WolfSSL
/
wolfssl
mirror of https://github.com/wolfSSL/wolfssl.git
1
0
Fork 0
Code Issues Releases Wiki Activity

Make wolfSSL_(get|set)_options available outside compat layer. 

Also make wolfSSL_CTX_get_options available.
pull/5362/head
Hayden Roche 2022-07-14 14:53:42 -07:00
parent e3c65d86d6
commit a1b7c29309
4 changed files with 119 additions and 100 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

55
src/internal.c
View File

@ -6204,12 +6204,10 @@ int SetSSL_CTX(WOLFSSL* ssl, WOLFSSL_CTX* ctx, int writeDup)
} }
} /* writeDup check */ } /* writeDup check */
#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL)
if (ctx->mask != 0 && wolfSSL_set_options(ssl, ctx->mask) == 0) { if (ctx->mask != 0 && wolfSSL_set_options(ssl, ctx->mask) == 0) {
WOLFSSL_MSG("wolfSSL_set_options error"); WOLFSSL_MSG("wolfSSL_set_options error");
return BAD_FUNC_ARG; return BAD_FUNC_ARG;
} }
#endif
#ifdef WOLFSSL_SESSION_EXPORT #ifdef WOLFSSL_SESSION_EXPORT
#ifdef WOLFSSL_DTLS #ifdef WOLFSSL_DTLS
@ -24336,12 +24334,11 @@ exit_dpk:
ret = 1; ret = 1;
} }
#ifdef OPENSSL_EXTRA if ((wolfSSL_get_options(ssl) & WOLFSSL_OP_NO_TLSv1_3)) {
if ((wolfSSL_get_options(ssl) & SSL_OP_NO_TLSv1_3)) {
/* option set at run time to disable TLS 1.3 */ /* option set at run time to disable TLS 1.3 */
ret = 0; ret = 0;
} }
#endif
return ret; return ret;
#endif #endif
} }
@ -24860,31 +24857,38 @@ static int HashSkeData(WOLFSSL* ssl, enum wc_HashType hashType,
} }
} }
#ifdef OPENSSL_EXTRA
/* check if option is set to not allow the current version /* check if option is set to not allow the current version
* set from either wolfSSL_set_options or wolfSSL_CTX_set_options */ * set from either wolfSSL_set_options or wolfSSL_CTX_set_options */
if (!ssl->options.dtls && ssl->options.downgrade && if (!ssl->options.dtls && ssl->options.downgrade &&
ssl->options.mask > 0) { ssl->options.mask > 0) {
if (ssl->version.minor == TLSv1_2_MINOR && if (ssl->version.minor == TLSv1_2_MINOR &&
(ssl->options.mask & SSL_OP_NO_TLSv1_2) == SSL_OP_NO_TLSv1_2) { (ssl->options.mask & WOLFSSL_OP_NO_TLSv1_2) ==
WOLFSSL_OP_NO_TLSv1_2) {
WOLFSSL_MSG("\tOption set to not allow TLSv1.2, Downgrading"); WOLFSSL_MSG("\tOption set to not allow TLSv1.2, Downgrading");
ssl->version.minor = TLSv1_1_MINOR; ssl->version.minor = TLSv1_1_MINOR;
} }
if (ssl->version.minor == TLSv1_1_MINOR && if (ssl->version.minor == TLSv1_1_MINOR &&
(ssl->options.mask & SSL_OP_NO_TLSv1_1) == SSL_OP_NO_TLSv1_1) { (ssl->options.mask & WOLFSSL_OP_NO_TLSv1_1) ==
WOLFSSL_OP_NO_TLSv1_1) {
WOLFSSL_MSG("\tOption set to not allow TLSv1.1, Downgrading"); WOLFSSL_MSG("\tOption set to not allow TLSv1.1, Downgrading");
ssl->options.tls1_1 = 0; ssl->options.tls1_1 = 0;
ssl->version.minor = TLSv1_MINOR; ssl->version.minor = TLSv1_MINOR;
} }
if (ssl->version.minor == TLSv1_MINOR && if (ssl->version.minor == TLSv1_MINOR &&
