- {
- SSL_CONF_CTX *cctx = usr;
- size_t i;
- const ssl_flag_tbl *tbl;
- int onoff = 1;
- /* len == -1 indicates not being called in list context, just for
- * single command line switches, so don't allow +, -.
- */
- if (len != -1)
- {
- if (*elem == '+')
- {
- elem++;
- len--;
- onoff = 1;
- }
- else if (*elem == '-')
- {
- elem++;
- len--;
- onoff = 0;
- }
- }
- for (i = 0, tbl = cctx->tbl; i < cctx->ntbl; i++, tbl++)
- {
- if (ssl_match_option(cctx, tbl, elem, len, onoff))
- return 1;
- }
- return 0;
- }
-
-/* Single command line switches with no argument e.g. -no_ssl3 */
-static int ctrl_str_option(SSL_CONF_CTX *cctx, const char *cmd)
- {
- static const ssl_flag_tbl ssl_option_single[] =
- {
- SSL_FLAG_TBL("no_ssl3", SSL_OP_NO_SSLv3),
- SSL_FLAG_TBL("no_tls1", SSL_OP_NO_TLSv1),
- SSL_FLAG_TBL("no_tls1_1", SSL_OP_NO_TLSv1_1),
- SSL_FLAG_TBL("no_tls1_2", SSL_OP_NO_TLSv1_2),
- SSL_FLAG_TBL("bugs", SSL_OP_ALL),
- SSL_FLAG_TBL("no_comp", SSL_OP_NO_COMPRESSION),
- SSL_FLAG_TBL_SRV("ecdh_single", SSL_OP_SINGLE_ECDH_USE),
-#ifndef OPENSSL_NO_TLSEXT
- SSL_FLAG_TBL("no_ticket", SSL_OP_NO_TICKET),
-#endif
- SSL_FLAG_TBL_SRV("serverpref", SSL_OP_CIPHER_SERVER_PREFERENCE),
- SSL_FLAG_TBL("legacy_renegotiation", SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION),
- SSL_FLAG_TBL_SRV("legacy_server_connect", SSL_OP_LEGACY_SERVER_CONNECT),
- SSL_FLAG_TBL_SRV("no_resumption_on_reneg", SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION),
- SSL_FLAG_TBL_SRV_INV("no_legacy_server_connect", SSL_OP_LEGACY_SERVER_CONNECT),
- SSL_FLAG_TBL_CERT("strict", SSL_CERT_FLAG_TLS_STRICT),
-#ifdef OPENSSL_SSL_DEBUG_BROKEN_PROTOCOL
- SSL_FLAG_TBL_CERT("debug_broken_protocol", SSL_CERT_FLAG_BROKEN_PROTOCOL),
-#endif
- };
- cctx->tbl = ssl_option_single;
- cctx->ntbl = sizeof(ssl_option_single)/sizeof(ssl_flag_tbl);
- return ssl_set_option_list(cmd, -1, cctx);
- }
+{
+ SSL_CONF_CTX *cctx = usr;
+ size_t i;
+ const ssl_flag_tbl *tbl;
+ int onoff = 1;
+ /*
+ * len == -1 indicates not being called in list context, just for single
+ * command line switches, so don't allow +, -.
+ */
+ if (elem == NULL)
+ return 0;
+ if (len != -1) {
+ if (*elem == '+') {
+ elem++;
+ len--;
+ onoff = 1;
+ } else if (*elem == '-') {
+ elem++;
+ len--;
+ onoff = 0;
+ }
+ }
+ for (i = 0, tbl = cctx->tbl; i < cctx->ntbl; i++, tbl++) {
+ if (ssl_match_option(cctx, tbl, elem, len, onoff))
+ return 1;
+ }
+ return 0;
+}