From e824e48fdf188b02a4d8f3cb2b6b54f44394f9d3 Mon Sep 17 00:00:00 2001
From: Marvin Scholz <epirat07@gmail.com>
Date: Sat, 20 Apr 2019 19:53:49 +0200
Subject: [PATCH] Cleanup: Remove unnecessary SSL_CTX_get_options

According to the documentation the current option state is not cleared
but the options are added to the current options, so gettin the
current options seems redundant to the behavior of SSL_CTX_set_options:

> SSL_CTX_set_options() adds the options set via bitmask in options
> to ctx. Options already set before are not cleared!
---
 src/tls.c | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/src/tls.c b/src/tls.c
index b2a6f364..729564e8 100644
--- a/src/tls.c
+++ b/src/tls.c
@@ -80,12 +80,16 @@ tls_ctx_t *tls_ctx_new(const char *cert_file, const char *key_file, const char *
     ctx->refc = 1;
     ctx->ctx = SSL_CTX_new(SSLv23_server_method());
 
-    ssl_opts = SSL_CTX_get_options(ctx->ctx);
-    ssl_opts |= SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3; // Disable SSLv2 and SSLv3
+    ssl_opts = SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3; // Disable SSLv2 and SSLv3
 #ifdef SSL_OP_NO_COMPRESSION
     ssl_opts |= SSL_OP_NO_COMPRESSION;             // Never use compression
 #endif
 
+    /* Even though this function is called set, it adds the
+     * flags to the already existing flags (possibly default
+     * flags already set by OpenSSL)!
+     * Calling SSL_CTX_get_options is not needed here, therefore.
+     */
     SSL_CTX_set_options(ctx->ctx, ssl_opts);
     do {
         if (SSL_CTX_use_certificate_chain_file(ctx->ctx, cert_file) <= 0) {