(ssl->options.mask & SSL_OP_NO_TLSv1) == SSL_OP_NO_TLSv1) { (ssl->options.mask & WOLFSSL_OP_NO_TLSv1) ==
WOLFSSL_OP_NO_TLSv1) {
WOLFSSL_MSG("\tOption set to not allow TLSv1, Downgrading"); WOLFSSL_MSG("\tOption set to not allow TLSv1, Downgrading");
ssl->options.tls = 0; ssl->options.tls = 0;
ssl->options.tls1_1 = 0; ssl->options.tls1_1 = 0;
ssl->version.minor = SSLv3_MINOR; ssl->version.minor = SSLv3_MINOR;
} }
if (ssl->version.minor == SSLv3_MINOR && if (ssl->version.minor == SSLv3_MINOR &&
(ssl->options.mask & SSL_OP_NO_SSLv3) == SSL_OP_NO_SSLv3) { (ssl->options.mask & WOLFSSL_OP_NO_SSLv3) ==
WOLFSSL_OP_NO_SSLv3) {
WOLFSSL_MSG("\tError, option set to not allow SSLv3"); WOLFSSL_MSG("\tError, option set to not allow SSLv3");
return VERSION_ERROR; return VERSION_ERROR;
} }
@ -24894,7 +24898,6 @@ static int HashSkeData(WOLFSSL* ssl, enum wc_HashType hashType,
return VERSION_ERROR; return VERSION_ERROR;
} }
} }
#endif
return 0; return 0;
} }
@ -25163,11 +25166,8 @@ static int HashSkeData(WOLFSSL* ssl, enum wc_HashType hashType,
else else
#endif #endif
if (ssl->ctx->method->version.major == SSLv3_MAJOR && if (ssl->ctx->method->version.major == SSLv3_MAJOR &&
ssl->ctx->method->version.minor == TLSv1_2_MINOR ssl->ctx->method->version.minor == TLSv1_2_MINOR &&
#ifdef OPENSSL_EXTRA (wolfSSL_get_options(ssl) & WOLFSSL_OP_NO_TLSv1_2) == 0) {
&& (wolfSSL_get_options(ssl) & SSL_OP_NO_TLSv1_2) == 0
#endif
) {
/* TLS v1.2 capable client not allowed to downgrade when /* TLS v1.2 capable client not allowed to downgrade when
* connecting to TLS v1.2 capable server. * connecting to TLS v1.2 capable server.
*/ */
@ -28864,9 +28864,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
#endif #endif
if (ssl->ctx->method->version.major == SSLv3_MAJOR && if (ssl->ctx->method->version.major == SSLv3_MAJOR &&
ssl->ctx->method->version.minor == TLSv1_2_MINOR && ssl->ctx->method->version.minor == TLSv1_2_MINOR &&
#ifdef OPENSSL_EXTRA (wolfSSL_get_options(ssl) & WOLFSSL_OP_NO_TLSv1_2) == 0 &&
(wolfSSL_get_options(ssl) & SSL_OP_NO_TLSv1_2) == 0 &&
#endif
!IsAtLeastTLSv1_2(ssl)) { !IsAtLeastTLSv1_2(ssl)) {
/* TLS v1.2 capable server downgraded. */ /* TLS v1.2 capable server downgraded. */
XMEMCPY(output + idx + RAN_LEN - (TLS13_DOWNGRADE_SZ + 1), XMEMCPY(output + idx + RAN_LEN - (TLS13_DOWNGRADE_SZ + 1),
@ -31274,35 +31272,43 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
ssl->options.side); ssl->options.side);
} }
#ifdef OPENSSL_EXTRA
/* check if option is set to not allow the current version /* check if option is set to not allow the current version
* set from either wolfSSL_set_options or wolfSSL_CTX_set_options */ * set from either wolfSSL_set_options or wolfSSL_CTX_set_options */
if (!ssl->options.dtls && ssl->options.downgrade && if (!ssl->options.dtls && ssl->options.downgrade &&
