Add ctrls to clear options and mode.
Change RI ctrl so it doesn't clash.
diff --git a/CHANGES b/CHANGES
index 24be6c5..ed3870c 100644
--- a/CHANGES
+++ b/CHANGES
@@ -863,6 +863,9 @@
Changes between 0.9.8l (?) and 0.9.8m (?) [xx XXX xxxx]
+ *) Add "missing" ssl ctrls to clear options and mode.
+ [Steve Henson]
+
*) If client attempts to renegotiate and doesn't support RI respond with
a no_renegotiation alert as required by draft-ietf-tls-renegotiation.
Some renegotiating TLS clients will continue a connection gracefully
diff --git a/ssl/ssl.h b/ssl/ssl.h
index dc04b66..4d53ef8 100644
--- a/ssl/ssl.h
+++ b/ssl/ssl.h
@@ -607,17 +607,25 @@
#define SSL_CTX_set_options(ctx,op) \
SSL_CTX_ctrl((ctx),SSL_CTRL_OPTIONS,(op),NULL)
+#define SSL_CTX_clear_options(ctx,op) \
+ SSL_CTX_ctrl((ctx),SSL_CTRL_CLEAR_OPTIONS,(op),NULL)
#define SSL_CTX_get_options(ctx) \
SSL_CTX_ctrl((ctx),SSL_CTRL_OPTIONS,0,NULL)
#define SSL_set_options(ssl,op) \
SSL_ctrl((ssl),SSL_CTRL_OPTIONS,(op),NULL)
+#define SSL_clear_options(ssl,op) \
+ SSL_ctrl((ssl),SSL_CTRL_CLEAR_OPTIONS,(op),NULL)
#define SSL_get_options(ssl) \
SSL_ctrl((ssl),SSL_CTRL_OPTIONS,0,NULL)
#define SSL_CTX_set_mode(ctx,op) \
SSL_CTX_ctrl((ctx),SSL_CTRL_MODE,(op),NULL)
+#define SSL_CTX_clear_mode(ctx,op) \
+ SSL_CTX_ctrl((ctx),SSL_CTRL_CLEAR_MODE,(op),NULL)
#define SSL_CTX_get_mode(ctx) \
SSL_CTX_ctrl((ctx),SSL_CTRL_MODE,0,NULL)
+#define SSL_clear_mode(ssl,op) \
+ SSL_ctrl((ssl),SSL_CTRL_CLEAR_MODE,(op),NULL)
#define SSL_set_mode(ssl,op) \
SSL_ctrl((ssl),SSL_CTRL_MODE,(op),NULL)
#define SSL_get_mode(ssl) \
@@ -1376,8 +1384,6 @@
#define SSL_CTRL_SET_MAX_SEND_FRAGMENT 52
-#define SSL_CTRL_GET_RI_SUPPORT 53
-
/* see tls1.h for macros based on these */
#ifndef OPENSSL_NO_TLSEXT
#define SSL_CTRL_SET_TLSEXT_SERVERNAME_CB 53
@@ -1407,6 +1413,10 @@
#define DTLS_CTRL_HANDLE_TIMEOUT 74
#define DTLS_CTRL_LISTEN 75
+#define SSL_CTRL_GET_RI_SUPPORT 76
+#define SSL_CTRL_CLEAR_OPTIONS 77
+#define SSL_CTRL_CLEAR_MODE 78
+
#define DTLSv1_get_timeout(ssl, arg) \
SSL_ctrl(ssl,DTLS_CTRL_GET_TIMEOUT,0, (void *)arg)
#define DTLSv1_handle_timeout(ssl) \
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index 39bd9d7..c9aa604 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -1041,8 +1041,12 @@
case SSL_CTRL_OPTIONS:
return(s->options|=larg);
+ case SSL_CTRL_CLEAR_OPTIONS:
+ return(s->options&=~larg);
case SSL_CTRL_MODE:
return(s->mode|=larg);
+ case SSL_CTRL_CLEAR_MODE:
+ return(s->mode &=~larg);
case SSL_CTRL_GET_MAX_CERT_LIST:
return(s->max_cert_list);
case SSL_CTRL_SET_MAX_CERT_LIST:
@@ -1152,8 +1156,12 @@
return(ctx->stats.sess_cache_full);
case SSL_CTRL_OPTIONS:
return(ctx->options|=larg);
+ case SSL_CTRL_CLEAR_OPTIONS:
+ return(ctx->options&=~larg);
case SSL_CTRL_MODE:
return(ctx->mode|=larg);
+ case SSL_CTRL_CLEAR_MODE:
+ return(ctx->mode&=~larg);
case SSL_CTRL_SET_MAX_SEND_FRAGMENT:
if (larg < 512 || larg > SSL3_RT_MAX_PLAIN_LENGTH)
return 0;
