On older OpenSSL (pre-3.x), the actual type accepted by SSL_CTX_set_options was unsigned long. On 3.0.0 and later, the type is uint64_t. SSL_OP_CRYPTOPRO_TLSEXT_BUG (0x80000000U, potentially problematic for a signed 32-bit long) exists even pre-3.x (and is part of SSL_OP_ALL!), and on 3.0.0, there are option bits (e.g. SSL_OP_NO_TX_CERTIFICATE_COMPRESSION) that exceed 32 bits. This type should be changed to a value matching the built-against OpenSSL version, or to uint64_t with a range check in the set_options function for versions prior to 3.x.
Currently,
asio::ssl::context_base::options
has typelong
: https://github.com/chriskohlhoff/asio/blob/1408e2895c94c8e254e9e8ddd66ba083777f0dc2/asio/include/asio/ssl/context_base.hpp#L108On older OpenSSL (pre-3.x), the actual type accepted by
SSL_CTX_set_options
wasunsigned long
. On 3.0.0 and later, the type isuint64_t
.SSL_OP_CRYPTOPRO_TLSEXT_BUG
(0x80000000U
, potentially problematic for a signed 32-bitlong
) exists even pre-3.x (and is part ofSSL_OP_ALL
!), and on 3.0.0, there are option bits (e.g.SSL_OP_NO_TX_CERTIFICATE_COMPRESSION
) that exceed 32 bits. This type should be changed to a value matching the built-against OpenSSL version, or touint64_t
with a range check in theset_options
function for versions prior to 3.x.