ssl->options.mask > 0) { ssl->options.mask > 0) {
int reset = 0; int reset = 0;
if (ssl->version.minor == TLSv1_2_MINOR && if (ssl->version.minor == TLSv1_2_MINOR &&
(ssl->options.mask & SSL_OP_NO_TLSv1_2) == SSL_OP_NO_TLSv1_2) { (ssl->options.mask & WOLFSSL_OP_NO_TLSv1_2) ==
WOLFSSL_OP_NO_TLSv1_2) {
WOLFSSL_MSG("\tOption set to not allow TLSv1.2, Downgrading"); WOLFSSL_MSG("\tOption set to not allow TLSv1.2, Downgrading");
ssl->version.minor = TLSv1_1_MINOR; ssl->version.minor = TLSv1_1_MINOR;
reset = 1; reset = 1;
} }
if (ssl->version.minor == TLSv1_1_MINOR && if (ssl->version.minor == TLSv1_1_MINOR &&
(ssl->options.mask & SSL_OP_NO_TLSv1_1) == SSL_OP_NO_TLSv1_1) { (ssl->options.mask & WOLFSSL_OP_NO_TLSv1_1) ==
WOLFSSL_OP_NO_TLSv1_1) {
WOLFSSL_MSG("\tOption set to not allow TLSv1.1, Downgrading"); WOLFSSL_MSG("\tOption set to not allow TLSv1.1, Downgrading");
ssl->options.tls1_1 = 0; ssl->options.tls1_1 = 0;
ssl->version.minor = TLSv1_MINOR; ssl->version.minor = TLSv1_MINOR;
reset = 1; reset = 1;
} }
if (ssl->version.minor == TLSv1_MINOR && if (ssl->version.minor == TLSv1_MINOR &&
(ssl->options.mask & SSL_OP_NO_TLSv1) == SSL_OP_NO_TLSv1) { (ssl->options.mask & WOLFSSL_OP_NO_TLSv1) ==
WOLFSSL_OP_NO_TLSv1) {
WOLFSSL_MSG("\tOption set to not allow TLSv1, Downgrading"); WOLFSSL_MSG("\tOption set to not allow TLSv1, Downgrading");
ssl->options.tls = 0; ssl->options.tls = 0;
ssl->options.tls1_1 = 0; ssl->options.tls1_1 = 0;
ssl->version.minor = SSLv3_MINOR; ssl->version.minor = SSLv3_MINOR;
reset = 1; reset = 1;
} }
if (ssl->version.minor == SSLv3_MINOR && if (ssl->version.minor == SSLv3_MINOR &&
(ssl->options.mask & SSL_OP_NO_SSLv3) == SSL_OP_NO_SSLv3) { (ssl->options.mask & WOLFSSL_OP_NO_SSLv3) ==
WOLFSSL_OP_NO_SSLv3) {
WOLFSSL_MSG("\tError, option set to not allow SSLv3"); WOLFSSL_MSG("\tError, option set to not allow SSLv3");
ret = VERSION_ERROR; ret = VERSION_ERROR;
goto out; goto out;
@ -31337,7 +31343,6 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
ssl->options.side); ssl->options.side);
} }
} }
#endif
/* random */ /* random */
XMEMCPY(ssl->arrays->clientRandom, input + i, RAN_LEN); XMEMCPY(ssl->arrays->clientRandom, input + i, RAN_LEN);

21
src/ssl.c
View File

@ -15844,7 +15844,6 @@ cleanup:
} }
#ifdef OPENSSL_EXTRA #ifdef OPENSSL_EXTRA
void wolfSSL_CTX_set_tmp_rsa_callback(WOLFSSL_CTX* ctx, void wolfSSL_CTX_set_tmp_rsa_callback(WOLFSSL_CTX* ctx,
WOLFSSL_RSA*(*f)(WOLFSSL*, int, int)) WOLFSSL_RSA*(*f)(WOLFSSL*, int, int))
{ {
@ -15865,7 +15864,7 @@ cleanup:
ssl->options.sentNotify = (opt&WOLFSSL_SENT_SHUTDOWN) > 0; ssl->options.sentNotify = (opt&WOLFSSL_SENT_SHUTDOWN) > 0;
ssl->options.closeNotify = (opt&WOLFSSL_RECEIVED_SHUTDOWN) > 0; ssl->options.closeNotify = (opt&WOLFSSL_RECEIVED_SHUTDOWN) > 0;
} }
#endif
long wolfSSL_CTX_get_options(WOLFSSL_CTX* ctx) long wolfSSL_CTX_get_options(WOLFSSL_CTX* ctx)
