ssl: initialize verify_mode and verify_hostname with default valuesky/ssl-attr-default-values

SSLContext's verify_mode expects an SSL_VERIFY_* constant (an integer) and verify_hostname expects either true or false. However, they are set to nil after calling OpenSSL::SSL::SSLContext.new, which is surprising. Set a proper value to them by default: verify_mode is set to OpenSSL::SSL::VERIFY_NONE and verify_hostname is set to false by default. Note that this does not change the default behavior. The certificate verification was never performed unless verify_mode is set to OpenSSL::SSL::VERIFY_PEER by a user. The same applies to verify_hostname.
author: Kazuki Yamaguchi <k@rhe.jp> 2020-07-18 17:14:55 +0900
committer: Kazuki Yamaguchi <k@rhe.jp> 2020-07-18 20:37:48 +0900
commit: 87d869352c34f678e15dc728880756a5a4448a3c (patch)
tree: e431f5419d344934ecf1cb5282ebac5b885d73e9 /lib
parent: 1ccdc05662a7817e8fe7a73ed589a8b092b527ac (diff)
download: ruby-openssl-87d869352c34f678e15dc728880756a5a4448a3c.tar.gz
1 files changed, 2 insertions, 0 deletions
diff --git a/lib/openssl/ssl.rb b/lib/openssl/ssl.rb
index 8554ada0..438daab0 100644
--- a/lib/openssl/ssl.rb
+++ b/lib/openssl/ssl.rb
@@ -122,6 +122,8 @@ YoaOffgTf5qxiwkjnlVZQc3whgnEt9FpVMvQ9eknyeGB5KHfayAc3+hUAvI3/Cr3
       def initialize(version = nil)
         self.options |= OpenSSL::SSL::OP_ALL
         self.ssl_version = version if version
+        self.verify_mode = OpenSSL::SSL::VERIFY_NONE
+        self.verify_hostname = false
       end
 
       ##
author	Kazuki Yamaguchi <k@rhe.jp>	2020-07-18 17:14:55 +0900
committer	Kazuki Yamaguchi <k@rhe.jp>	2020-07-18 20:37:48 +0900
commit	87d869352c34f678e15dc728880756a5a4448a3c (patch)
tree	e431f5419d344934ecf1cb5282ebac5b885d73e9 /lib
parent	1ccdc05662a7817e8fe7a73ed589a8b092b527ac (diff)
download	ruby-openssl-87d869352c34f678e15dc728880756a5a4448a3c.tar.gz