ssl: make OpenSSL::SSL::SSLContext#freeze an alias of #setuptopic/ssl-make-sslctx-freeze-alias-of-setup

SSLSocket#setup uses the frozen state as "SSL_CTX is already set up".
If an user manually freeze the context, it misunderstands as if #setup
is already called, leading to unexpected behaviors because parameters
the user set won't be actually set to the underlying SSL_CTX and thus
ignored.

Ideally, #setup should go and be replaced with setters. But we don't
do this now because it is not that simple: some of them would produce
new ordering issues, e.g. 'ca_file' property which loads a file into
SSL_CTX::cert_store and 'cert_store' which replaces SSL_CTX::cert_store
would conflict. Fixing this properly would require deprecating 'ca_file'
first.

So, let's take the second best way: make it "just work" instead of
break silently.

Fixes: https://github.com/ruby/openssl/issues/85

2 files changed, 13 insertions, 0 deletions

diff --git a/ext/openssl/ossl_ssl.c b/ext/openssl/ossl_ssl.c
index 6332121d..26bce570 100644
--- a/ext/openssl/ossl_ssl.c
+++ b/ext/openssl/ossl_ssl.c
@@ -2543,6 +2543,7 @@ Init_ossl_ssl(void)
     rb_define_method(cSSLContext, "security_level=", ossl_sslctx_set_security_level, 1);
 
     rb_define_method(cSSLContext, "setup", ossl_sslctx_setup, 0);
+    rb_define_alias(cSSLContext, "freeze", "setup");
 
     /*
      * No session caching for client or server
diff --git a/test/test_ssl.rb b/test/test_ssl.rb
index 7f0b939c..ccdbf8e1 100644
--- a/test/test_ssl.rb
+++ b/test/test_ssl.rb
@@ -1252,6 +1252,18 @@ end
     sock2.close
   end
 
+  def test_freeze_calls_setup
+    bug = "[ruby/openssl#85]"
+    start_server(ignore_listener_error: true) { |server, port|
+      ctx = OpenSSL::SSL::SSLContext.new
+      ctx.verify_mode = OpenSSL::SSL::VERIFY_PEER
+      ctx.freeze
+      assert_raise(OpenSSL::SSL::SSLError, bug) {
+        server_connect(port, ctx)
+      }
+    }
+  end
+
   private
 
   def start_server_version(version, ctx_proc = nil,