{ {
@ -15876,8 +15875,6 @@ cleanup:
return ctx->mask; return ctx->mask;
} }
#endif
static long wolf_set_options(long old_op, long op); static long wolf_set_options(long old_op, long op);
long wolfSSL_CTX_set_options(WOLFSSL_CTX* ctx, long opt) long wolfSSL_CTX_set_options(WOLFSSL_CTX* ctx, long opt)
{ {
@ -22584,7 +22581,6 @@ static long wolf_set_options(long old_op, long op)
return old_op | op; return old_op | op;
} }
#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL)
long wolfSSL_set_options(WOLFSSL* ssl, long op) long wolfSSL_set_options(WOLFSSL* ssl, long op)
{ {
word16 haveRSA = 1; word16 haveRSA = 1;
@ -22599,29 +22595,28 @@ long wolfSSL_set_options(WOLFSSL* ssl, long op)
ssl->options.mask = wolf_set_options(ssl->options.mask, op); ssl->options.mask = wolf_set_options(ssl->options.mask, op);
#ifdef SSL_OP_NO_TLSv1_3 if ((ssl->options.mask & WOLFSSL_OP_NO_TLSv1_3) == WOLFSSL_OP_NO_TLSv1_3) {
if ((ssl->options.mask & SSL_OP_NO_TLSv1_3) == SSL_OP_NO_TLSv1_3) {
if (ssl->version.minor == TLSv1_3_MINOR) if (ssl->version.minor == TLSv1_3_MINOR)
ssl->version.minor = TLSv1_2_MINOR; ssl->version.minor = TLSv1_2_MINOR;
} }
#endif
if ((ssl->options.mask & SSL_OP_NO_TLSv1_2) == SSL_OP_NO_TLSv1_2) { if ((ssl->options.mask & WOLFSSL_OP_NO_TLSv1_2) == WOLFSSL_OP_NO_TLSv1_2) {
if (ssl->version.minor == TLSv1_2_MINOR) if (ssl->version.minor == TLSv1_2_MINOR)
ssl->version.minor = TLSv1_1_MINOR; ssl->version.minor = TLSv1_1_MINOR;
} }
if ((ssl->options.mask & SSL_OP_NO_TLSv1_1) == SSL_OP_NO_TLSv1_1) { if ((ssl->options.mask & WOLFSSL_OP_NO_TLSv1_1) == WOLFSSL_OP_NO_TLSv1_1) {
if (ssl->version.minor == TLSv1_1_MINOR) if (ssl->version.minor == TLSv1_1_MINOR)
ssl->version.minor = TLSv1_MINOR; ssl->version.minor = TLSv1_MINOR;
} }
if ((ssl->options.mask & SSL_OP_NO_TLSv1) == SSL_OP_NO_TLSv1) { if ((ssl->options.mask & WOLFSSL_OP_NO_TLSv1) == WOLFSSL_OP_NO_TLSv1) {
if (ssl->version.minor == TLSv1_MINOR) if (ssl->version.minor == TLSv1_MINOR)
ssl->version.minor = SSLv3_MINOR; ssl->version.minor = SSLv3_MINOR;
} }
if ((ssl->options.mask & WOLFSSL_OP_NO_COMPRESSION) == WOLFSSL_OP_NO_COMPRESSION) { if ((ssl->options.mask & WOLFSSL_OP_NO_COMPRESSION)
== WOLFSSL_OP_NO_COMPRESSION) {
#ifdef HAVE_LIBZ #ifdef HAVE_LIBZ
ssl->options.usingCompression = 0; ssl->options.usingCompression = 0;
#endif #endif
@ -22657,8 +22652,6 @@ long wolfSSL_get_options(const WOLFSSL* ssl)
return ssl->options.mask; return ssl->options.mask;
} }
#endif /* OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL */
#if defined(HAVE_SECURE_RENEGOTIATION) \ #if defined(HAVE_SECURE_RENEGOTIATION) \
|| defined(HAVE_SERVER_RENEGOTIATION_INFO) || defined(HAVE_SERVER_RENEGOTIATION_INFO)
/* clears the counter for number of renegotiations done /* clears the counter for number of renegotiations done

131
tests/api.c
View File

