Rework options handling

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20061)

1 files changed, 13 insertions, 3 deletions

diff --git a/ssl/ssl_local.h b/ssl/ssl_local.h
index a24ec27e5a..82747f6dfb 100644
--- a/ssl/ssl_local.h
+++ b/ssl/ssl_local.h
@@ -3044,8 +3044,8 @@ void ossl_ssl_set_custom_record_layer(SSL_CONNECTION *s,
      SSL_OP_LEGACY_SERVER_CONNECT             | \
      SSL_OP_IGNORE_UNEXPECTED_EOF             )
 
-/* Total mask of options permitted or ignored under QUIC. */
-#define OSSL_QUIC_PERMITTED_OPTIONS             \
+/* Total mask of connection-level options permitted or ignored under QUIC. */
+#define OSSL_QUIC_PERMITTED_OPTIONS_CONN        \
     (OSSL_LEGACY_SSL_OPTIONS                  | \
      OSSL_TLS1_2_OPTIONS                      | \
      SSL_OP_CIPHER_SERVER_PREFERENCE          | \
@@ -3053,9 +3053,19 @@ void ossl_ssl_set_custom_record_layer(SSL_CONNECTION *s,
      SSL_OP_NO_TX_CERTIFICATE_COMPRESSION     | \
      SSL_OP_NO_RX_CERTIFICATE_COMPRESSION     | \
      SSL_OP_PRIORITIZE_CHACHA                 | \
-     SSL_OP_CLEANSE_PLAINTEXT                 | \
      SSL_OP_NO_QUERY_MTU                      | \
      SSL_OP_NO_TICKET                         | \
      SSL_OP_NO_ANTI_REPLAY                    )
 
+/* Total mask of stream-level options permitted or ignored under QUIC. */
+#define OSSL_QUIC_PERMITTED_OPTIONS_STREAM      \
+    (OSSL_LEGACY_SSL_OPTIONS                  | \
+     OSSL_TLS1_2_OPTIONS                      | \
+     SSL_OP_CLEANSE_PLAINTEXT                 )
+
+/* Total mask of options permitted on either connections or streams. */
+#define OSSL_QUIC_PERMITTED_OPTIONS             \
+    (OSSL_QUIC_PERMITTED_OPTIONS_CONN |         \
+     OSSL_QUIC_PERMITTED_OPTIONS_STREAM)
+
 #endif