/* Single command line switches with no argument e.g. -no_ssl3 */
static int ctrl_str_option(SSL_CONF_CTX *cctx, const char *cmd)
{
static const ssl_flag_tbl ssl_option_single[] =
{
SSL_FLAG_TBL("no_ssl2", SSL_OP_NO_SSLv2),
SSL_FLAG_TBL("no_ssl3", SSL_OP_NO_SSLv3),
SSL_FLAG_TBL("no_tls1", SSL_OP_NO_TLSv1),
SSL_FLAG_TBL("no_tls1_1", SSL_OP_NO_TLSv1_1),
SSL_FLAG_TBL("no_tls1_2", SSL_OP_NO_TLSv1_2),
SSL_FLAG_TBL("no_tls1_2", SSL_OP_NO_TLSv1_2),
SSL_FLAG_TBL("bugs", SSL_OP_ALL),
SSL_FLAG_TBL("no_comp", SSL_OP_NO_COMPRESSION),
#ifndef OPENSSL_NO_TLSEXT
SSL_FLAG_TBL("no_ticket", SSL_OP_NO_TICKET),
#endif
SSL_FLAG_TBL_SRV("serverpref", SSL_OP_CIPHER_SERVER_PREFERENCE),
SSL_FLAG_TBL("legacy_renegotiation", SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION),
SSL_FLAG_TBL_SRV("legacy_server_connect", SSL_OP_LEGACY_SERVER_CONNECT),
SSL_FLAG_TBL_SRV_INV("no_legacy_server_connect", SSL_OP_LEGACY_SERVER_CONNECT),
SSL_FLAG_TBL_CERT("strict", SSL_CERT_FLAG_TLS_STRICT),
#ifdef OPENSSL_SSL_DEBUG_BROKEN_PROTOCOL
SSL_FLAG_TBL_CERT("debug_broken_protocol", SSL_CERT_FLAG_BROKEN_PROTOCOL),
#endif
};
cctx->tbl = ssl_option_single;
cctx->ntbl = sizeof(ssl_option_single)/sizeof(ssl_flag_tbl);
return ssl_set_option_list(cmd, -1, cctx);
}
static int cmd_Options(SSL_CONF_CTX *cctx, const char *value)
{
static const ssl_flag_tbl ssl_option_list[] = {
SSL_FLAG_TBL_INV("SessionTicket", SSL_OP_NO_TICKET),
SSL_FLAG_TBL_INV("EmptyFragments",
SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS),
SSL_FLAG_TBL("Bugs", SSL_OP_ALL),
SSL_FLAG_TBL_INV("Compression", SSL_OP_NO_COMPRESSION),
SSL_FLAG_TBL_SRV("ServerPreference", SSL_OP_CIPHER_SERVER_PREFERENCE),
SSL_FLAG_TBL_SRV("NoResumptionOnRenegotiation",
SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION),
SSL_FLAG_TBL_SRV("DHSingle", SSL_OP_SINGLE_DH_USE),
SSL_FLAG_TBL_SRV("ECDHSingle", SSL_OP_SINGLE_ECDH_USE),
SSL_FLAG_TBL("UnsafeLegacyRenegotiation",
SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION),
SSL_FLAG_TBL_INV("EncryptThenMac", SSL_OP_NO_ENCRYPT_THEN_MAC),
SSL_FLAG_TBL("NoRenegotiation", SSL_OP_NO_RENEGOTIATION),
SSL_FLAG_TBL("AllowNoDHEKEX", SSL_OP_ALLOW_NO_DHE_KEX),
SSL_FLAG_TBL("PrioritizeChaCha", SSL_OP_PRIORITIZE_CHACHA)
};
if (value == NULL)
return -3;
cctx->tbl = ssl_option_list;
cctx->ntbl = OSSL_NELEM(ssl_option_list);
return CONF_parse_list(value, ',', 1, ssl_set_option_list, cctx);
}
static int cmd_Options(SSL_CONF_CTX *cctx, const char *value)
{
static const ssl_flag_tbl ssl_option_list[] =
{
SSL_FLAG_TBL_INV("SessionTicket", SSL_OP_NO_TICKET),
SSL_FLAG_TBL_INV("EmptyFragments", SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS),
SSL_FLAG_TBL("Bugs", SSL_OP_ALL),
SSL_FLAG_TBL_INV("Compression", SSL_OP_NO_COMPRESSION),
SSL_FLAG_TBL_SRV("ServerPreference", SSL_OP_CIPHER_SERVER_PREFERENCE),
SSL_FLAG_TBL_SRV("DHSingle", SSL_OP_SINGLE_DH_USE),
SSL_FLAG_TBL_SRV("ECDHSingle", SSL_OP_SINGLE_ECDH_USE),
SSL_FLAG_TBL("UnsafeLegacyRenegotiation", SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION),
};
if (!(cctx->flags & SSL_CONF_FLAG_FILE))
return -2;
if (value == NULL)
return -3;
cctx->tbl = ssl_option_list;
cctx->ntbl = sizeof(ssl_option_list)/sizeof(ssl_flag_tbl);
return CONF_parse_list(value, ',', 1, ssl_set_option_list, cctx);
}