From: evan@...
Date: 2014-01-26T13:13:52+00:00
Subject: [ruby-core:60108] [ruby-trunk - Feature #9450] [Open] Allow overriding SSLContext options in Net::HTTP

Issue #9450 has been reported by Evan Broder.

----------------------------------------
Feature #9450: Allow overriding SSLContext options in Net::HTTP
https://bugs.ruby-lang.org/issues/9450

* Author: Evan Broder
* Status: Open
* Priority: Normal
* Assignee: Yui NARUSE
* Category: lib
* Target version: 
----------------------------------------
While the Ruby team is hashing out the future of OpenSSL in Ruby, I thought it would be useful to add the missing hook so that end-users could control their behavior when issuing HTTP requests.

Right now it's possible to specific a specific SSL version to use, but that's actually not all that useful for interacting with the internet in general. I'd like to support the highest SSL version possible, but as many sites don't yet support e.g. TLSv1.2, I'm forced to set `ssl_version` to `:SSLv3` or maybe `:TLSv1`.

A much better solution is to disable the versions I **don't** want, which can be done by setting, e.g., the `SSL_OP_NO_SSLv2` flag to http://www.openssl.org/docs/ssl/SSL_CTX_set_options.html, or `OpenSSL::SSL::SSLContext#options=` in Ruby's bindings. However, with `Net::HTTP`, there's currently no way to access these option flags.

This patch adds an `ssl_options` attribute to `Net::HTTP`, which controls the `options` attribute on the resulting `SSLContext`.

---Files--------------------------------
0001-Expose-the-SSLContext-options-attribute-in-Net-HTTP.patch (1.73 KB)


-- 
http://bugs.ruby-lang.org/