Add ctrls to clear options and mode.

Change RI ctrl so it doesn't clash.

diff --git a/CHANGES b/CHANGES
index 24be6c51bc9a19a60c4634205e00220624eb77f2..ed3870c7c485b638bc8388327aa4f868e8e167b1 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -863,6 +863,9 @@
 
  Changes between 0.9.8l (?) and 0.9.8m (?)  [xx XXX xxxx]
 
+  *) Add "missing" ssl ctrls to clear options and mode.
+     [Steve Henson]
+
   *) If client attempts to renegotiate and doesn't support RI respond with
      a no_renegotiation alert as required by draft-ietf-tls-renegotiation.
      Some renegotiating TLS clients will continue a connection gracefully

diff --git a/ssl/ssl.h b/ssl/ssl.h
index dc04b66a87abc8a55ee3af0397bd2d92ffe890c5..4d53ef80f48afe3bb10febb3a6c71dea3b5f98ed 100644 (file)
--- a/ssl/ssl.h
+++ b/ssl/ssl.h
@@ -607,17 +607,25 @@ typedef struct ssl_session_st
 
 #define SSL_CTX_set_options(ctx,op) \
        SSL_CTX_ctrl((ctx),SSL_CTRL_OPTIONS,(op),NULL)
+#define SSL_CTX_clear_options(ctx,op) \
+       SSL_CTX_ctrl((ctx),SSL_CTRL_CLEAR_OPTIONS,(op),NULL)
 #define SSL_CTX_get_options(ctx) \
        SSL_CTX_ctrl((ctx),SSL_CTRL_OPTIONS,0,NULL)
 #define SSL_set_options(ssl,op) \
        SSL_ctrl((ssl),SSL_CTRL_OPTIONS,(op),NULL)
+#define SSL_clear_options(ssl,op) \
+       SSL_ctrl((ssl),SSL_CTRL_CLEAR_OPTIONS,(op),NULL)
 #define SSL_get_options(ssl) \
         SSL_ctrl((ssl),SSL_CTRL_OPTIONS,0,NULL)
 
 #define SSL_CTX_set_mode(ctx,op) \
        SSL_CTX_ctrl((ctx),SSL_CTRL_MODE,(op),NULL)
+#define SSL_CTX_clear_mode(ctx,op) \
+       SSL_CTX_ctrl((ctx),SSL_CTRL_CLEAR_MODE,(op),NULL)
 #define SSL_CTX_get_mode(ctx) \
        SSL_CTX_ctrl((ctx),SSL_CTRL_MODE,0,NULL)
+#define SSL_clear_mode(ssl,op) \
+       SSL_ctrl((ssl),SSL_CTRL_CLEAR_MODE,(op),NULL)
 #define SSL_set_mode(ssl,op) \
        SSL_ctrl((ssl),SSL_CTRL_MODE,(op),NULL)
 #define SSL_get_mode(ssl) \
@@ -1376,8 +1384,6 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
 
 #define SSL_CTRL_SET_MAX_SEND_FRAGMENT         52
 
-#define SSL_CTRL_GET_RI_SUPPORT                        53
-
 /* see tls1.h for macros based on these */
 #ifndef OPENSSL_NO_TLSEXT
 #define SSL_CTRL_SET_TLSEXT_SERVERNAME_CB      53
@@ -1407,6 +1413,10 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
 #define DTLS_CTRL_HANDLE_TIMEOUT       74
 #define DTLS_CTRL_LISTEN                       75
 
+#define SSL_CTRL_GET_RI_SUPPORT                        76
+#define SSL_CTRL_CLEAR_OPTIONS                 77
+#define SSL_CTRL_CLEAR_MODE                    78
+
 #define DTLSv1_get_timeout(ssl, arg) \
        SSL_ctrl(ssl,DTLS_CTRL_GET_TIMEOUT,0, (void *)arg)
 #define DTLSv1_handle_timeout(ssl) \

diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index 39bd9d7cf04bcaf304729df1812db1013f18b395..c9aa60435666e807b4c1e6d1f8aa844e629c6761 100644 (file)
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -1041,8 +1041,12 @@ long SSL_ctrl(SSL *s,int cmd,long larg,void *parg)
 
        case SSL_CTRL_OPTIONS:
                return(s->options|=larg);
+       case SSL_CTRL_CLEAR_OPTIONS:
+               return(s->options&=~larg);
        case SSL_CTRL_MODE:
                return(s->mode|=larg);
+       case SSL_CTRL_CLEAR_MODE:
+               return(s->mode &=~larg);
        case SSL_CTRL_GET_MAX_CERT_LIST:
                return(s->max_cert_list);
        case SSL_CTRL_SET_MAX_CERT_LIST:
@@ -1152,8 +1156,12 @@ long SSL_CTX_ctrl(SSL_CTX *ctx,int cmd,long larg,void *parg)
                return(ctx->stats.sess_cache_full);
        case SSL_CTRL_OPTIONS:
                return(ctx->options|=larg);
+       case SSL_CTRL_CLEAR_OPTIONS:
+               return(ctx->options&=~larg);
        case SSL_CTRL_MODE:
                return(ctx->mode|=larg);
+       case SSL_CTRL_CLEAR_MODE:
+               return(ctx->mode&=~larg);
        case SSL_CTRL_SET_MAX_SEND_FRAGMENT:
                if (larg < 512 || larg > SSL3_RT_MAX_PLAIN_LENGTH)
                        return 0;