and
+        :py:obj:`Connection.get_peer_finished` return None.
+        """
 
+        ctx = Context(TLSv1_METHOD)
+        connection = Connection(ctx, None)
+        self.assertEqual(connection.get_finished(), None)
+        self.assertEqual(connection.get_peer_finished(), None)
+
+        server, client = self._loopback()
+
+        self.assertNotEqual(server.get_finished(), None)
+        self.assertTrue(len(server.get_finished()) > 0)
+        self.assertTrue(len(server.get_peer_finished()) > 0)
+
+        self.assertEqual(server.get_finished(), client.get_peer_finished())
+        self.assertEqual(client.get_finished(), server.get_peer_finished())
 
 class ConnectionGetCipherListTests(TestCase):
     """