add support for SSL_CTX_clear_options and use bitflags

author: Paul Kehrer <[email protected]> 2015-02-23 19:39:23 -0600
committer: Paul Kehrer <[email protected]> 2015-02-23 19:39:23 -0600
commit: 8940bd767b908e886dc8ef83ca59e5e5f844a06e (patch)
tree: 38c42f141900033fabcc2d3988010cbccf8e6860 /openssl/src/ssl
parent: add support for SSL_CTX_set_options and SSL_CTX_get_options (diff)
download: rust-openssl-8940bd767b908e886dc8ef83ca59e5e5f844a06e.tar.xz
rust-openssl-8940bd767b908e886dc8ef83ca59e5e5f844a06e.zip
2 files changed, 66 insertions, 11 deletions
diff --git a/openssl/src/ssl/mod.rs b/openssl/src/ssl/mod.rs
index fe04e8ec..f4f2f36f 100644
--- a/openssl/src/ssl/mod.rs
+++ b/openssl/src/ssl/mod.rs
@@ -33,6 +33,39 @@ fn init() {
     }
 }
 
+bitflags! {
+    flags SslContextOptions: c_long {
+        const SSL_OP_LEGACY_SERVER_CONNECT = 0x00000004,
+        const SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG = 0x00000008,
+        const SSL_OP_TLSEXT_PADDING = 0x00000010,
+        const SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER = 0x00000020,
+        const SSL_OP_SAFARI_ECDHE_ECDSA_BUG = 0x00000040,
+        const SSL_OP_SSLEAY_080_CLIENT_DH_BUG = 0x00000080,
+        const SSL_OP_TLS_D5_BUG = 0x00000100,
+        const SSL_OP_TLS_BLOCK_PADDING_BUG = 0x00000200,
+        const SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS = 0x00000800,
+        const SSL_OP_ALL = 0x80000BFF,
+        const SSL_OP_NO_QUERY_MTU = 0x00001000,
+        const SSL_OP_COOKIE_EXCHANGE = 0x00002000,
+        const SSL_OP_NO_TICKET = 0x00004000,
+        const SSL_OP_CISCO_ANYCONNECT = 0x00008000,
+        const SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION = 0x00010000,
+        const SSL_OP_NO_COMPRESSION = 0x00020000,
+        const SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION = 0x00040000,
+        const SSL_OP_SINGLE_ECDH_USE = 0x00080000,
+        const SSL_OP_SINGLE_DH_USE = 0x00100000,
+        const SSL_OP_CIPHER_SERVER_PREFERENCE = 0x00400000,
+        const SSL_OP_TLS_ROLLBACK_BUG = 0x00800000,
+        const SSL_OP_NO_SSLV2 = 0x00000000,
+        const SSL_OP_NO_SSLV3 = 0x02000000,
+        const SSL_OP_NO_TLSV1 = 0x04000000,
+        const SSL_OP_NO_TLSV1_2 = 0x08000000,
+        const SSL_OP_NO_TLSV1_1 = 0x10000000,
+        const SSL_OP_NO_DTLSV1 = 0x04000000,
+        const SSL_OP_NO_DTLSV1_2 = 0x08000000
+    }
+}
+
 /// Determines the SSL method supported
 #[allow(non_camel_case_types)]
 #[derive(Copy, Clone, Debug, Hash, PartialEq, Eq)]
@@ -280,16 +313,27 @@ impl SslContext {
             })
     }
 
-    pub fn set_options(&mut self, option: c_long) -> c_long {
-        unsafe {
-            ffi::SSL_CTX_set_options(*self.ctx, option)
-        }
+    pub fn set_options(&mut self, option: SslContextOptions) -> SslContextOptions {
+        let raw_bits = option.bits();
+        let ret = unsafe {
+            ffi::SSL_CTX_set_options(*self.ctx, raw_bits)
+        };
+        SslContextOptions::from_bits(ret).unwrap()
     }
 
-    pub fn get_options(&mut self) -> c_long {
-        unsafe {
+    pub fn get_options(&mut self) -> SslContextOptions {
+        let ret = unsafe {
             ffi::SSL_CTX_get_options(*self.ctx)
-        }
+        };
+        SslContextOptions::from_bits(ret).unwrap()
+    }
+
+    pub fn clear_options(&mut self, option: SslContextOptions) -> SslContextOptions {
+        let raw_bits = option.bits();
+        let ret = unsafe {
+            ffi::SSL_CTX_clear_options(*self.ctx, raw_bits)
+        };
+        SslContextOptions::from_bits(ret).unwrap()
     }
 }
 
diff --git a/openssl/src/ssl/tests.rs b/openssl/src/ssl/tests.rs
index c5e9c5e9..3a39baff 100644
--- a/openssl/src/ssl/tests.rs
+++ b/openssl/src/ssl/tests.rs
@@ -4,6 +4,7 @@ use std::old_io::{Writer};
 use std::thread;
 
 use crypto::hash::Type::{SHA256};
+use ssl;
 use ssl::SslMethod::Sslv23;
 use ssl::{SslContext, SslStream, VerifyCallback};
 use ssl::SslVerifyMode::SslVerifyPeer;
@@ -183,10 +184,20 @@ fn test_get_ctx_options() {
 #[test]
 fn test_set_ctx_options() {
     let mut ctx = SslContext::new(Sslv23).unwrap();
-    let start_opts = ctx.get_options();
-    let ssl_op_no_sslv3 = 0x02000000;
-    let res = ctx.set_options(ssl_op_no_sslv3);
-    assert_eq!(res, start_opts | ssl_op_no_sslv3);
+    let opts = ctx.set_options(ssl::SSL_OP_NO_TICKET);
+    assert!(opts.contains(ssl::SSL_OP_NO_TICKET));
+    assert!(!opts.contains(ssl::SSL_OP_CISCO_ANYCONNECT));
+    let more_opts = ctx.set_options(ssl::SSL_OP_CISCO_ANYCONNECT);
+    assert!(more_opts.contains(ssl::SSL_OP_NO_TICKET));
+    assert!(more_opts.contains(ssl::SSL_OP_CISCO_ANYCONNECT));
+}
+
+#[test]
+fn test_clear_ctx_options() {
+    let mut ctx = SslContext::new(Sslv23).unwrap();
+    ctx.set_options(ssl::SSL_OP_ALL);
+    let opts = ctx.clear_options(ssl::SSL_OP_ALL);
+    assert!(!opts.contains(ssl::SSL_OP_ALL));
 }
 
 #[test]
author	Paul Kehrer <[email protected]>	2015-02-23 19:39:23 -0600
committer	Paul Kehrer <[email protected]>	2015-02-23 19:39:23 -0600
commit	8940bd767b908e886dc8ef83ca59e5e5f844a06e (patch)
tree	38c42f141900033fabcc2d3988010cbccf8e6860 /openssl/src/ssl
parent	add support for SSL_CTX_set_options and SSL_CTX_get_options (diff)
download	rust-openssl-8940bd767b908e886dc8ef83ca59e5e5f844a06e.tar.xz rust-openssl-8940bd767b908e886dc8ef83ca59e5e5f844a06e.zip