diff options
author | Kazuki Yamaguchi <k@rhe.jp> | 2016-11-28 23:37:01 +0900 |
---|---|---|
committer | Kazuki Yamaguchi <k@rhe.jp> | 2016-11-29 00:01:24 +0900 |
commit | 33b02f363b1a090fdcc4d0691cff7e2db1fbcf27 (patch) | |
tree | 02336192f02b43d924f14999626b84bbbbd318cc /ext/openssl | |
parent | e94d3f3f2aef96a632ba0bf50e1a84f3c82a3825 (diff) | |
download | ruby-openssl-33b02f363b1a090fdcc4d0691cff7e2db1fbcf27.tar.gz |
ssl: make OpenSSL::SSL::SSLContext#freeze an alias of #setuptopic/ssl-make-sslctx-freeze-alias-of-setup
SSLSocket#setup uses the frozen state as "SSL_CTX is already set up".
If an user manually freeze the context, it misunderstands as if #setup
is already called, leading to unexpected behaviors because parameters
the user set won't be actually set to the underlying SSL_CTX and thus
ignored.
Ideally, #setup should go and be replaced with setters. But we don't
do this now because it is not that simple: some of them would produce
new ordering issues, e.g. 'ca_file' property which loads a file into
SSL_CTX::cert_store and 'cert_store' which replaces SSL_CTX::cert_store
would conflict. Fixing this properly would require deprecating 'ca_file'
first.
So, let's take the second best way: make it "just work" instead of
break silently.
Fixes: https://github.com/ruby/openssl/issues/85
Diffstat (limited to 'ext/openssl')
-rw-r--r-- | ext/openssl/ossl_ssl.c | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/ext/openssl/ossl_ssl.c b/ext/openssl/ossl_ssl.c index 6332121d..26bce570 100644 --- a/ext/openssl/ossl_ssl.c +++ b/ext/openssl/ossl_ssl.c @@ -2543,6 +2543,7 @@ Init_ossl_ssl(void) rb_define_method(cSSLContext, "security_level=", ossl_sslctx_set_security_level, 1); rb_define_method(cSSLContext, "setup", ossl_sslctx_setup, 0); + rb_define_alias(cSSLContext, "freeze", "setup"); /* * No session caching for client or server |