@ -35483,90 +35483,112 @@ static void test_generate_cookie(void)
static void test_wolfSSL_set_options(void) static void test_wolfSSL_set_options(void)
{ {
#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \ #if !defined(NO_CERTS) && !defined(NO_FILESYSTEM) && !defined(NO_RSA)
!defined(NO_FILESYSTEM) && !defined(NO_RSA) WOLFSSL* ssl;
SSL* ssl; WOLFSSL_CTX* ctx;
SSL_CTX* ctx; #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
char appData[] = "extra msg"; char appData[] = "extra msg";
#endif
#ifdef OPENSSL_EXTRA
unsigned char protos[] = { unsigned char protos[] = {
7, 't', 'l', 's', '/', '1', '.', '2', 7, 't', 'l', 's', '/', '1', '.', '2',
8, 'h', 't', 't', 'p', '/', '1', '.', '1' 8, 'h', 't', 't', 'p', '/', '1', '.', '1'
}; };
unsigned int len = sizeof(protos); unsigned int len = sizeof(protos);
void *arg = (void *)TEST_ARG; void *arg = (void *)TEST_ARG;
#endif
printf(testingFmt, "wolfSSL_set_options()"); printf(testingFmt, "wolfSSL_set_options()");
#ifndef NO_WOLFSSL_SERVER #ifndef NO_WOLFSSL_SERVER
AssertNotNull(ctx = SSL_CTX_new(wolfSSLv23_server_method())); AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method()));
#else #else
AssertNotNull(ctx = SSL_CTX_new(wolfSSLv23_client_method())); AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()));
#endif #endif
AssertTrue(SSL_CTX_use_certificate_file(ctx, svrCertFile, SSL_FILETYPE_PEM)); AssertTrue(wolfSSL_CTX_use_certificate_file(ctx, svrCertFile,
AssertTrue(SSL_CTX_use_PrivateKey_file(ctx, svrKeyFile, SSL_FILETYPE_PEM)); WOLFSSL_FILETYPE_PEM));
AssertTrue(wolfSSL_CTX_use_PrivateKey_file(ctx, svrKeyFile,
WOLFSSL_FILETYPE_PEM));
AssertTrue(SSL_CTX_set_options(ctx, SSL_OP_NO_TLSv1) == SSL_OP_NO_TLSv1); AssertTrue(wolfSSL_CTX_set_options(ctx, WOLFSSL_OP_NO_TLSv1)
AssertTrue(SSL_CTX_get_options(ctx) == SSL_OP_NO_TLSv1); == WOLFSSL_OP_NO_TLSv1);
AssertTrue(wolfSSL_CTX_get_options(ctx) == WOLFSSL_OP_NO_TLSv1);
AssertIntGT((int)SSL_CTX_set_options(ctx, (SSL_OP_COOKIE_EXCHANGE | AssertIntGT((int)wolfSSL_CTX_set_options(ctx, (WOLFSSL_OP_COOKIE_EXCHANGE |
SSL_OP_NO_SSLv2)), 0); WOLFSSL_OP_NO_SSLv2)), 0);
AssertTrue((SSL_CTX_set_options(ctx, SSL_OP_COOKIE_EXCHANGE) & AssertTrue((wolfSSL_CTX_set_options(ctx, WOLFSSL_OP_COOKIE_EXCHANGE) &
SSL_OP_COOKIE_EXCHANGE) == SSL_OP_COOKIE_EXCHANGE); WOLFSSL_OP_COOKIE_EXCHANGE) == WOLFSSL_OP_COOKIE_EXCHANGE);
AssertTrue((SSL_CTX_set_options(ctx, SSL_OP_NO_TLSv1_2) & AssertTrue((wolfSSL_CTX_set_options(ctx, WOLFSSL_OP_NO_TLSv1_2) &
SSL_OP_NO_TLSv1_2) == SSL_OP_NO_TLSv1_2); WOLFSSL_OP_NO_TLSv1_2) == WOLFSSL_OP_NO_TLSv1_2);
AssertTrue((SSL_CTX_set_options(ctx, SSL_OP_NO_COMPRESSION) & AssertTrue((wolfSSL_CTX_set_options(ctx, WOLFSSL_OP_NO_COMPRESSION) &
SSL_OP_NO_COMPRESSION) == SSL_OP_NO_COMPRESSION); WOLFSSL_OP_NO_COMPRESSION) == WOLFSSL_OP_NO_COMPRESSION);
AssertNull((SSL_CTX_clear_options(ctx, SSL_OP_NO_COMPRESSION) & #ifdef OPENSSL_EXTRA
