Fix typo in SSL_pending docs

[openssl.git] / ssl / ssl_conf.c
diff --git a/ssl/ssl_conf.c b/ssl/ssl_conf.c

index 1e14a4497e89d10b129002c18833c28465bd6a12..157bf8ba0d913742cf64d7788e7bc04bd2f06fdf 100644 (file)
--- a/ssl/ssl_conf.c
+++ b/ssl/ssl_conf.c
@@ -55,9 +55,6 @@
   *
   */
  
-#ifdef REF_CHECK
-# include <assert.h>
-#endif
  #include <stdio.h>
  #include "ssl_locl.h"
  #include <openssl/conf.h>
@@ -332,6 +329,7 @@ static int protocol_from_string(const char *value)
          int version;
      };
      static const struct protocol_versions versions[] = {
+        {"None", 0},
          {"SSLv3", SSL3_VERSION},
          {"TLSv1", TLS1_VERSION},
          {"TLSv1.1", TLS1_1_VERSION},
@@ -347,6 +345,22 @@ static int protocol_from_string(const char *value)
      return -1;
  }
  
+static int min_max_proto(SSL_CONF_CTX *cctx, const char *value, int *bound)
+{
+    int method_version;
+    int new_version;
+
+    if (cctx->ctx != NULL)
+        method_version = cctx->ctx->method->version;
+    else if (cctx->ssl != NULL)
+        method_version = cctx->ssl->ctx->method->version;
+    else
+        return 0;
+    if ((new_version = protocol_from_string(value)) < 0)
+        return 0;
+    return ssl_set_version_bound(method_version, new_version, bound);
+}
+
  /*
   * cmd_MinProtocol - Set min protocol version
   * @cctx: config structure to save settings in
@@ -356,13 +370,7 @@ static int protocol_from_string(const char *value)
   */
  static int cmd_MinProtocol(SSL_CONF_CTX *cctx, const char *value)
  {
-    int version = protocol_from_string(value);
-
-    if (version < 0)
-        return 0;
-
-    *(cctx->min_version) = version;
-    return 1;
+    return min_max_proto(cctx, value, cctx->min_version);
  }
  
  /*
@@ -374,13 +382,7 @@ static int cmd_MinProtocol(SSL_CONF_CTX *cctx, const char *value)
   */
  static int cmd_MaxProtocol(SSL_CONF_CTX *cctx, const char *value)
  {
-    int version = protocol_from_string(value);
-
-    if (version < 0)
-        return 0;
-
-    *(cctx->max_version) = version;
-    return 1;
+    return min_max_proto(cctx, value, cctx->max_version);
  }
  
  static int cmd_Options(SSL_CONF_CTX *cctx, const char *value)
@@ -577,6 +579,7 @@ static const ssl_conf_cmd_tbl ssl_conf_cmds[] = {
      SSL_CONF_CMD_SWITCH("no_tls1_2", 0),
      SSL_CONF_CMD_SWITCH("bugs", 0),
      SSL_CONF_CMD_SWITCH("no_comp", 0),
+    SSL_CONF_CMD_SWITCH("comp", 0),
      SSL_CONF_CMD_SWITCH("ecdh_single", SSL_CONF_FLAG_SERVER),
      SSL_CONF_CMD_SWITCH("no_ticket", 0),
      SSL_CONF_CMD_SWITCH("serverpref", SSL_CONF_FLAG_SERVER),
@@ -585,9 +588,6 @@ static const ssl_conf_cmd_tbl ssl_conf_cmds[] = {
      SSL_CONF_CMD_SWITCH("no_resumption_on_reneg", SSL_CONF_FLAG_SERVER),
      SSL_CONF_CMD_SWITCH("no_legacy_server_connect", SSL_CONF_FLAG_SERVER),
      SSL_CONF_CMD_SWITCH("strict", 0),
-#ifdef OPENSSL_SSL_DEBUG_BROKEN_PROTOCOL
-    SSL_CONF_CMD_SWITCH("debug_broken_protocol", 0),
-#endif
      SSL_CONF_CMD_STRING(SignatureAlgorithms, "sigalgs", 0),
      SSL_CONF_CMD_STRING(ClientSignatureAlgorithms, "client_sigalgs", 0),
      SSL_CONF_CMD_STRING(Curves, "curves", 0),
@@ -636,6 +636,7 @@ static const ssl_switch_tbl ssl_cmd_switches[] = {
      {SSL_OP_NO_TLSv1_2, 0},     /* no_tls1_2 */
      {SSL_OP_ALL, 0},            /* bugs */
      {SSL_OP_NO_COMPRESSION, 0}, /* no_comp */
+    {SSL_OP_NO_COMPRESSION, SSL_TFLAG_INV}, /* comp */
      {SSL_OP_SINGLE_ECDH_USE, 0}, /* ecdh_single */
      {SSL_OP_NO_TICKET, 0},      /* no_ticket */
      {SSL_OP_CIPHER_SERVER_PREFERENCE, 0}, /* serverpref */
@@ -648,9 +649,6 @@ static const ssl_switch_tbl ssl_cmd_switches[] = {
      /* no_legacy_server_connect */
      {SSL_OP_LEGACY_SERVER_CONNECT, SSL_TFLAG_INV},
      {SSL_CERT_FLAG_TLS_STRICT, SSL_TFLAG_CERT}, /* strict */
-#ifdef OPENSSL_SSL_DEBUG_BROKEN_PROTOCOL
-    {SSL_CERT_FLAG_BROKEN_PROTOCOL, SSL_TFLAG_CERT} /* debug_broken_protocol */
-#endif
  };
  
  static int ssl_conf_cmd_skip_prefix(SSL_CONF_CTX *cctx, const char **pcmd)