An OpenSSL function sometimes puts more than one error entry into the
thread-local OpenSSL error queue. Currently, we use the highest-level
entry for generating the exception message and discard the rest.

Let ossl_make_error() capture all current OpenSSL error queue contents
into OpenSSL::OpenSSLError#errors and extend
OpenSSL::OpenSSLError#detailed_message to include the information.

An example:

    $ ruby -Ilib -ropenssl -e'OpenSSL::X509::ExtensionFactory.new.create_ext("a", "b")'
    -e:1:in 'OpenSSL::X509::ExtensionFactory#create_ext': a = b: error in extension (name=a, value=b) (OpenSSL::X509::ExtensionError)
    OpenSSL error queue reported 2 errors:
    error:11000082:X509 V3 routines:do_ext_nconf:unknown extension name
    error:11000080:X509 V3 routines:X509V3_EXT_nconf_int:error in extension (name=a, value=b)
            from -e:1:in '<main>'

https://github.com/ruby/openssl/commit/d28f7a9a13

Check for the function we actually use. Both SSL_set0_tmp_dh_pkey() and
SSL_CTX_set0_tmp_dh_pkey() were added in OpenSSL 3.0.

https://github.com/ruby/openssl/commit/a9b6a64e5f

These methods are useful to test post-quantum cryptography (PQC) cases.

https://github.com/ruby/openssl/commit/434ef74452

https://github.com/ruby/openssl/commit/b6f56c4540

Add methods for setting supported signature algorithms, corresponding
to SSL_CTX_set1_sigalgs_list() and SSL_CTX_set1_client_sigalgs_list(),
respectively.

https://github.com/ruby/openssl/commit/6bbe58c492

Co-authored-by: Markus Jung <markus.jung@vivavis.com>

In OpenSSL 3.4, TS_VERIFY_CTX_set_certs() and TS_VERIFY_CTX_set_store()
are deprecated in favor of the new functions with "set0" in the names.

The new functions have a slightly different behavior. They will free the
previous value automatically. Increment the reference counter of
X509_STORE before setting it to TS_VERIFY_CTX, and do not try to
manually unset it.

We avoided doing this to work around a bug that was present in older
versions of OpenSSL, which has now been fixed in OpenSSL 1.0.2 by commit
https://github.com/openssl/openssl/commit/bff9ce4db38b.

https://github.com/ruby/openssl/commit/ce37f7d93a

Drop support for OpenSSL 1.1.0. OpenSSL 1.1.0 was a non-LTS release and
it has reached upstream EOL in 2019-12 along with OpenSSL 1.0.2.
Distributions that shipped with OpenSSL 1.1.0 include:

 - Debian 9 (EOL 2022-06)
 - Ubuntu 18.04 LTS (EOL 2023-04)

https://github.com/ruby/openssl/commit/ba83abe920

The dir_config was introduced by Ruby trunk r4181. Since support for
Kerberos cipher suites has been removed in OpenSSL 1.1.0, it is no
longer necessary.

Although ruby/openssl did not directly depend on the MIT Kerberos
library, it was an optional transitive dependency. Unless it was
disabled by a compile-time option, the OpenSSL headers would try to
include <krb5.h>.

https://github.com/ruby/openssl/commit/78d028c332

Drop support for OpenSSL 1.0.2. It has reached upstream EOL in 2019-12.

Most distributions that shipped with OpenSSL 1.0.2 have also reached
EOL, or provide a newer version in the package repository:

 - RHEL 7 (EOL 2024-06)
 - Ubuntu 16.04 LTS (EOL 2021-04)
 - Amazon Linux 2 (EOL 2026-06, but OpenSSL 1.1.1 can be installed via
   the openssl11{,-devel} package)

https://github.com/ruby/openssl/commit/38ec6fd50e

These paths are only reachable when it is compiled against OpenSSL.
LibreSSL 3.9 does not support ENGINE and defines OPENSSL_NO_ENGINE.

https://github.com/ruby/openssl/commit/e153d6ab47