ruby · ioquatix · Oct 7, 2019 · Jun 25, 2019 · Jun 25, 2019 · Oct 7, 2019
diff --git a/ext/openssl/ossl_ssl.c b/ext/openssl/ossl_ssl.c
@@ -2295,6 +2295,56 @@ ossl_ssl_get_verify_result(VALUE self)
     return INT2NUM(SSL_get_verify_result(ssl));
 }
 
+/*
+ * call-seq:
+ *    ssl.finished_message => "finished message"
+ *
+ * Returns the last *Finished* message sent
+ *
+ */
+static VALUE
+ossl_ssl_get_finished(VALUE self)
+{
+    SSL *ssl;
+
+    GetSSL(self, ssl);
+
+    char sizer[0];
+    size_t len = SSL_get_finished(ssl, sizer, 0);
+    if(len == 0)
+      return Qnil;
+
+    char* buf = ALLOCA_N(char, len+1);
+          buf[len] = 0;
+    SSL_get_finished(ssl, buf, len);
+    return rb_str_new_cstr(buf);
+}
+
+/*
+ * call-seq:
+ *    ssl.peer_finished_message => "peer finished message"
+ *
+ * Returns the last *Finished* message received
+ *
+ */
+static VALUE
+ossl_ssl_get_peer_finished(VALUE self)
+{
+    SSL *ssl;
+
+    GetSSL(self, ssl);
+
+    char sizer[0];
+    size_t len = SSL_get_peer_finished(ssl, sizer, 0);
+    if(len == 0)
+      return Qnil;
+
+    char* buf = ALLOCA_N(char, len+1);
+          buf[len] = 0;
+    SSL_get_peer_finished(ssl, buf, len);
+    return rb_str_new_cstr(buf);
+}
+
 /*
  * call-seq:
  *    ssl.client_ca => [x509name, ...]
@@ -2813,6 +2863,8 @@ Init_ossl_ssl(void)
     rb_define_method(cSSLSocket, "client_ca", ossl_ssl_get_client_ca_list, 0);
     /* #hostname is defined in lib/openssl/ssl.rb */
     rb_define_method(cSSLSocket, "hostname=", ossl_ssl_set_hostname, 1);
+    rb_define_method(cSSLSocket, "finished_message", ossl_ssl_get_finished, 0);
+    rb_define_method(cSSLSocket, "peer_finished_message", ossl_ssl_get_peer_finished, 0);
 # ifdef HAVE_SSL_GET_SERVER_TMP_KEY
     rb_define_method(cSSLSocket, "tmp_key", ossl_ssl_tmp_key, 0);
 # endif

diff --git a/test/test_ssl.rb b/test/test_ssl.rb
@@ -424,6 +424,23 @@ def test_exception_in_verify_callback_is_ignored
     }
   end
 
+  def test_finished_messages
+    server_finished = nil
+    server_peer_finished = nil
+
+    start_server(accept_proc: proc { |server|
+      server_finished = server.finished_message
+      server_peer_finished = server.peer_finished_message
+    }){ |port, server|
+      ctx = OpenSSL::SSL::SSLContext.new
+      ctx.verify_mode = OpenSSL::SSL::VERIFY_NONE
+      server_connect(port, ctx) { |ssl|
+        assert_equal(server_finished, ssl.peer_finished_message)
+        assert_equal(server_peer_finished, ssl.finished_message)
+      }
+    }
+  end
+
   def test_sslctx_set_params
     ctx = OpenSSL::SSL::SSLContext.new
     ctx.set_params

diff --git a/test/utils.rb b/test/utils.rb
@@ -198,6 +198,7 @@ def readwrite_loop(ctx, ssl)
 
   def start_server(verify_mode: OpenSSL::SSL::VERIFY_NONE, start_immediately: true,
                    ctx_proc: nil, server_proc: method(:readwrite_loop),
+                   accept_proc: proc{},
                    ignore_listener_error: false, &block)
     IO.pipe {|stop_pipe_r, stop_pipe_w|
       store = OpenSSL::X509::Store.new
@@ -231,6 +232,7 @@ def start_server(verify_mode: OpenSSL::SSL::VERIFY_NONE, start_immediately: true
                 readable, = IO.select([ssls, stop_pipe_r])
                 break if readable.include? stop_pipe_r
                 ssl = ssls.accept
+                accept_proc.call(ssl)
               rescue OpenSSL::SSL::SSLError, IOError, Errno::EBADF, Errno::EINVAL,
                      Errno::ECONNABORTED, Errno::ENOTSOCK, Errno::ECONNRESET
                 retry if ignore_listener_error