diff --git a/src/ssl.c b/src/ssl.c index cbd1d9cb9..bf422a1e1 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -11469,19 +11469,20 @@ int wolfSSL_set_compression(WOLFSSL* ssl) long wolfSSL_CTX_get_options(WOLFSSL_CTX* ctx) { - (void)ctx; WOLFSSL_ENTER("wolfSSL_CTX_get_options"); WOLFSSL_MSG("wolfSSL options are set through API calls and macros"); - - return 0; + return ctx->mask; } long wolfSSL_CTX_set_options(WOLFSSL_CTX* ctx, long opt) { + WOLFSSL *ssl = wolfSSL_new(ctx); WOLFSSL_ENTER("SSL_CTX_set_options"); - ctx->mask |= opt; - return opt; + if(ssl == NULL)return SSL_FAILURE; + ctx->mask = wolfSSL_set_options(ssl, opt); + wolfSSL_free(ssl); + return ctx->mask; } long wolfSSL_CTX_clear_options(WOLFSSL_CTX* ctx, long opt) @@ -16976,8 +16977,7 @@ int wolfSSL_PEM_def_callback(char* name, int num, int w, void* key) return 0; } - -unsigned long wolfSSL_set_options(WOLFSSL* ssl, unsigned long op) +long wolfSSL_set_options(WOLFSSL* ssl, long op) { word16 haveRSA = 1; word16 havePSK = 0; @@ -17073,13 +17073,20 @@ unsigned long wolfSSL_set_options(WOLFSSL* ssl, unsigned long op) } -unsigned long wolfSSL_get_options(const WOLFSSL* ssl) +long wolfSSL_get_options(const WOLFSSL* ssl) { WOLFSSL_ENTER("wolfSSL_get_options"); return ssl->options.mask; } +long wolfSSL_clear_options(WOLFSSL* ssl, long opt) +{ + WOLFSSL_ENTER("SSL_clear_options"); + ssl->options.mask &= ~opt; + return ssl->options.mask; +} + /*** TBD ***/ WOLFSSL_API long wolfSSL_clear_num_renegotiations(WOLFSSL *s) { diff --git a/tests/api.c b/tests/api.c index 51f16272c..e831110b6 100644 --- a/tests/api.c +++ b/tests/api.c @@ -10458,8 +10458,29 @@ static void test_wolfSSL_set_options(void) printf(testingFmt, "wolfSSL_set_options()"); AssertNotNull(ctx = SSL_CTX_new(wolfSSLv23_server_method())); - AssertTrue(SSL_CTX_use_certificate_file(ctx, svrCertFile, WOLFSSL_FILETYPE_PEM)); - AssertTrue(SSL_CTX_use_PrivateKey_file(ctx, svrKeyFile, WOLFSSL_FILETYPE_PEM)); + AssertTrue(SSL_CTX_use_certificate_file(ctx, svrCertFile, SSL_FILETYPE_PEM)); + AssertTrue(SSL_CTX_use_PrivateKey_file(ctx, svrKeyFile, SSL_FILETYPE_PEM)); + + AssertTrue(SSL_CTX_set_options(ctx, SSL_OP_NO_TLSv1) == SSL_OP_NO_TLSv1); + AssertTrue(SSL_CTX_get_options(ctx) == SSL_OP_NO_TLSv1); + + AssertIntGT((int)SSL_CTX_set_options(ctx, (SSL_OP_COOKIE_EXCHANGE | + SSL_OP_NO_SSLv2)), 0); + AssertTrue((SSL_CTX_set_options(ctx, SSL_OP_COOKIE_EXCHANGE) & + SSL_OP_COOKIE_EXCHANGE) == SSL_OP_COOKIE_EXCHANGE); + AssertTrue((SSL_CTX_set_options(ctx, SSL_OP_NO_TLSv1_2) & + SSL_OP_NO_TLSv1_2) == SSL_OP_NO_TLSv1_2); + AssertTrue((SSL_CTX_set_options(ctx, SSL_OP_NO_COMPRESSION) & + SSL_OP_NO_COMPRESSION) == SSL_OP_NO_COMPRESSION); + AssertNull((SSL_CTX_clear_options(ctx, SSL_OP_NO_COMPRESSION) & + SSL_OP_NO_COMPRESSION)); + + SSL_CTX_free(ctx); + + AssertNotNull(ctx = SSL_CTX_new(wolfSSLv23_server_method())); + AssertTrue(SSL_CTX_use_certificate_file(ctx, svrCertFile, SSL_FILETYPE_PEM)); + AssertTrue(SSL_CTX_use_PrivateKey_file(ctx, svrKeyFile, SSL_FILETYPE_PEM)); + AssertNotNull(ssl = SSL_new(ctx)); AssertTrue(SSL_set_options(ssl, SSL_OP_NO_TLSv1) == SSL_OP_NO_TLSv1); @@ -10473,6 +10494,8 @@ static void test_wolfSSL_set_options(void) SSL_OP_NO_TLSv1_2) == SSL_OP_NO_TLSv1_2); AssertTrue((SSL_set_options(ssl, SSL_OP_NO_COMPRESSION) & SSL_OP_NO_COMPRESSION) == SSL_OP_NO_COMPRESSION); + AssertNull((SSL_clear_options(ssl, SSL_OP_NO_COMPRESSION) & + SSL_OP_NO_COMPRESSION)); AssertTrue(SSL_set_msg_callback(ssl, msg_cb) == SSL_SUCCESS); SSL_set_msg_callback_arg(ssl, arg); diff --git a/wolfssl/openssl/ssl.h b/wolfssl/openssl/ssl.h index 03a831bfc..e726dff3f 100644 --- a/wolfssl/openssl/ssl.h +++ b/wolfssl/openssl/ssl.h @@ -416,6 +416,7 @@ typedef WOLFSSL_X509_STORE_CTX X509_STORE_CTX; #define RAND_bytes wolfSSL_RAND_bytes #define SSLv23_server_method wolfSSLv23_server_method #define SSL_CTX_set_options wolfSSL_CTX_set_options +#define SSL_CTX_get_options wolfSSL_CTX_get_options #define SSL_CTX_clear_options wolfSSL_CTX_clear_options #define SSL_CTX_check_private_key wolfSSL_CTX_check_private_key @@ -560,6 +561,7 @@ typedef WOLFSSL_X509_NAME_ENTRY X509_NAME_ENTRY; #define SSL_set_options wolfSSL_set_options #define SSL_get_options wolfSSL_get_options +#define SSL_clear_options wolfSSL_clear_options #define SSL_set_tmp_dh wolfSSL_set_tmp_dh #define SSL_clear_num_renegotiations wolfSSL_clear_num_renegotiations #define SSL_total_renegotiations wolfSSL_total_renegotiations diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h index 9f8b96abc..7136901c1 100644 --- a/wolfssl/ssl.h +++ b/wolfssl/ssl.h @@ -879,8 +879,9 @@ WOLFSSL_API int wolfSSL_CTX_add_client_CA(WOLFSSL_CTX*, WOLFSSL_X509*); WOLFSSL_API int wolfSSL_CTX_set_srp_password(WOLFSSL_CTX*, char*); WOLFSSL_API int wolfSSL_CTX_set_srp_username(WOLFSSL_CTX*, char*); -WOLFSSL_API unsigned long wolfSSL_set_options(WOLFSSL *s, unsigned long op); -WOLFSSL_API unsigned long wolfSSL_get_options(const WOLFSSL *s); +WOLFSSL_API long wolfSSL_set_options(WOLFSSL *s, long op); +WOLFSSL_API long wolfSSL_get_options(const WOLFSSL *s); +WOLFSSL_API long wolfSSL_clear_options(WOLFSSL *s, long op); WOLFSSL_API long wolfSSL_clear_num_renegotiations(WOLFSSL *s); WOLFSSL_API long wolfSSL_total_renegotiations(WOLFSSL *s); WOLFSSL_API long wolfSSL_set_tmp_dh(WOLFSSL *s, WOLFSSL_DH *dh); @@ -1243,7 +1244,9 @@ WOLFSSL_API int wolfSSL_RAND_status(void); WOLFSSL_API int wolfSSL_RAND_bytes(unsigned char* buf, int num); WOLFSSL_API WOLFSSL_METHOD *wolfSSLv23_server_method(void); WOLFSSL_API long wolfSSL_CTX_set_options(WOLFSSL_CTX*, long); +WOLFSSL_API long wolfSSL_CTX_get_options(WOLFSSL_CTX* ctx); WOLFSSL_API long wolfSSL_CTX_clear_options(WOLFSSL_CTX*, long); + #ifndef NO_CERTS WOLFSSL_API int wolfSSL_CTX_check_private_key(WOLFSSL_CTX*); #endif /* !NO_CERTS */