From bc1ee28339aa8674dc3f01eee0b0031f4c1601d4 Mon Sep 17 00:00:00 2001 From: Evan Broder Date: Sun, 26 Jan 2014 13:03:11 +0000 Subject: [PATCH] Expose the SSLContext options attribute in Net::HTTP For advanced users of SSL, it is often useful to control the specific behavior of Net::HTTP's SSL connection. One example is disabling specific SSL versions. While #ssl_version= can be used as a partial solution to this, rather than disabling a specific bad version, it pins to a specific good version. Setting the SSL_OP_NO_SSLv2 flag is much more flexible. This is the first instance of an SSL option in Net::HTTP where the ivar name is different from the SSLContext attribute. It seemed, though, that the intent was to support that, and having an attribute called "options" seemed pretty confusing. --- lib/net/http.rb | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/lib/net/http.rb b/lib/net/http.rb index a1b8d69..bd1b773 100644 --- a/lib/net/http.rb +++ b/lib/net/http.rb @@ -772,6 +772,7 @@ module Net #:nodoc: :@verify_callback, :@verify_depth, :@verify_mode, + :@ssl_options, ] SSL_ATTRIBUTES = [ :ca_file, @@ -785,6 +786,7 @@ module Net #:nodoc: :verify_callback, :verify_depth, :verify_mode, + :options, ] # Sets path of a CA certification file in PEM format. @@ -828,6 +830,9 @@ module Net #:nodoc: # OpenSSL::SSL::VERIFY_NONE or OpenSSL::SSL::VERIFY_PEER are acceptable. attr_accessor :verify_mode + # Sets the SSL options flags. See OpenSSL::SSL::SSLContext#options= + attr_accessor :ssl_options + # Returns the X.509 certificates the server presented. def peer_cert if not use_ssl? or not @socket -- 1.8.5.2