From 333bb3696e565ef6c5921a4956262ff497780bf0 Mon Sep 17 00:00:00 2001
From: Kazuki Yamaguchi <k@rhe.jp>
Date: Wed, 5 Jul 2017 22:26:00 +0900
Subject: ssl: return nil in SSL::SSLSocket#cipher if session is not started

SSL_get_current_cipher() returns NULL if no session is established yet.
Return nil in that case rather than an useless value like
["(NONE)", "(NONE)", 0, 32722].

Also, keep the constness of the SSL_CIPHER.
---
 ext/openssl/ossl_ssl.c | 19 +++++++++----------
 1 file changed, 9 insertions(+), 10 deletions(-)

(limited to 'ext/openssl')

diff --git a/ext/openssl/ossl_ssl.c b/ext/openssl/ossl_ssl.c
index b8367c84..51418410 100644
--- a/ext/openssl/ossl_ssl.c
+++ b/ext/openssl/ossl_ssl.c
@@ -1997,22 +1997,21 @@ ossl_ssl_get_version(VALUE self)
 }
 
 /*
-* call-seq:
-*    ssl.cipher => [name, version, bits, alg_bits]
-*
-* The cipher being used for the current connection
-*/
+ * call-seq:
+ *    ssl.cipher -> nil or [name, version, bits, alg_bits]
+ *
+ * Returns the cipher suite actually used in the current session, or nil if
+ * no session has been established.
+ */
 static VALUE
 ossl_ssl_get_cipher(VALUE self)
 {
     SSL *ssl;
-    SSL_CIPHER *cipher;
+    const SSL_CIPHER *cipher;
 
     GetSSL(self, ssl);
-
-    cipher = (SSL_CIPHER *)SSL_get_current_cipher(ssl);
-
-    return ossl_ssl_cipher_to_ary(cipher);
+    cipher = SSL_get_current_cipher(ssl);
+    return cipher ? ossl_ssl_cipher_to_ary(cipher) : Qnil;
 }
 
 /*
-- 
cgit v1.2.3