From 578687a00195191185f44d8cb38f4b7716d99c31 Mon Sep 17 00:00:00 2001
From: Josh Cooper <josh@puppet.com>
Date: Tue, 16 May 2017 15:47:04 -0700
Subject: [PATCH] (PUP-7383) Skip cipher monkey patch on ruby 2.4+

Previously, we appended "!SSLv2" to the SSLContext
DEFAULT_PARAMS[:ciphers] to ensure that puppet never uses SSLv2, either
from our http client or when using open-uri. However, ruby 2.4 only
defines the `:ciphers` array if using openssl < 1.1.0[1]. As a result,
puppet as a gem running on newer systems would hard fail.

Check existence of array before trying to append to it.

[1] https://github.com/ruby/ruby/commit/c9dc016#diff-8406e11e4a42f9de6badcd0f6a6c4262R33
---
 lib/puppet/util/monkey_patches.rb | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/lib/puppet/util/monkey_patches.rb b/lib/puppet/util/monkey_patches.rb
index b999fc4..ffb887e 100644
--- a/lib/puppet/util/monkey_patches.rb
+++ b/lib/puppet/util/monkey_patches.rb
@@ -35,7 +35,9 @@ class OpenSSL::SSL::SSLContext
   else
     DEFAULT_PARAMS[:options] = OpenSSL::SSL::OP_NO_SSLv2 | OpenSSL::SSL::OP_NO_SSLv3
   end
-  DEFAULT_PARAMS[:ciphers] << ':!SSLv2'
+  if DEFAULT_PARAMS[:ciphers]
+    DEFAULT_PARAMS[:ciphers] << ':!SSLv2'
+  end
 
   alias __original_initialize initialize
   private :__original_initialize
-- 
2.7.4