Add ctrls to clear options and mode.

Change RI ctrl so it doesn't clash.

diff --git a/CHANGES b/CHANGES
index bd957e52893ea9a154edafc5f2d559087e380140..6af764c61115da54dcbccb54bce1da6f398c5f1b 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -4,6 +4,9 @@
 
  Changes between 0.9.8l (?) and 0.9.8m (?)  [xx XXX xxxx]
 
+  *) Add "missing" ssl ctrls to clear options and mode.
+     [Steve Henson]
+
   *) If client attempts to renegotiate and doesn't support RI respond with
      a no_renegotiation alert as required by draft-ietf-tls-renegotiation.
      Some renegotiating TLS clients will continue a connection gracefully

diff --git a/ssl/ssl.h b/ssl/ssl.h
index a9f3d776663184ca3bb87d711e1437caf346c924..9cf70487d98c48c5bfd8d66cb34433907260069c 100644 (file)
--- a/ssl/ssl.h
+++ b/ssl/ssl.h
@@ -564,17 +564,25 @@ typedef struct ssl_session_st
 
 #define SSL_CTX_set_options(ctx,op) \
        SSL_CTX_ctrl((ctx),SSL_CTRL_OPTIONS,(op),NULL)
+#define SSL_CTX_clear_options(ctx,op) \
+       SSL_CTX_ctrl((ctx),SSL_CTRL_CLEAR_OPTIONS,(op),NULL)
 #define SSL_CTX_get_options(ctx) \
        SSL_CTX_ctrl((ctx),SSL_CTRL_OPTIONS,0,NULL)
 #define SSL_set_options(ssl,op) \
        SSL_ctrl((ssl),SSL_CTRL_OPTIONS,(op),NULL)
+#define SSL_clear_options(ssl,op) \
+       SSL_ctrl((ssl),SSL_CTRL_CLEAR_OPTIONS,(op),NULL)
 #define SSL_get_options(ssl) \
         SSL_ctrl((ssl),SSL_CTRL_OPTIONS,0,NULL)
 
 #define SSL_CTX_set_mode(ctx,op) \
        SSL_CTX_ctrl((ctx),SSL_CTRL_MODE,(op),NULL)
+#define SSL_CTX_clear_mode(ctx,op) \
+       SSL_CTX_ctrl((ctx),SSL_CTRL_CLEAR_MODE,(op),NULL)
 #define SSL_CTX_get_mode(ctx) \
        SSL_CTX_ctrl((ctx),SSL_CTRL_MODE,0,NULL)
+#define SSL_clear_mode(ssl,op) \
+       SSL_ctrl((ssl),SSL_CTRL_CLEAR_MODE,(op),NULL)
 #define SSL_set_mode(ssl,op) \
        SSL_ctrl((ssl),SSL_CTRL_MODE,(op),NULL)
 #define SSL_get_mode(ssl) \
@@ -1251,8 +1259,6 @@ size_t SSL_get_peer_finished(const SSL *s, void *buf, size_t count);
 #define SSL_CTRL_GET_MAX_CERT_LIST             50
 #define SSL_CTRL_SET_MAX_CERT_LIST             51
 
-#define SSL_CTRL_GET_RI_SUPPORT                        53
-
 /* see tls1.h for macros based on these */
 #ifndef OPENSSL_NO_TLSEXT
 #define SSL_CTRL_SET_TLSEXT_SERVERNAME_CB      53
@@ -1280,6 +1286,10 @@ size_t SSL_get_peer_finished(const SSL *s, void *buf, size_t count);
 #define DTLS_CTRL_HANDLE_TIMEOUT       74
 #define DTLS_CTRL_LISTEN                       75
 
+#define SSL_CTRL_GET_RI_SUPPORT                        76
+#define SSL_CTRL_CLEAR_OPTIONS                 77
+#define SSL_CTRL_CLEAR_MODE                    78
+
 #define DTLSv1_get_timeout(ssl, arg) \
        SSL_ctrl(ssl,DTLS_CTRL_GET_TIMEOUT,0, (void *)arg)
 #define DTLSv1_handle_timeout(ssl) \

diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index 5399d46b93e0d331dcf2730eb9fe7d2081acdedc..f3b2eb9e95a977c407a41e1fe981d329ac2f82de 100644 (file)
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -987,8 +987,12 @@ long SSL_ctrl(SSL *s,int cmd,long larg,void *parg)
 
        case SSL_CTRL_OPTIONS:
                return(s->options|=larg);
+       case SSL_CTRL_CLEAR_OPTIONS:
+               return(s->options&=~larg);
        case SSL_CTRL_MODE:
                return(s->mode|=larg);
+       case SSL_CTRL_CLEAR_MODE:
+               return(s->mode &=~larg);
        case SSL_CTRL_GET_MAX_CERT_LIST:
                return(s->max_cert_list);
        case SSL_CTRL_SET_MAX_CERT_LIST:
@@ -1093,8 +1097,12 @@ long SSL_CTX_ctrl(SSL_CTX *ctx,int cmd,long larg,void *parg)
                return(ctx->stats.sess_cache_full);
        case SSL_CTRL_OPTIONS:
                return(ctx->options|=larg);
+       case SSL_CTRL_CLEAR_OPTIONS:
+               return(ctx->options&=~larg);
        case SSL_CTRL_MODE:
                return(ctx->mode|=larg);
+       case SSL_CTRL_CLEAR_MODE:
+               return(ctx->mode&=~larg);
        default:
                return(ctx->method->ssl_ctx_ctrl(ctx,cmd,larg,parg));
                }