Make SSL{_CTX,}_{get,set,clear}_options functions

These now take and return unsigned long, and get is constified.
Updated related documentation and util/ssleay.num

Reviewed-by: Matt Caswell <matt@openssl.org>

5 files changed, 22 insertions, 12 deletions

diff --git a/doc/ssl/SSL_CONF_cmd.pod b/doc/ssl/SSL_CONF_cmd.pod
index 9feaa28103..a74117df0d 100644
--- a/doc/ssl/SSL_CONF_cmd.pod
+++ b/doc/ssl/SSL_CONF_cmd.pod
@@ -318,8 +318,9 @@ sure to also leave TLS 1.1 enabled.
 =item B<Options>
 
 The B<value> argument is a comma separated list of various flags to set.
-If a flag string is preceded B<-> it is disabled. See the
-B<SSL_CTX_set_options> function for more details of individual options.
+If a flag string is preceded B<-> it is disabled.
+See the L<SSL_CTX_set_options(3)> function for more details of
+individual options.
 
 Each option is listed below. Where an operation is enabled by default
 the B<-flag> syntax is needed to disable it.
@@ -527,7 +528,8 @@ L<SSL_CONF_CTX_new(3)>,
 L<SSL_CONF_CTX_set_flags(3)>,
 L<SSL_CONF_CTX_set1_prefix(3)>,
 L<SSL_CONF_CTX_set_ssl_ctx(3)>,
-L<SSL_CONF_cmd_argv(3)>
+L<SSL_CONF_cmd_argv(3)>,
+L<SSL_CTX_set_options(3)>
 
 =head1 HISTORY
 
diff --git a/doc/ssl/SSL_CTX_new.pod b/doc/ssl/SSL_CTX_new.pod
index 136f97b366..53f621685e 100644
--- a/doc/ssl/SSL_CTX_new.pod
+++ b/doc/ssl/SSL_CTX_new.pod
@@ -139,9 +139,9 @@ If you want to limit the supported protocols for the version flexible
 methods you can use SSL_CTX_set_min_proto_version(),
 SSL_set_min_proto_version(), SSL_CTX_set_max_proto_version() and
 SSL_set_max_proto_version() functions.
-They can also be limited using by using an option like SSL_OP_NO_SSLv3
-of the SSL_CTX_set_options() or SSL_set_options() functions, but
-that's not recommended.
+They can also be limited by setting an option like B<SSL_OP_NO_SSLv3>
+via the L<SSL_CTX_set_options(3)> or L<SSL_set_options(3)> functions,
+but that's not recommended.
 Using these functions it is possible to choose e.g. TLS_server_method()
 and be able to negotiate with all possible clients, but to only
 allow newer protocols like TLS 1.0, TLS 1.1 or TLS 1.2.
diff --git a/doc/ssl/SSL_CTX_set_min_proto_version.pod b/doc/ssl/SSL_CTX_set_min_proto_version.pod
index 25f9cca23d..535ae83e7a 100644
--- a/doc/ssl/SSL_CTX_set_min_proto_version.pod
+++ b/doc/ssl/SSL_CTX_set_min_proto_version.pod
@@ -19,8 +19,9 @@ and maximum supported protocol version
 
 The functions set the minimum and maximum supported portocol versions
 for the B<ctx> or B<ssl>.
-This works in combination with the options set via SSL_CTX_set_options()
-that also make it possible to disable specific protocol versions.
+This works in combination with the options set via
+L<SSL_CTX_set_options(3)> that also make it possible to disable
+specific protocol versions.
 Use these functions instead of disabling specific protocol versions.
 
 Setting the minimum or maximum version to 0, will enable protocol
diff --git a/doc/ssl/SSL_CTX_set_options.pod b/doc/ssl/SSL_CTX_set_options.pod
index 56f62cc59f..c1325681e2 100644
--- a/doc/ssl/SSL_CTX_set_options.pod
+++ b/doc/ssl/SSL_CTX_set_options.pod
@@ -23,8 +23,6 @@ SSL_get_secure_renegotiation_support - manipulate SSL options
 
 =head1 DESCRIPTION
 
-Note: all these functions are implemented using macros.
-
 SSL_CTX_set_options() adds the options set via bitmask in B<options> to B<ctx>.
 Options already set before are not cleared!
 
@@ -42,6 +40,7 @@ SSL_get_options() returns the options set for B<ssl>.
 
 SSL_get_secure_renegotiation_support() indicates whether the peer supports
 secure renegotiation.
+Note, this is implemented via a macro.
 
 =head1 NOTES
 
diff --git a/doc/ssl/ssl.pod b/doc/ssl/ssl.pod
index 0d29b54bdd..33133ff78f 100644
--- a/doc/ssl/ssl.pod
+++ b/doc/ssl/ssl.pod
@@ -315,7 +315,11 @@ Use the file path to locate trusted CA certficates.
 
 =item void B<SSL_CTX_set_msg_callback_arg>(SSL_CTX *ctx, void *arg);
 
-=item void B<SSL_CTX_set_options>(SSL_CTX *ctx, unsigned long op);
+=item unsigned long B<SSL_CTX_clear_options>(SSL_CTX *ctx, unsigned long op);
+
+=item unsigned long B<SSL_CTX_get_options>(SSL_CTX *ctx);
+
+=item unsigned long B<SSL_CTX_set_options>(SSL_CTX *ctx, unsigned long op);
 
 =item void B<SSL_CTX_set_quiet_shutdown>(SSL_CTX *ctx, int mode);
 
@@ -596,7 +600,11 @@ fresh handle for each connection.
 
 =item void B<SSL_set_msg_callback_arg>(SSL *ctx, void *arg);
 
-=item void B<SSL_set_options>(SSL *ssl, unsigned long op);
+=item unsigned long B<SSL_clear_options>(SSL *ssl, unsigned long op);
+
+=item unsigned long B<SSL_get_options>(SSL *ssl);
+
+=item unsigned long B<SSL_set_options>(SSL *ssl, unsigned long op);
 
 =item void B<SSL_set_quiet_shutdown>(SSL *ssl, int mode);