merge master
diff --git a/ChangeLog b/ChangeLog
index 2451dfd..b0fd98a 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,8 @@
+2014-03-29 fedor-brunner
+
+ * OpenSSL/SSL.py: Add ``get_cipher_name``, ``get_cipher_bits``,
+ and ``get_cipher_version`` to ``Connection``.
+
2014-03-28 Jean-Paul Calderone <exarkun@twistedmatrix.com>
* OpenSSL/tsafe.py: Replace the use of ``apply`` (which has been
diff --git a/OpenSSL/SSL.py b/OpenSSL/SSL.py
index fcc7da4..d3572dd 100644
--- a/OpenSSL/SSL.py
+++ b/OpenSSL/SSL.py
@@ -1420,6 +1420,53 @@
if not result:
_raise_current_error()
+
+ def get_cipher_name(self):
+ """
+ Obtain the name of the currently used cipher.
+
+ :returns: The name of the currently used cipher or :py:obj:`None`
+ if no connection has been established.
+ :rtype: :py:class:`str` or :py:class:`NoneType`
+ """
+ cipher = _lib.SSL_get_current_cipher(self._ssl)
+ if cipher == _ffi.NULL:
+ return None
+ else:
+ return _native(_ffi.string(_lib.SSL_CIPHER_get_name(cipher)))
+
+
+ def get_cipher_bits(self):
+ """
+ Obtain the number of secret bits of the currently used cipher.
+
+ :returns: The number of secret bits of the currently used cipher
+ or :py:obj:`None` if no connection has been established.
+ :rtype: :py:class:`int` or :py:class:`NoneType`
+ """
+ cipher = _lib.SSL_get_current_cipher(self._ssl)
+ if cipher == _ffi.NULL:
+ return None
+ else:
+ return _lib.SSL_CIPHER_get_bits(cipher, _ffi.NULL)
+
+
+ def get_cipher_version(self):
+ """
+ Obtain the protocol version of the currently used cipher.
+
+ :returns: The protocol name of the currently used cipher
+ or :py:obj:`None` if no connection has been established.
+ :rtype: :py:class:`str` or :py:class:`NoneType`
+ """
+ cipher = _lib.SSL_get_current_cipher(self._ssl)
+ if cipher == _ffi.NULL:
+ return None
+ else:
+ return _native(_ffi.string(_lib.SSL_CIPHER_get_version(cipher)))
+
+
+
ConnectionType = Connection
# This is similar to the initialization calls at the end of OpenSSL/crypto.py
diff --git a/OpenSSL/test/test_ssl.py b/OpenSSL/test/test_ssl.py
index a6f0127..1f9f5c4 100644
--- a/OpenSSL/test/test_ssl.py
+++ b/OpenSSL/test/test_ssl.py
@@ -1932,6 +1932,80 @@
# XXX want_read
+ def test_get_cipher_name_before_connect(self):
+ """
+ :py:obj:`Connection.get_cipher_name` returns :py:obj:`None`
+ if no connection has been established.
+ """
+ ctx = Context(TLSv1_METHOD)
+ conn = Connection(ctx, None)
+ self.assertTrue(conn.get_cipher_name() is None)
+
+
+ def test_get_cipher_name(self):
+ """
+ :py:obj:`Connection.get_cipher_name` returns the name of the currently
+ used cipher.
+ """
+ server, client = self._loopback()
+ server_cipher_name, client_cipher_name = \
+ server.get_cipher_name(), client.get_cipher_name()
+
+ self.assertIsInstance(server_cipher_name, str)
+ self.assertIsInstance(client_cipher_name, str)
+
+ self.assertEqual(server_cipher_name, client_cipher_name)
+
+
+ def test_get_cipher_version_before_connect(self):
+ """
+ :py:obj:`Connection.get_cipher_version` returns :py:obj:`None`
+ if no connection has been established.
+ """
+ ctx = Context(TLSv1_METHOD)
+ conn = Connection(ctx, None)
+ self.assertTrue(conn.get_cipher_version() is None)
+
+
+ def test_get_cipher_version(self):
+ """
+ :py:obj:`Connection.get_cipher_version` returns the protocol name of the currently
+ used cipher.
+ """
+ server, client = self._loopback()
+ server_cipher_version, client_cipher_version = \
+ server.get_cipher_version(), client.get_cipher_version()
+
+ self.assertIsInstance(server_cipher_version, str)
+ self.assertIsInstance(client_cipher_version, str)
+
+ self.assertEqual(server_cipher_version, client_cipher_version)
+
+
+ def test_get_cipher_bits_before_connect(self):
+ """
+ :py:obj:`Connection.get_cipher_bits` returns :py:obj:`None`
+ if no connection has been established.
+ """
+ ctx = Context(TLSv1_METHOD)
+ conn = Connection(ctx, None)
+ self.assertTrue(conn.get_cipher_bits() is None)
+
+
+ def test_get_cipher_bits(self):
+ """
+ :py:obj:`Connection.get_cipher_bits` returns the number of secret bits of the currently
+ used cipher.
+ """
+ server, client = self._loopback()
+ server_cipher_bits, client_cipher_bits = \
+ server.get_cipher_bits(), client.get_cipher_bits()
+
+ self.assertIsInstance(server_cipher_bits, int)
+ self.assertIsInstance(client_cipher_bits, int)
+
+ self.assertEqual(server_cipher_bits, client_cipher_bits)
+
class ConnectionGetCipherListTests(TestCase):
diff --git a/doc/api/ssl.rst b/doc/api/ssl.rst
index da7cfb7..1fed8d3 100644
--- a/doc/api/ssl.rst
+++ b/doc/api/ssl.rst
@@ -759,6 +759,23 @@
.. versionadded:: 0.14
+.. py:method:: Connection.get_cipher_name()
+
+ Obtain the name of the currently used cipher.
+
+ .. versionadded:: 0.15
+
+.. py:method:: Connection.get_cipher_bits()
+
+ Obtain the number of secret bits of the currently used cipher.
+
+ .. versionadded:: 0.15
+
+.. py:method:: Connection.get_cipher_version()
+
+ Obtain the protocol name of the currently used cipher.
+
+ .. versionadded:: 0.15
.. Rubric:: Footnotes
diff --git a/setup.py b/setup.py
index 058ad7b..3e7605d 100755
--- a/setup.py
+++ b/setup.py
@@ -34,7 +34,7 @@
maintainer_email = 'exarkun@twistedmatrix.com',
url = 'https://github.com/pyca/pyopenssl',
license = 'APL2',
- install_requires=["cryptography>=0.2.1", "six>=1.5.2"],
+ install_requires=["cryptography>=0.2.2", "six>=1.5.2"],
long_description = """\
High-level wrapper around a subset of the OpenSSL library, includes
* SSL.Connection objects, wrapping the methods of Python's portable