From 582a9918fcb68ddf32bfd7d79f91f2ed6520877a Mon Sep 17 00:00:00 2001
From: Piotr Smaron <piotr.smaron@scylladb.com>
Date: Fri, 21 Feb 2025 14:26:24 +0100
Subject: [PATCH] net: functions describing ssl connection

Needed in https://github.com/scylladb/scylladb/pull/22961

3 methods have been added in order to expose more
information on the characteristics of TLS socket connection.
---
 include/seastar/net/tls.hh | 24 ++++++++++++++++++++++++
 src/net/tls.cc             | 34 ++++++++++++++++++++++++++++++++++
 2 files changed, 58 insertions(+)

diff --git a/include/seastar/net/tls.hh b/include/seastar/net/tls.hh
index cdef2402284..0b2d07d166c 100644
--- a/include/seastar/net/tls.hh
+++ b/include/seastar/net/tls.hh
@@ -529,6 +529,30 @@ namespace tls {
     */
     future<session_data> get_session_resume_data(connected_socket&);
 
+    /**
+     * Returns true if the hanshake has been completed.
+     *
+     * If the socket is not connected a system_error exception will be thrown.
+     * If the socket is not a TLS socket an exception will be thrown.
+    */
+    bool is_operational(connected_socket& socket);
+
+    /**
+     * Returns the cipher suite used in the connection.
+     *
+     * If the socket is not connected a system_error exception will be thrown.
+     * If the socket is not a TLS socket an exception will be thrown.
+    */
+    sstring get_cipher_suite(connected_socket& socket);
+
+    /**
+     * Returns the protocol version used in the connection.
+     *
+     * If the socket is not connected a system_error exception will be thrown.
+     * If the socket is not a TLS socket an exception will be thrown.
+    */
+    sstring get_protocol_version(connected_socket& socket);
+
     std::ostream& operator<<(std::ostream&, const subject_alt_name::value_type&);
     std::ostream& operator<<(std::ostream&, const subject_alt_name&);
 
diff --git a/src/net/tls.cc b/src/net/tls.cc
index 3aebe81ab1d..f809cf5d499 100644
--- a/src/net/tls.cc
+++ b/src/net/tls.cc
@@ -1810,6 +1810,19 @@ class session : public enable_lw_shared_from_this<session> {
     }
 
     struct session_ref;
+
+    bool is_operational() const {
+        return gnutls_record_get_direction(*this) >= 0; // handshake succeeded
+    }
+
+    sstring get_cipher_suite() const {
+        return gnutls_ciphersuite_get(*this);
+    }
+
+    sstring get_protocol_version() const {
+        return gnutls_protocol_get_name(gnutls_protocol_get_version(*this));
+    }
+
 private:
 
     using x509_ctr_ptr = std::unique_ptr<gnutls_x509_crt_int, void (*)(gnutls_x509_crt_t)>;
@@ -1953,6 +1966,15 @@ class tls_connected_socket_impl : public net::connected_socket_impl, public sess
     future<session_data> get_session_resume_data() {
         return _session->get_session_resume_data();
     }
+    bool is_operational() {
+        return _session->is_operational();
+    }
+    sstring get_cipher_suite() {
+        return _session->get_cipher_suite();
+    }
+    sstring get_protocol_version() {
+        return _session->get_protocol_version();
+    }
 };
 
 
@@ -2147,6 +2169,18 @@ future<tls::session_data> tls::get_session_resume_data(connected_socket& socket)
     return get_tls_socket(socket)->get_session_resume_data();
 }
 
+bool tls::is_operational(connected_socket& socket) {
+    return get_tls_socket(socket)->is_operational();
+}
+
+sstring tls::get_cipher_suite(connected_socket& socket) {
+    return get_tls_socket(socket)->get_cipher_suite();
+}
+
+sstring tls::get_protocol_version(connected_socket& socket) {
+    return get_tls_socket(socket)->get_protocol_version();
+}
+
 std::string_view tls::format_as(subject_alt_name_type type) {
     switch (type) {
         case subject_alt_name_type::dnsname: