Add method to query Extended Master Secret support

Change-Id: I4c285f4b3dd77f8fc7249c7504b5e4eb9b62959f
Reviewed-on: https://boringssl-review.googlesource.com/5920
Reviewed-by: Adam Langley <agl@google.com>

include/openssl/ssl.h

@@ -962,6 +962,10 @@ OPENSSL_EXPORT STACK_OF(X509) *SSL_get_peer_cert_chain(const SSL *ssl);
 OPENSSL_EXPORT int SSL_get_tls_unique(const SSL *ssl, uint8_t *out,
                                       size_t *out_len, size_t max_out);
 
+/* SSL_get_extms_support returns one if the Extended Master Secret
+ * extension was negotiated. Otherwise, it returns zero. */
+OPENSSL_EXPORT int SSL_get_extms_support(const SSL *ssl);
+
 
 /* Custom extensions.
  *

ssl/ssl_lib.c

@@ -1199,6 +1199,10 @@ int SSL_get_verify_depth(const SSL *s) {
   return X509_VERIFY_PARAM_get_depth(s->param);
 }
 
+int SSL_get_extms_support(const SSL *s) {
+  return s->s3->tmp.extended_master_secret == 1;
+}
+
 int (*SSL_get_verify_callback(const SSL *s))(int, X509_STORE_CTX *) {
   return s->verify_callback;
 }