Support basic SSL options without C shims

1 files changed, 31 insertions, 51 deletions

diff --git a/openssl/src/ssl/mod.rs b/openssl/src/ssl/mod.rs
index 2db2f0f9..39dd80de 100644
--- a/openssl/src/ssl/mod.rs
+++ b/openssl/src/ssl/mod.rs
@@ -49,52 +49,34 @@ pub fn init() {
 }
 
 bitflags! {
-    pub flags SslContextOptions: u64 {
-        const SSL_OP_MICROSOFT_SESS_ID_BUG                    = ::ffi_extras::SSL_OP_MICROSOFT_SESS_ID_BUG,
-        const SSL_OP_NETSCAPE_CHALLENGE_BUG                   = ::ffi_extras::SSL_OP_NETSCAPE_CHALLENGE_BUG,
-        const SSL_OP_LEGACY_SERVER_CONNECT                    = ::ffi_extras::SSL_OP_LEGACY_SERVER_CONNECT,
-        const SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG         = ::ffi_extras::SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG,
-        const SSL_OP_TLSEXT_PADDING                           = ::ffi_extras::SSL_OP_TLSEXT_PADDING,
-        const SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER               = ::ffi_extras::SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER,
-        const SSL_OP_SAFARI_ECDHE_ECDSA_BUG                   = ::ffi_extras::SSL_OP_SAFARI_ECDHE_ECDSA_BUG,
-        const SSL_OP_SSLEAY_080_CLIENT_DH_BUG                 = ::ffi_extras::SSL_OP_SSLEAY_080_CLIENT_DH_BUG,
-        const SSL_OP_TLS_D5_BUG                               = ::ffi_extras::SSL_OP_TLS_D5_BUG,
-        const SSL_OP_TLS_BLOCK_PADDING_BUG                    = ::ffi_extras::SSL_OP_TLS_BLOCK_PADDING_BUG,
-        const SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS              = ::ffi_extras::SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS,
-        const SSL_OP_NO_QUERY_MTU                             = ::ffi_extras::SSL_OP_NO_QUERY_MTU,
-        const SSL_OP_COOKIE_EXCHANGE                          = ::ffi_extras::SSL_OP_COOKIE_EXCHANGE,
-        const SSL_OP_NO_TICKET                                = ::ffi_extras::SSL_OP_NO_TICKET,
-        const SSL_OP_CISCO_ANYCONNECT                         = ::ffi_extras::SSL_OP_CISCO_ANYCONNECT,
-        const SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION   = ::ffi_extras::SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION,
-        const SSL_OP_NO_COMPRESSION                           = ::ffi_extras::SSL_OP_NO_COMPRESSION,
-        const SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION        = ::ffi_extras::SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION,
-        const SSL_OP_SINGLE_ECDH_USE                          = ::ffi_extras::SSL_OP_SINGLE_ECDH_USE,
-        const SSL_OP_SINGLE_DH_USE                            = ::ffi_extras::SSL_OP_SINGLE_DH_USE,
-        const SSL_OP_CIPHER_SERVER_PREFERENCE                 = ::ffi_extras::SSL_OP_CIPHER_SERVER_PREFERENCE,
-        const SSL_OP_TLS_ROLLBACK_BUG                         = ::ffi_extras::SSL_OP_TLS_ROLLBACK_BUG,
-        const SSL_OP_NO_SSLV2                                 = ::ffi_extras::SSL_OP_NO_SSLv2,
-        const SSL_OP_NO_SSLV3                                 = ::ffi_extras::SSL_OP_NO_SSLv3,
-        const SSL_OP_NO_DTLSV1                                = ::ffi_extras::SSL_OP_NO_DTLSv1,
-        const SSL_OP_NO_TLSV1                                 = ::ffi_extras::SSL_OP_NO_TLSv1,
-        const SSL_OP_NO_DTLSV1_2                              = ::ffi_extras::SSL_OP_NO_DTLSv1_2,
-        const SSL_OP_NO_TLSV1_2                               = ::ffi_extras::SSL_OP_NO_TLSv1_2,
-        const SSL_OP_NO_TLSV1_1                               = ::ffi_extras::SSL_OP_NO_TLSv1_1,
-        const SSL_OP_NETSCAPE_CA_DN_BUG                       = ::ffi_extras::SSL_OP_NETSCAPE_CA_DN_BUG,
-        const SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG          = ::ffi_extras::SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG,
-        const SSL_OP_CRYPTOPRO_TLSEXT_BUG                     = ::ffi_extras::SSL_OP_CRYPTOPRO_TLSEXT_BUG,
-        const SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG              = ::ffi_extras::SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG,
-        const SSL_OP_MSIE_SSLV2_RSA_PADDING                   = ::ffi_extras::SSL_OP_MSIE_SSLV2_RSA_PADDING,
