Merge pull request #1225 from kubo39/no-renegotiation-option

Add NO RENEGOTIATION option
2020-01-27 14:49:37 -05:00 · 2020-01-27 14:49:37 -05:00 · 6f4a592a2c
parent bb1cf5ef19 9189b67326
commit 6f4a592a2c
3 changed files with 12 additions and 0 deletions
--- a/openssl-sys/build/cfgs.rs
+++ b/openssl-sys/build/cfgs.rs
@ -52,6 +52,9 @@ pub fn get(openssl_version: Option<u64>, libressl_version: Option<u64>) -> Vec<&
        if openssl_version >= 0x1_01_00_07_0 {
            cfgs.push("ossl110g");
        }
        if openssl_version >= 0x1_01_00_08_0 {
            cfgs.push("ossl110h");
        }
        if openssl_version >= 0x1_01_01_00_0 {
            cfgs.push("ossl111");
        }
--- a/openssl-sys/src/ssl.rs
+++ b/openssl-sys/src/ssl.rs
@ -318,6 +318,9 @@ pub const SSL_OP_NO_DTLSv1_2: c_ulong = 0x08000000;
 #[cfg(ossl111)]
 pub const SSL_OP_NO_TLSv1_3: c_ulong = 0x20000000;
 #[cfg(ossl110h)]
 pub const SSL_OP_NO_RENEGOTIATION: c_ulong = 0x40000000;
 cfg_if! {
    if #[cfg(ossl111)] {
        pub const SSL_OP_NO_SSL_MASK: c_ulong = SSL_OP_NO_SSLv2
--- a/openssl/src/ssl/mod.rs
+++ b/openssl/src/ssl/mod.rs
@ -238,6 +238,12 @@ bitflags! {
        #[cfg(any(ossl102, ossl110))]
        const NO_SSL_MASK = ffi::SSL_OP_NO_SSL_MASK;
        /// Disallow all renegotiation in TLSv1.2 and earlier.
        ///
        /// Requires OpenSSL 1.1.0h or newer.
        #[cfg(ossl110h)]
        const NO_RENEGOTIATION = ffi::SSL_OP_NO_RENEGOTIATION;
        /// Enable TLSv1.3 Compatibility mode.
        ///
        /// Requires OpenSSL 1.1.1 or newer. This is on by default in 1.1.1, but a future version