diff options
author | nahi <nahi@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2012-02-08 06:09:40 +0000 |
---|---|---|
committer | nahi <nahi@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2012-02-08 06:09:40 +0000 |
commit | 2cb7a6c0569cf2f1da791f21f6af4ff9bfcb97ac (patch) | |
tree | 1467ad0000a906cad6bc131eb81263519ffd5478 /ext/openssl | |
parent | e19bd3eaa8bd71cfc9e5bf436527f015b093f31e (diff) |
Backport r34482 from trunk. See #5353
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8_7@34486 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
Diffstat (limited to 'ext/openssl')
-rw-r--r-- | ext/openssl/ossl_ssl.c | 31 |
1 files changed, 18 insertions, 13 deletions
diff --git a/ext/openssl/ossl_ssl.c b/ext/openssl/ossl_ssl.c index 668408fd28..00a447d7c1 100644 --- a/ext/openssl/ossl_ssl.c +++ b/ext/openssl/ossl_ssl.c @@ -140,7 +140,6 @@ ossl_sslctx_s_alloc(VALUE klass) ossl_raise(eSSLError, "SSL_CTX_new:"); } SSL_CTX_set_mode(ctx, SSL_MODE_ENABLE_PARTIAL_WRITE); - SSL_CTX_set_options(ctx, SSL_OP_ALL); return Data_Wrap_Struct(klass, 0, ossl_sslctx_free, ctx); } @@ -560,7 +559,11 @@ ossl_sslctx_setup(VALUE self) if(!NIL_P(val)) SSL_CTX_set_verify_depth(ctx, NUM2LONG(val)); val = ossl_sslctx_get_options(self); - if(!NIL_P(val)) SSL_CTX_set_options(ctx, NUM2LONG(val)); + if(!NIL_P(val)) { + SSL_CTX_set_options(ctx, NUM2LONG(val)); + } else { + SSL_CTX_set_options(ctx, SSL_OP_ALL); + } rb_obj_freeze(self); val = ossl_sslctx_get_sess_id_ctx(self); @@ -1441,18 +1444,20 @@ Init_ossl_ssl() ossl_ssl_def_const(VERIFY_PEER); ossl_ssl_def_const(VERIFY_FAIL_IF_NO_PEER_CERT); ossl_ssl_def_const(VERIFY_CLIENT_ONCE); - /* Not introduce constants included in OP_ALL such as... - * ossl_ssl_def_const(OP_MICROSOFT_SESS_ID_BUG); - * ossl_ssl_def_const(OP_NETSCAPE_CHALLENGE_BUG); - * ossl_ssl_def_const(OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG); - * ossl_ssl_def_const(OP_SSLREF2_REUSE_CERT_TYPE_BUG); - * ossl_ssl_def_const(OP_MICROSOFT_BIG_SSLV3_BUFFER); - * ossl_ssl_def_const(OP_MSIE_SSLV2_RSA_PADDING); - * ossl_ssl_def_const(OP_SSLEAY_080_CLIENT_DH_BUG); - * ossl_ssl_def_const(OP_TLS_D5_BUG); - * ossl_ssl_def_const(OP_TLS_BLOCK_PADDING_BUG); - * ossl_ssl_def_const(OP_DONT_INSERT_EMPTY_FRAGMENTS); + /* Introduce constants included in OP_ALL. These constants are mostly for + * unset some bits in OP_ALL such as; + * ctx.options = OP_ALL & ~OP_DONT_INSERT_EMPTY_FRAGMENTS */ + ossl_ssl_def_const(OP_MICROSOFT_SESS_ID_BUG); + ossl_ssl_def_const(OP_NETSCAPE_CHALLENGE_BUG); + ossl_ssl_def_const(OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG); + ossl_ssl_def_const(OP_SSLREF2_REUSE_CERT_TYPE_BUG); + ossl_ssl_def_const(OP_MICROSOFT_BIG_SSLV3_BUFFER); + ossl_ssl_def_const(OP_MSIE_SSLV2_RSA_PADDING); + ossl_ssl_def_const(OP_SSLEAY_080_CLIENT_DH_BUG); + ossl_ssl_def_const(OP_TLS_D5_BUG); + ossl_ssl_def_const(OP_TLS_BLOCK_PADDING_BUG); + ossl_ssl_def_const(OP_DONT_INSERT_EMPTY_FRAGMENTS); ossl_ssl_def_const(OP_ALL); #if defined(SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION) ossl_ssl_def_const(OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION); |