Merge pull request #221 from jethrogb/topic/ssl_options

Several SSL option fixes

2 files changed, 72 insertions, 6 deletions

diff --git a/openssl-sys/src/lib.rs b/openssl-sys/src/lib.rs
index fb4d8d30..5317ff20 100644
--- a/openssl-sys/src/lib.rs
+++ b/openssl-sys/src/lib.rs
@@ -155,6 +155,14 @@ pub const SSL_TLSEXT_ERR_ALERT_WARNING: c_int = 1;
 pub const SSL_TLSEXT_ERR_ALERT_FATAL: c_int = 2;
 pub const SSL_TLSEXT_ERR_NOACK: c_int = 3;
 
+macro_rules! import_options {
+    ( $( $name:ident $val:expr  )* ) => {
+       $( pub const $name: u64 = $val; )*
+    };
+}
+
+include!("ssl_options.rs");
+
 #[cfg(feature = "npn")]
 pub const OPENSSL_NPN_UNSUPPORTED: c_int = 0;
 #[cfg(feature = "npn")]
@@ -262,8 +270,23 @@ pub fn init() {
     }
 }
 
+pub unsafe fn SSL_CTX_set_options(ssl: *mut SSL_CTX, op: u64) -> u64 {
+    rust_openssl_ssl_ctx_options_c_to_rust(SSL_CTX_set_options_shim(ssl, rust_openssl_ssl_ctx_options_rust_to_c(op)))
+}
+
+pub unsafe fn SSL_CTX_get_options(ssl: *mut SSL_CTX) -> u64 {
+    rust_openssl_ssl_ctx_options_c_to_rust(SSL_CTX_get_options_shim(ssl))
+}
+
+pub unsafe fn SSL_CTX_clear_options(ssl: *mut SSL_CTX, op: u64) -> u64 {
+    rust_openssl_ssl_ctx_options_c_to_rust(SSL_CTX_clear_options_shim(ssl, rust_openssl_ssl_ctx_options_rust_to_c(op)))
+}
+
 // True functions
 extern "C" {
+    fn rust_openssl_ssl_ctx_options_rust_to_c(rustval: u64) -> c_long;
+    fn rust_openssl_ssl_ctx_options_c_to_rust(cval: c_long) -> u64;
+
     pub fn ASN1_INTEGER_set(dest: *mut ASN1_INTEGER, value: c_long) -> c_int;
     pub fn ASN1_STRING_type_new(ty: c_int) -> *mut ASN1_STRING;
     pub fn ASN1_TIME_free(tm: *mut ASN1_TIME);
@@ -616,12 +639,9 @@ extern "C" {
     pub fn BIO_eof(b: *mut BIO) -> c_int;
     #[link_name = "BIO_set_mem_eof_return_shim"]
     pub fn BIO_set_mem_eof_return(b: *mut BIO, v: c_int);
-    #[link_name = "SSL_CTX_set_options_shim"]
-    pub fn SSL_CTX_set_options(ctx: *mut SSL_CTX, options: c_long) -> c_long;
-    #[link_name = "SSL_CTX_get_options_shim"]
-    pub fn SSL_CTX_get_options(ctx: *mut SSL_CTX) -> c_long;
-    #[link_name = "SSL_CTX_clear_options_shim"]
-    pub fn SSL_CTX_clear_options(ctx: *mut SSL_CTX, options: c_long) -> c_long;
+    pub fn SSL_CTX_set_options_shim(ctx: *mut SSL_CTX, options: c_long) -> c_long;
+    pub fn SSL_CTX_get_options_shim(ctx: *mut SSL_CTX) -> c_long;
+    pub fn SSL_CTX_clear_options_shim(ctx: *mut SSL_CTX, options: c_long) -> c_long;
     #[link_name = "SSL_CTX_add_extra_chain_cert_shim"]
     pub fn SSL_CTX_add_extra_chain_cert(ctx: *mut SSL_CTX, x509: *mut X509) -> c_long;
     #[link_name = "SSL_CTX_set_read_ahead_shim"]
diff --git a/openssl-sys/src/ssl_options.rs b/openssl-sys/src/ssl_options.rs
new file mode 100644
index 00000000..a1c778ac
--- /dev/null
+++ b/openssl-sys/src/ssl_options.rs
@@ -0,0 +1,46 @@
+import_options!{
+// The following values are directly from recent OpenSSL
+SSL_OP_MICROSOFT_SESS_ID_BUG                   0x00000001
+SSL_OP_NETSCAPE_CHALLENGE_BUG                  0x00000002
+SSL_OP_LEGACY_SERVER_CONNECT                   0x00000004
+SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG        0x00000008
+SSL_OP_TLSEXT_PADDING                          0x00000010
+SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER              0x00000020
+SSL_OP_SAFARI_ECDHE_ECDSA_BUG                  0x00000040
+SSL_OP_SSLEAY_080_CLIENT_DH_BUG                0x00000080
+SSL_OP_TLS_D5_BUG                              0x00000100
+SSL_OP_TLS_BLOCK_PADDING_BUG                   0x00000200
+// unused:                                     0x00000400
+SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS             0x00000800
+SSL_OP_NO_QUERY_MTU                            0x00001000
+SSL_OP_COOKIE_EXCHANGE                         0x00002000
+SSL_OP_NO_TICKET                               0x00004000
+SSL_OP_CISCO_ANYCONNECT                        0x00008000
+SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION  0x00010000
+SSL_OP_NO_COMPRESSION                          0x00020000
+SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION       0x00040000
+SSL_OP_SINGLE_ECDH_USE                         0x00080000
+SSL_OP_SINGLE_DH_USE                           0x00100000
+// unused:                                     0x00200000
+SSL_OP_CIPHER_SERVER_PREFERENCE                0x00400000
+SSL_OP_TLS_ROLLBACK_BUG                        0x00800000
+SSL_OP_NO_SSLv2                                0x01000000
+SSL_OP_NO_SSLv3                                0x02000000
+SSL_OP_NO_DTLSv1                               0x04000000
+SSL_OP_NO_TLSv1                                0x04000000
+SSL_OP_NO_DTLSv1_2                             0x08000000
+SSL_OP_NO_TLSv1_2                              0x08000000
+SSL_OP_NO_TLSv1_1                              0x10000000
+SSL_OP_NETSCAPE_CA_DN_BUG                      0x20000000
+SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG         0x40000000
+SSL_OP_CRYPTOPRO_TLSEXT_BUG                    0x80000000
+
+// The following values were in 32-bit range in old OpenSSL
+SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG             0x100000000
+SSL_OP_MSIE_SSLV2_RSA_PADDING                  0x200000000
+SSL_OP_PKCS1_CHECK_1                           0x400000000
+SSL_OP_PKCS1_CHECK_2                           0x800000000
+
+// The following values were redefined to 0 for security reasons
+SSL_OP_EPHEMERAL_RSA                           0x0
+}