Review feedbacks: refactor test_SSL_set_options and add SSL_clear_option

src/ssl.c

@@ -11469,19 +11469,20 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
 
     long wolfSSL_CTX_get_options(WOLFSSL_CTX* ctx)
     {
-        (void)ctx;
         WOLFSSL_ENTER("wolfSSL_CTX_get_options");
         WOLFSSL_MSG("wolfSSL options are set through API calls and macros");
-
-        return 0;
+        return ctx->mask;
     }
 
 
     long wolfSSL_CTX_set_options(WOLFSSL_CTX* ctx, long opt)
     {
+        WOLFSSL *ssl = wolfSSL_new(ctx);
         WOLFSSL_ENTER("SSL_CTX_set_options");
-        ctx->mask |= opt;
-        return opt;
+        if(ssl == NULL)return SSL_FAILURE;
+        ctx->mask = wolfSSL_set_options(ssl, opt);
+        wolfSSL_free(ssl);
+        return ctx->mask;
     }
 
     long wolfSSL_CTX_clear_options(WOLFSSL_CTX* ctx, long opt)
@@ -16976,8 +16977,7 @@ int wolfSSL_PEM_def_callback(char* name, int num, int w, void* key)
     return 0;
 }
 
-
-unsigned long wolfSSL_set_options(WOLFSSL* ssl, unsigned long op)
+long wolfSSL_set_options(WOLFSSL* ssl, long op)
 {
     word16 haveRSA = 1;
     word16 havePSK = 0;
@@ -17073,13 +17073,20 @@ unsigned long wolfSSL_set_options(WOLFSSL* ssl, unsigned long op)
 }
 
 
-unsigned long wolfSSL_get_options(const WOLFSSL* ssl)
+long wolfSSL_get_options(const WOLFSSL* ssl)
 {
     WOLFSSL_ENTER("wolfSSL_get_options");
 
     return ssl->options.mask;
 }
 
+long wolfSSL_clear_options(WOLFSSL* ssl, long opt)
+{
+    WOLFSSL_ENTER("SSL_clear_options");
+    ssl->options.mask &= ~opt;
+    return ssl->options.mask;
+}
+
 /*** TBD ***/
 WOLFSSL_API long wolfSSL_clear_num_renegotiations(WOLFSSL *s)
 {

tests/api.c

@@ -10458,8 +10458,29 @@ static void test_wolfSSL_set_options(void)
     printf(testingFmt, "wolfSSL_set_options()");
 
     AssertNotNull(ctx = SSL_CTX_new(wolfSSLv23_server_method()));
-    AssertTrue(SSL_CTX_use_certificate_file(ctx, svrCertFile, WOLFSSL_FILETYPE_PEM));
-    AssertTrue(SSL_CTX_use_PrivateKey_file(ctx, svrKeyFile, WOLFSSL_FILETYPE_PEM));
+    AssertTrue(SSL_CTX_use_certificate_file(ctx, svrCertFile, SSL_FILETYPE_PEM));
+    AssertTrue(SSL_CTX_use_PrivateKey_file(ctx, svrKeyFile, SSL_FILETYPE_PEM));
+
+    AssertTrue(SSL_CTX_set_options(ctx, SSL_OP_NO_TLSv1) == SSL_OP_NO_TLSv1);
+    AssertTrue(SSL_CTX_get_options(ctx) == SSL_OP_NO_TLSv1);
+
+    AssertIntGT((int)SSL_CTX_set_options(ctx, (SSL_OP_COOKIE_EXCHANGE |
+                                                              SSL_OP_NO_SSLv2)), 0);
+    AssertTrue((SSL_CTX_set_options(ctx, SSL_OP_COOKIE_EXCHANGE) &
+                                 SSL_OP_COOKIE_EXCHANGE) == SSL_OP_COOKIE_EXCHANGE);
+    AssertTrue((SSL_CTX_set_options(ctx, SSL_OP_NO_TLSv1_2) &
+                                           SSL_OP_NO_TLSv1_2) == SSL_OP_NO_TLSv1_2);
+    AssertTrue((SSL_CTX_set_options(ctx, SSL_OP_NO_COMPRESSION) &
+                                   SSL_OP_NO_COMPRESSION) == SSL_OP_NO_COMPRESSION);
+    AssertNull((SSL_CTX_clear_options(ctx, SSL_OP_NO_COMPRESSION) &
+                                               SSL_OP_NO_COMPRESSION));
+
+    SSL_CTX_free(ctx);
+
+    AssertNotNull(ctx = SSL_CTX_new(wolfSSLv23_server_method()));
+    AssertTrue(SSL_CTX_use_certificate_file(ctx, svrCertFile, SSL_FILETYPE_PEM));
+    AssertTrue(SSL_CTX_use_PrivateKey_file(ctx, svrKeyFile, SSL_FILETYPE_PEM));
+
     AssertNotNull(ssl = SSL_new(ctx));
 
