Unverified Commit 6f4a592a authored by Steven Fackler's avatar Steven Fackler Committed by GitHub
Browse files

Merge pull request #1225 from kubo39/no-renegotiation-option 

Add NO RENEGOTIATION option
parents bb1cf5ef 9189b673

openssl-sys/build/cfgs.rs

+3 −0
Original line number Diff line number Diff line
@@ -52,6 +52,9 @@ pub fn get(openssl_version: Option<u64>, libressl_version: Option<u64>) -> Vec<& 
        if openssl_version >= 0x1_01_00_07_0 {

            cfgs.push("ossl110g");

        }

        if openssl_version >= 0x1_01_00_08_0 {

            cfgs.push("ossl110h");

        }

        if openssl_version >= 0x1_01_01_00_0 {

            cfgs.push("ossl111");

        }

openssl-sys/src/ssl.rs

+3 −0
Original line number Diff line number Diff line
@@ -318,6 +318,9 @@ pub const SSL_OP_NO_DTLSv1_2: c_ulong = 0x08000000; 
#[cfg(ossl111)]

pub const SSL_OP_NO_TLSv1_3: c_ulong = 0x20000000;



#[cfg(ossl110h)]

pub const SSL_OP_NO_RENEGOTIATION: c_ulong = 0x40000000;



cfg_if! {

    if #[cfg(ossl111)] {

        pub const SSL_OP_NO_SSL_MASK: c_ulong = SSL_OP_NO_SSLv2

openssl/src/ssl/mod.rs

+6 −0
Original line number Diff line number Diff line
@@ -238,6 +238,12 @@ bitflags! { 
        #[cfg(any(ossl102, ossl110))]

        const NO_SSL_MASK = ffi::SSL_OP_NO_SSL_MASK;



        /// Disallow all renegotiation in TLSv1.2 and earlier.

        ///

        /// Requires OpenSSL 1.1.0h or newer.

        #[cfg(ossl110h)]

        const NO_RENEGOTIATION = ffi::SSL_OP_NO_RENEGOTIATION;



        /// Enable TLSv1.3 Compatibility mode.

        ///

        /// Requires OpenSSL 1.1.1 or newer. This is on by default in 1.1.1, but a future version