-        const SSL_OP_PKCS1_CHECK_1                            = ::ffi_extras::SSL_OP_PKCS1_CHECK_1,
-        const SSL_OP_PKCS1_CHECK_2                            = ::ffi_extras::SSL_OP_PKCS1_CHECK_2,
-        const SSL_OP_EPHEMERAL_RSA                            = ::ffi_extras::SSL_OP_EPHEMERAL_RSA,
-        const SSL_OP_ALL         = SSL_OP_MICROSOFT_SESS_ID_BUG.bits|SSL_OP_NETSCAPE_CHALLENGE_BUG.bits
-                                  |SSL_OP_LEGACY_SERVER_CONNECT.bits|SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG.bits
-                                  |SSL_OP_TLSEXT_PADDING.bits|SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER.bits
-                                  |SSL_OP_SAFARI_ECDHE_ECDSA_BUG.bits|SSL_OP_SSLEAY_080_CLIENT_DH_BUG.bits
-                                  |SSL_OP_TLS_D5_BUG.bits|SSL_OP_TLS_BLOCK_PADDING_BUG.bits
-                                  |SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS.bits|SSL_OP_CRYPTOPRO_TLSEXT_BUG.bits,
-        const SSL_OP_NO_SSL_MASK = SSL_OP_NO_SSLV2.bits|SSL_OP_NO_SSLV3.bits|SSL_OP_NO_TLSV1.bits
-                                  |SSL_OP_NO_TLSV1_1.bits|SSL_OP_NO_TLSV1_2.bits,
+    pub flags SslContextOptions: c_long {
+        const SSL_OP_MICROSOFT_SESS_ID_BUG = ffi::SSL_OP_MICROSOFT_SESS_ID_BUG,
+        const SSL_OP_NETSCAPE_CHALLENGE_BUG = ffi::SSL_OP_NETSCAPE_CHALLENGE_BUG,
+        const SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG =
+            ffi::SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG,
+        const SSL_OP_TLSEXT_PADDING = ffi::SSL_OP_TLSEXT_PADDING,
+        const SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER = ffi::SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER,
+        const SSL_OP_SSLEAY_080_CLIENT_DH_BUG = ffi::SSL_OP_SSLEAY_080_CLIENT_DH_BUG,
+        const SSL_OP_TLS_D5_BUG = ffi::SSL_OP_TLS_D5_BUG,
+        const SSL_OP_TLS_BLOCK_PADDING_BUG = ffi::SSL_OP_TLS_BLOCK_PADDING_BUG,
+        const SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS = ffi::SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS,
+        const SSL_OP_ALL = ffi::SSL_OP_ALL,
+        const SSL_OP_NO_QUERY_MTU = ffi::SSL_OP_NO_QUERY_MTU,
+        const SSL_OP_COOKIE_EXCHANGE = ffi::SSL_OP_COOKIE_EXCHANGE,
+        const SSL_OP_NO_TICKET = ffi::SSL_OP_NO_TICKET,
+        const SSL_OP_CISCO_ANYCONNECT = ffi::SSL_OP_CISCO_ANYCONNECT,
+        const SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION =
+            ffi::SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION,
+        const SSL_OP_NO_COMPRESSION = ffi::SSL_OP_NO_COMPRESSION,
+        const SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION =
+            ffi::SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION,
+        const SSL_OP_SINGLE_ECDH_USE = ffi::SSL_OP_SINGLE_ECDH_USE,
+        const SSL_OP_SINGLE_DH_USE = ffi::SSL_OP_SINGLE_DH_USE,
+        const SSL_OP_CIPHER_SERVER_PREFERENCE = ffi::SSL_OP_CIPHER_SERVER_PREFERENCE,
+        const SSL_OP_TLS_ROLLBACK_BUG = ffi::SSL_OP_TLS_ROLLBACK_BUG,
+        const SSL_OP_NO_SSLV2 = ffi::SSL_OP_NO_SSLv2,
+        const SSL_OP_NO_SSLV3 = ffi::SSL_OP_NO_SSLv3,
+        const SSL_OP_NO_TLSV1 = ffi::SSL_OP_NO_TLSv1,
     }
 }
 
@@ -649,19 +631,17 @@ impl SslContext {
     }
 
     pub fn set_options(&mut self, option: SslContextOptions) -> SslContextOptions {
-        let raw_bits = option.bits();
-        let ret = unsafe { ffi_extras::SSL_CTX_set_options(self.ctx, raw_bits) };
+        let ret = unsafe { ffi::SSL_CTX_set_options(self.ctx, option.bits()) };
         SslContextOptions::from_bits(ret).unwrap()
     }
 
     pub fn options(&self) -> SslContextOptions {
-        let ret = unsafe { ffi_extras::SSL_CTX_get_options(self.ctx) };
+        let ret = unsafe { ffi::SSL_CTX_get_options(self.ctx) };
         SslContextOptions::from_bits(ret).unwrap()
     }
 
     pub fn clear_options(&mut self, option: SslContextOptions) -> SslContextOptions {
-        let raw_bits = option.bits();
-        let ret = unsafe { ffi_extras::SSL_CTX_clear_options(self.ctx, raw_bits) };
+        let ret = unsafe { ffi::SSL_CTX_clear_options(self.ctx, option.bits()) };
         SslContextOptions::from_bits(ret).unwrap()
     }