[ruby/openssl] ssl: do not clear existing SSL options in SSLContext#set_params

Apply SSL options set in DEFAULT_PARAMS without clearing existing options. It currently clears options in order to avoid setting one of the options included in OpenSSL::SSL::OP_ALL unless explicitly specified, namely OpenSSL::SSL::OP_DONT_INSERT_EMPTY_FRAGMENTS. Now that OpenSSL::SSL::OP_ALL has been removed from SSLContext#initialize, it is no longer necessary. https://github.com/ruby/openssl/commit/77c3db2d65
2024-06-12 03:01:54 +09:00 · 2024-06-12 03:01:54 +09:00 · c9bbf7e3eb
commit c9bbf7e3eb
parent 510c190739
2 changed files with 3 additions and 1 deletions
--- a/ext/openssl/lib/openssl/ssl.rb
+++ b/ext/openssl/lib/openssl/ssl.rb
@ -144,7 +144,7 @@ ssbzSibBsu/6iGtCOGEoXJf//////////wIBAg==
      # used.
      def set_params(params={})
        params = DEFAULT_PARAMS.merge(params)
-        self.options = params.delete(:options) # set before min_version/max_version
+        self.options |= params.delete(:options) # set before min_version/max_version
        params.each{|name, value| self.__send__("#{name}=", value) }
        if self.verify_mode != OpenSSL::SSL::VERIFY_NONE
          unless self.ca_file or self.ca_path or self.cert_store
--- a/test/openssl/test_ssl.rb
+++ b/test/openssl/test_ssl.rb
@ -57,6 +57,8 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase
      assert_separately([{ "OPENSSL_CONF" => f.path }, "-ropenssl"], <<~"end;")
        ctx = OpenSSL::SSL::SSLContext.new
        assert_equal OpenSSL::SSL::OP_NO_TICKET, ctx.options & OpenSSL::SSL::OP_NO_TICKET
+        ctx.set_params
+        assert_equal OpenSSL::SSL::OP_NO_TICKET, ctx.options & OpenSSL::SSL::OP_NO_TICKET
      end;
    }
  end