From 253c35a95db9e2f5853dbcdfb67b228b179d77d9 Mon Sep 17 00:00:00 2001
From: Robert Uhl <rcuhl@sep.com>
Date: Mon, 23 Jan 2023 15:47:42 -0500
Subject: [PATCH 1/2] Initial approach to allowing SSL context option passing.

---
 .gitignore                  |  2 ++
 lib/net/http.rb             |  6 ++++++
 test/net/http/test_https.rb | 10 ++++++++++
 3 files changed, 18 insertions(+)

diff --git a/.gitignore b/.gitignore
index bcf8cadc..0def3fe9 100644
--- a/.gitignore
+++ b/.gitignore
@@ -5,3 +5,5 @@
 /pkg/
 /spec/reports/
 /tmp/
+/.tool-versions
+/Gemfile.lock
diff --git a/lib/net/http.rb b/lib/net/http.rb
index 551ec529..951c738a 100644
--- a/lib/net/http.rb
+++ b/lib/net/http.rb
@@ -658,6 +658,7 @@ def HTTP.socket_type   #:nodoc: obsolete
     # - #open_timeout
     # - #read_timeout
     # - #ssl_timeout
+    # - #ssl_options
     # - #ssl_version
     # - +use_ssl+ (calls #use_ssl=)
     # - #verify_callback
@@ -1132,6 +1133,7 @@ def use_ssl=(flag)
       :@extra_chain_cert,
       :@key,
       :@ssl_timeout,
+      :@ssl_options,
       :@ssl_version,
       :@min_version,
       :@max_version,
@@ -1149,6 +1151,7 @@ def use_ssl=(flag)
       :extra_chain_cert,
       :key,
       :ssl_timeout,
+      :options,
       :ssl_version,
       :min_version,
       :max_version,
@@ -1188,6 +1191,9 @@ def use_ssl=(flag)
     # Sets the SSL timeout seconds.
     attr_accessor :ssl_timeout
 
+    # Sets the SSL options. See OpenSSL::SSL::SSLContext#ssl_options=
+    attr_accessor :ssl_options
+
     # Sets the SSL version.  See OpenSSL::SSL::SSLContext#ssl_version=
     attr_accessor :ssl_version
 
diff --git a/test/net/http/test_https.rb b/test/net/http/test_https.rb
index 72a69af1..02e941ca 100644
--- a/test/net/http/test_https.rb
+++ b/test/net/http/test_https.rb
@@ -307,4 +307,14 @@ def test_max_version
     assert_match(re_msg, ex.message)
   end
 
+  def test_ssl_options
+    http = Net::HTTP.new(HOST, config("port"))
+    http.use_ssl = true
+    http.ssl_options = OpenSSL::SSL::OP_LEGACY_SERVER_CONNECT
+    http.cert_store = TEST_STORE
+    http.request_get("/") {|res|
+      assert_equal($test_net_http_data, res.body)
+    }
+  end
+
 end if defined?(OpenSSL::SSL)

From f4d389c45fc7c125c668841968d31c4b20b9c1b7 Mon Sep 17 00:00:00 2001
From: Jeff Gran <jgran@doximity.com>
Date: Wed, 11 Oct 2023 08:35:28 -0600
Subject: [PATCH 2/2] Add default ssl options class attribute

---
 lib/net/http.rb | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/lib/net/http.rb b/lib/net/http.rb
index a71d4412..3b27a666 100644
--- a/lib/net/http.rb
+++ b/lib/net/http.rb
@@ -918,6 +918,14 @@ def HTTP.https_default_port
       443
     end
 
+    def HTTP.default_ssl_options
+      defined?(@@default_ssl_options) ? @@default_ssl_options : nil
+    end
+
+    def HTTP.default_ssl_options=(opt)
+      @@default_ssl_options = opt
+    end
+
     def HTTP.socket_type   #:nodoc: obsolete
       BufferedIO
     end
@@ -1122,6 +1130,7 @@ def initialize(address, port = nil) # :nodoc:
 
       @use_ssl = false
       @ssl_context = nil
+      @ssl_options = HTTP.default_ssl_options
       @ssl_session = nil
       @sspi_enabled = false
       SSL_IVNAMES.each do |ivname|