SSL_OP_NO_COMPRESSION)); AssertFalse((wolfSSL_CTX_clear_options(ctx, WOLFSSL_OP_NO_COMPRESSION) &
WOLFSSL_OP_NO_COMPRESSION));
#endif
SSL_CTX_free(ctx); wolfSSL_CTX_free(ctx);
#ifndef NO_WOLFSSL_SERVER #ifndef NO_WOLFSSL_SERVER
ctx = SSL_CTX_new(wolfSSLv23_server_method()); ctx = wolfSSL_CTX_new(wolfSSLv23_server_method());
AssertNotNull(ctx); AssertNotNull(ctx);
#else #else
ctx = SSL_CTX_new(wolfSSLv23_client_method()); ctx = wolfSSL_CTX_new(wolfSSLv23_client_method());
AssertNotNull(ctx); AssertNotNull(ctx);
#endif #endif
AssertTrue(SSL_CTX_use_certificate_file(ctx, svrCertFile, SSL_FILETYPE_PEM)); AssertTrue(wolfSSL_CTX_use_certificate_file(ctx, svrCertFile,
AssertTrue(SSL_CTX_use_PrivateKey_file(ctx, svrKeyFile, SSL_FILETYPE_PEM)); WOLFSSL_FILETYPE_PEM));
AssertTrue(SSL_CTX_set_msg_callback(ctx, msg_cb) == SSL_SUCCESS); AssertTrue(wolfSSL_CTX_use_PrivateKey_file(ctx, svrKeyFile,
WOLFSSL_FILETYPE_PEM));
#ifdef OPENSSL_EXTRA
AssertTrue(wolfSSL_CTX_set_msg_callback(ctx, msg_cb) == WOLFSSL_SUCCESS);
#endif
AssertNotNull(ssl = SSL_new(ctx)); AssertNotNull(ssl = wolfSSL_new(ctx));
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
#ifdef HAVE_EX_DATA #ifdef HAVE_EX_DATA
AssertIntEQ(SSL_set_app_data(ssl, (void*)appData), SSL_SUCCESS); AssertIntEQ(wolfSSL_set_app_data(ssl, (void*)appData), WOLFSSL_SUCCESS);
AssertNotNull(SSL_get_app_data((const WOLFSSL*)ssl)); AssertNotNull(wolfSSL_get_app_data((const WOLFSSL*)ssl));
if (ssl) { if (ssl) {
AssertIntEQ(XMEMCMP(SSL_get_app_data((const WOLFSSL*)ssl), AssertIntEQ(XMEMCMP(wolfSSL_get_app_data((const WOLFSSL*)ssl),
appData, sizeof(appData)), 0); appData, sizeof(appData)), 0);
} }
#else #else
AssertIntEQ(SSL_set_app_data(ssl, (void*)appData), SSL_FAILURE); AssertIntEQ(wolfSSL_set_app_data(ssl, (void*)appData), WOLFSSL_FAILURE);
AssertNull(SSL_get_app_data((const WOLFSSL*)ssl)); AssertNull(wolfSSL_get_app_data((const WOLFSSL*)ssl));
#endif
#endif #endif
AssertTrue(SSL_set_options(ssl, SSL_OP_NO_TLSv1) == SSL_OP_NO_TLSv1); AssertTrue(wolfSSL_set_options(ssl, WOLFSSL_OP_NO_TLSv1) ==
AssertTrue(SSL_get_options(ssl) == SSL_OP_NO_TLSv1); WOLFSSL_OP_NO_TLSv1);
AssertIntGT((int)SSL_set_options(ssl, (SSL_OP_COOKIE_EXCHANGE | AssertTrue(wolfSSL_get_options(ssl) == WOLFSSL_OP_NO_TLSv1);
AssertIntGT((int)wolfSSL_set_options(ssl, (WOLFSSL_OP_COOKIE_EXCHANGE |
WOLFSSL_OP_NO_SSLv2)), 0); WOLFSSL_OP_NO_SSLv2)), 0);
AssertTrue((SSL_set_options(ssl, SSL_OP_COOKIE_EXCHANGE) &
SSL_OP_COOKIE_EXCHANGE) == SSL_OP_COOKIE_EXCHANGE);
AssertTrue((SSL_set_options(ssl, SSL_OP_NO_TLSv1_2) &
SSL_OP_NO_TLSv1_2) == SSL_OP_NO_TLSv1_2);
AssertTrue((SSL_set_options(ssl, SSL_OP_NO_COMPRESSION) &
SSL_OP_NO_COMPRESSION) == SSL_OP_NO_COMPRESSION);
AssertNull((SSL_clear_options(ssl, SSL_OP_NO_COMPRESSION) &
SSL_OP_NO_COMPRESSION));
