summaryrefslogtreecommitdiff
path: root/ext/openssl
diff options
context:
space:
mode:
authorKazuki Yamaguchi <k@rhe.jp>2020-07-18 17:14:55 +0900
committerKazuki Yamaguchi <k@rhe.jp>2021-03-16 19:16:11 +0900
commit81325db5f8bcd8c3e964ff6285792c2cade29b2c (patch)
tree1e09dfc0b22aa7c59d389286da34c9507dfdd4ff /ext/openssl
parent3b43e3fa10b160fd86a51b6e09ab157ca7be723a (diff)
[ruby/openssl] ssl: initialize verify_mode and verify_hostname with default values
SSLContext's verify_mode expects an SSL_VERIFY_* constant (an integer) and verify_hostname expects either true or false. However, they are set to nil after calling OpenSSL::SSL::SSLContext.new, which is surprising. Set a proper value to them by default: verify_mode is set to OpenSSL::SSL::VERIFY_NONE and verify_hostname is set to false by default. Note that this does not change the default behavior. The certificate verification was never performed unless verify_mode is set to OpenSSL::SSL::VERIFY_PEER by a user. The same applies to verify_hostname. https://github.com/ruby/openssl/commit/87d869352c
Notes
Notes: Merged: https://github.com/ruby/ruby/pull/4275
Diffstat (limited to 'ext/openssl')
-rw-r--r--ext/openssl/lib/openssl/ssl.rb2
1 files changed, 2 insertions, 0 deletions
diff --git a/ext/openssl/lib/openssl/ssl.rb b/ext/openssl/lib/openssl/ssl.rb
index 8e120073830..0930a530174 100644
--- a/ext/openssl/lib/openssl/ssl.rb
+++ b/ext/openssl/lib/openssl/ssl.rb
@@ -122,6 +122,8 @@ YoaOffgTf5qxiwkjnlVZQc3whgnEt9FpVMvQ9eknyeGB5KHfayAc3+hUAvI3/Cr3
def initialize(version = nil)
self.options |= OpenSSL::SSL::OP_ALL
self.ssl_version = version if version
+ self.verify_mode = OpenSSL::SSL::VERIFY_NONE
+ self.verify_hostname = false
end
##