New method get_ems_support that returns whether the current session u…

…sed extended master secret

nassl/_nassl/nassl_SSL.c

@@ -304,6 +304,12 @@ static PyObject* nassl_SSL_set1_groups(nassl_SSL_Object *self, PyObject *args)
     PyMem_Free(listOfNids);
     Py_RETURN_NONE;
 }
+
+static PyObject *nassl_SSL_get_extms_support(nassl_SSL_Object *self)
+{
+    long returnValue = SSL_get_extms_support(self->ssl);
+    return Py_BuildValue("l", returnValue);
+}
 #endif
 
 static PyObject* nassl_SSL_shutdown(nassl_SSL_Object *self, PyObject *args)
@@ -1187,6 +1193,9 @@ static PyMethodDef nassl_SSL_Object_methods[] =
     {"set1_groups", (PyCFunction)nassl_SSL_set1_groups, METH_VARARGS,
     "OpenSSL's SSL_set1_groups()"
     },
+    {"get_extms_support", (PyCFunction)nassl_SSL_get_extms_support, METH_NOARGS,
+    "Returns whether the current session used extended master secret."
+    },
 #endif
     {"get_peer_cert_chain", (PyCFunction)nassl_SSL_get_peer_cert_chain, METH_NOARGS,
      "OpenSSL's SSL_get_peer_cert_chain(). Returns an array of _nassl.X509 objects."

nassl/legacy_ssl_client.py

@@ -151,3 +151,7 @@ def do_ssl2_iis_handshake(self) -> None:
             except WantX509LookupError:
                 # Server asked for a client certificate and we didn't provide one
                 raise ClientCertificateRequested(self.get_client_CA_list())
+
+    def get_ems_support(self) -> Optional[bool]:
+        """ EMS is not supported by legacy OpenSSL """
+        return None

nassl/ssl_client.py

@@ -409,6 +409,14 @@ def get_received_chain(self) -> List[str]:
         """
         return [x509.as_pem() for x509 in self._ssl.get_peer_cert_chain()]
 
+    def get_ems_support(self) -> Optional[bool]:
+        support = self._ssl.get_extms_support()
+        if support == 1:
+            return True
+        if support == 0:
+            return False
+        return None
+
 
 class OpenSslEarlyDataStatusEnum(IntEnum):
     """Early data status constants."""