     AssertTrue(SSL_set_options(ssl, SSL_OP_NO_TLSv1) == SSL_OP_NO_TLSv1);
@@ -10473,6 +10494,8 @@ static void test_wolfSSL_set_options(void)
                                        SSL_OP_NO_TLSv1_2) == SSL_OP_NO_TLSv1_2);
     AssertTrue((SSL_set_options(ssl, SSL_OP_NO_COMPRESSION) &
                                SSL_OP_NO_COMPRESSION) == SSL_OP_NO_COMPRESSION);
+    AssertNull((SSL_clear_options(ssl, SSL_OP_NO_COMPRESSION) &
+                                       SSL_OP_NO_COMPRESSION));
 
 		AssertTrue(SSL_set_msg_callback(ssl, msg_cb) == SSL_SUCCESS);
 		SSL_set_msg_callback_arg(ssl, arg);

wolfssl/openssl/ssl.h

@@ -416,6 +416,7 @@ typedef WOLFSSL_X509_STORE_CTX X509_STORE_CTX;
 #define RAND_bytes wolfSSL_RAND_bytes
 #define SSLv23_server_method  wolfSSLv23_server_method
 #define SSL_CTX_set_options   wolfSSL_CTX_set_options
+#define SSL_CTX_get_options   wolfSSL_CTX_get_options
 #define SSL_CTX_clear_options wolfSSL_CTX_clear_options
 
 #define SSL_CTX_check_private_key wolfSSL_CTX_check_private_key
@@ -560,6 +561,7 @@ typedef WOLFSSL_X509_NAME_ENTRY X509_NAME_ENTRY;
 
 #define SSL_set_options      wolfSSL_set_options
 #define SSL_get_options      wolfSSL_get_options
+#define SSL_clear_options    wolfSSL_clear_options
 #define SSL_set_tmp_dh       wolfSSL_set_tmp_dh
 #define SSL_clear_num_renegotiations    wolfSSL_clear_num_renegotiations
 #define SSL_total_renegotiations       wolfSSL_total_renegotiations

wolfssl/ssl.h

@@ -879,8 +879,9 @@ WOLFSSL_API int  wolfSSL_CTX_add_client_CA(WOLFSSL_CTX*, WOLFSSL_X509*);
 WOLFSSL_API int  wolfSSL_CTX_set_srp_password(WOLFSSL_CTX*, char*);
 WOLFSSL_API int  wolfSSL_CTX_set_srp_username(WOLFSSL_CTX*, char*);
 
-WOLFSSL_API unsigned long wolfSSL_set_options(WOLFSSL *s, unsigned long op);
-WOLFSSL_API unsigned long wolfSSL_get_options(const WOLFSSL *s);
+WOLFSSL_API long wolfSSL_set_options(WOLFSSL *s, long op);
+WOLFSSL_API long wolfSSL_get_options(const WOLFSSL *s);
+WOLFSSL_API long wolfSSL_clear_options(WOLFSSL *s,  long op);
 WOLFSSL_API long wolfSSL_clear_num_renegotiations(WOLFSSL *s);
 WOLFSSL_API long wolfSSL_total_renegotiations(WOLFSSL *s);
 WOLFSSL_API long wolfSSL_set_tmp_dh(WOLFSSL *s, WOLFSSL_DH *dh);
@@ -1243,7 +1244,9 @@ WOLFSSL_API int  wolfSSL_RAND_status(void);
 WOLFSSL_API int  wolfSSL_RAND_bytes(unsigned char* buf, int num);
 WOLFSSL_API WOLFSSL_METHOD *wolfSSLv23_server_method(void);
 WOLFSSL_API long wolfSSL_CTX_set_options(WOLFSSL_CTX*, long);
+WOLFSSL_API long wolfSSL_CTX_get_options(WOLFSSL_CTX* ctx);
 WOLFSSL_API long wolfSSL_CTX_clear_options(WOLFSSL_CTX*, long);
+
 #ifndef NO_CERTS
   WOLFSSL_API int  wolfSSL_CTX_check_private_key(WOLFSSL_CTX*);
 #endif /* !NO_CERTS */