ssl: do not clear existing SSL options in SSLContext#set_params

Apply SSL options set in DEFAULT_PARAMS without clearing existing
options, which may be set by a system-wide configuration file.

With a fresh installation of OpenSSL 3.3.1, this change will enable the
OpenSSL::SSL::OP_ENABLE_MIDDLEBOX_COMPAT option for users of
SSLContext#set_params.

Author: rhenium

lib/openssl/ssl.rb

@@ -144,7 +144,7 @@ def initialize(version = nil)
       # used.
       def set_params(params={})
         params = DEFAULT_PARAMS.merge(params)
-        self.options = params.delete(:options) # set before min_version/max_version
+        self.options |= params.delete(:options) # set before min_version/max_version
         params.each{|name, value| self.__send__("#{name}=", value) }
         if self.verify_mode != OpenSSL::SSL::VERIFY_NONE
           unless self.ca_file or self.ca_path or self.cert_store

test/openssl/test_ssl.rb

@@ -57,6 +57,8 @@ def test_ctx_options_config
       assert_separately([{ "OPENSSL_CONF" => f.path }, "-ropenssl"], <<~"end;")
         ctx = OpenSSL::SSL::SSLContext.new
         assert_equal OpenSSL::SSL::OP_NO_TICKET, ctx.options & OpenSSL::SSL::OP_NO_TICKET
+        ctx.set_params
+        assert_equal OpenSSL::SSL::OP_NO_TICKET, ctx.options & OpenSSL::SSL::OP_NO_TICKET
       end;
     }
   end