Avoid mutating SSLContext in SSLServer.

ruby · Apr 21, 2024 · 6d08940 · 6d08940
1 parent d3d857c
commit 6d08940
Showing 1 changed file with 11 additions and 6 deletions.
diff --git a/lib/openssl/ssl.rb b/lib/openssl/ssl.rb
@@ -147,11 +147,22 @@ def set_params(params={})
         params = DEFAULT_PARAMS.merge(params)
         self.options = params.delete(:options) # set before min_version/max_version
         params.each{|name, value| self.__send__("#{name}=", value) }
+
+        # Set the default certificate store if we're verifying certificates:
         if self.verify_mode != OpenSSL::SSL::VERIFY_NONE
           unless self.ca_file or self.ca_path or self.cert_store
             self.cert_store = DEFAULT_CERT_STORE
           end
         end
+
+        # Set the default session id context if it's not set:
+        unless self.session_id_context
+          # see #6137 - session id may not exceed 32 bytes
+          prng = ::Random.new($0.hash)
+          session_id = prng.bytes(16).unpack1('H*')
+          self.session_id_context = session_id
+        end
+
         return params
       end
 
@@ -529,12 +540,6 @@ class SSLServer
       def initialize(svr, ctx)
         @svr = svr
         @ctx = ctx
-        unless ctx.session_id_context
-          # see #6137 - session id may not exceed 32 bytes
-          prng = ::Random.new($0.hash)
-          session_id = prng.bytes(16).unpack1('H*')
-          @ctx.session_id_context = session_id
-        end
         @start_immediately = true
       end