Cyclic0007/wolfssl
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge pull request #9596 from kareem-wolfssl/zd19378

Browse Source 
Add a runtime option to enable or disable the secure renegotiation check.
This commit is contained in:
David Garske
2026-01-26 08:34:57 -08:00
committed by GitHub
parent 4574a0c10e 1103552c37
commit eeaa3a7160
6 changed files with 227 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

67
doc/dox_comments/header_files/ssl.h
View File

@@ -15986,3 +15986,70 @@ void wolfSSL_CTX_set_default_passwd_cb(WOLFSSL_CTX* ctx,
*/
void wolfSSL_CTX_set_default_passwd_cb_userdata(WOLFSSL_CTX* ctx,
void* userdata);
/*!
\ingroup Setup
\brief Gets the state of the secure renegotiation (SCR) check requirement.
This function returns whether the client requires the server to acknowledge
the secure renegotiation extension and enable secure renegotiation when
sending it from the client. When enabled, the client will generate a fatal
handshake_failure alert if the server does not acknowledge the extension
in the ServerHello message, as required by RFC 9325.
\return 1 if the SCR check is enabled.
\return 0 if the SCR check is disabled.
\return BAD_FUNC_ARG if ssl is NULL.
\param ssl Pointer to the WOLFSSL structure, created with wolfSSL_new().
_Example_
\code
WOLFSSL* ssl;
int enabled;
ssl = wolfSSL_new(ctx);
enabled = wolfSSL_get_scr_check_enabled(ssl);
if (enabled) {
// SCR check is enabled
}
\endcode
\sa wolfSSL_set_scr_check_enabled
*/
int wolfSSL_get_scr_check_enabled(const WOLFSSL* ssl);
/*!
\ingroup Setup
\brief Sets the state of the secure renegotiation (SCR) check requirement.
This function enables or disables the requirement for the server to
acknowledge the secure renegotiation extension and enable secure
renegotiation when sending it from the client. When enabled, the client
will generate a fatal handshake_failure alert if the server does not
acknowledge the extension in the ServerHello message, as required by
RFC 9325.
\return WOLFSSL_SUCCESS on success.
\return BAD_FUNC_ARG if ssl is NULL.
\param ssl Pointer to the WOLFSSL structure, created with wolfSSL_new().
\param enabled Non-zero to enable the SCR check, zero to disable it.
_Example_
\code
WOLFSSL* ssl;
int ret;
ssl = wolfSSL_new(ctx);
ret = wolfSSL_set_scr_check_enabled(ssl, 1);
if (ret != WOLFSSL_SUCCESS) {
// Error setting SCR check
}
\endcode
\sa wolfSSL_get_scr_check_enabled
*/
int wolfSSL_set_scr_check_enabled(WOLFSSL* ssl, byte enabled);