AssertTrue(SSL_set_msg_callback(ssl, msg_cb) == SSL_SUCCESS); AssertTrue((wolfSSL_set_options(ssl, WOLFSSL_OP_COOKIE_EXCHANGE) &
SSL_set_msg_callback_arg(ssl, arg); WOLFSSL_OP_COOKIE_EXCHANGE) == WOLFSSL_OP_COOKIE_EXCHANGE);
AssertTrue((wolfSSL_set_options(ssl, WOLFSSL_OP_NO_TLSv1_2) &
WOLFSSL_OP_NO_TLSv1_2) == WOLFSSL_OP_NO_TLSv1_2);
AssertTrue((wolfSSL_set_options(ssl, WOLFSSL_OP_NO_COMPRESSION) &
WOLFSSL_OP_NO_COMPRESSION) == WOLFSSL_OP_NO_COMPRESSION);
#ifdef OPENSSL_EXTRA
AssertNull((wolfSSL_clear_options(ssl, WOLFSSL_OP_NO_COMPRESSION) &
WOLFSSL_OP_NO_COMPRESSION));
#endif
#ifdef OPENSSL_EXTRA
AssertTrue(wolfSSL_set_msg_callback(ssl, msg_cb) == WOLFSSL_SUCCESS);
wolfSSL_set_msg_callback_arg(ssl, arg);
#ifdef WOLFSSL_ERROR_CODE_OPENSSL #ifdef WOLFSSL_ERROR_CODE_OPENSSL
AssertTrue(SSL_CTX_set_alpn_protos(ctx, protos, len) == 0); AssertTrue(wolfSSL_CTX_set_alpn_protos(ctx, protos, len) == 0);
#else #else
AssertTrue(SSL_CTX_set_alpn_protos(ctx, protos, len) == SSL_SUCCESS); AssertTrue(wolfSSL_CTX_set_alpn_protos(ctx, protos, len) == WOLFSSL_SUCCESS);
#endif
#endif #endif
#if defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) || \ #if defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) || \
@ -35576,20 +35598,19 @@ static void test_wolfSSL_set_options(void)
#if defined(HAVE_ALPN) && !defined(NO_BIO) #if defined(HAVE_ALPN) && !defined(NO_BIO)
#ifdef WOLFSSL_ERROR_CODE_OPENSSL #ifdef WOLFSSL_ERROR_CODE_OPENSSL
AssertTrue(SSL_set_alpn_protos(ssl, protos, len) == 0); AssertTrue(wolfSSL_set_alpn_protos(ssl, protos, len) == 0);
#else #else
AssertTrue(SSL_set_alpn_protos(ssl, protos, len) == SSL_SUCCESS); AssertTrue(wolfSSL_set_alpn_protos(ssl, protos, len) == WOLFSSL_SUCCESS);
#endif #endif
#endif /* HAVE_ALPN && !NO_BIO */ #endif /* HAVE_ALPN && !NO_BIO */
#endif #endif
SSL_free(ssl); wolfSSL_free(ssl);
SSL_CTX_free(ctx); wolfSSL_CTX_free(ctx);
printf(resultFmt, passed); printf(resultFmt, passed);
#endif /* defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \ #endif /* !defined(NO_CERTS) && !defined(NO_FILESYSTEM) && !defined(NO_RSA) */
!defined(NO_FILESYSTEM) && !defined(NO_RSA) */
} }
static void test_wolfSSL_sk_SSL_CIPHER(void) static void test_wolfSSL_sk_SSL_CIPHER(void)

2
wolfssl/internal.h
View File

@ -3740,8 +3740,8 @@ typedef struct Options {
#endif #endif
void* psk_ctx; void* psk_ctx;
#endif /* NO_PSK */ #endif /* NO_PSK */
#if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER) || defined(WOLFSSL_WPAS_SMALL)
unsigned long mask; /* store SSL_OP_ flags */ unsigned long mask; /* store SSL_OP_ flags */
#if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER) || defined(WOLFSSL_WPAS_SMALL)
word16 minProto:1; /* sets min to min available */ word16 minProto:1; /* sets min to min available */
word16 maxProto:1; /* sets max to max available */ word16 maxProto:1; /* sets max to max available */
#endif #endif