Import Ruby/OpenSSL 2.1.0.beta1. The full commit log since v2.0.5
(imported by r59567) can be found at:

	https://github.com/ruby/openssl/compare/v2.0.5...v2.1.0.beta1

----------------------------------------------------------------
Antonio Terceiro (1):
      test/test_ssl: explicitly accept TLS 1.1 in corresponding test

Colby Swandale (1):
      document using secure protocol to fetch git master in Bundler

Colton Jenkins (1):
      Add fips_mode_get to return fips_mode

Kazuki Yamaguchi (85):
      Start preparing for 2.1.0
      Remove support for OpenSSL 0.9.8 and 1.0.0
      bn: refine tests
      bn: implement unary {plus,minus} operators for OpenSSL::BN
      bn: implement OpenSSL::BN#negative?
      Don't define main() when built with --enable-debug
      test: let OpenSSL::TestCase include OpenSSL::TestUtils
      test: prepare test PKey instances on demand
      Add OpenSSL.print_mem_leaks
      Enable OSSL_MDEBUG on CI builds
      ssl: move default DH parameters from OpenSSL::PKey::DH
      Make exceptions with the same format regardless of OpenSSL.debug
      ssl: show reason of 'certificate verify error' in exception message
      ssl: remove OpenSSL::ExtConfig::TLS_DH_anon_WITH_AES_256_GCM_SHA384
      ssl: do not confuse different ex_data index registries
      ssl: assume SSL/SSL_CTX always have a valid reference to the Ruby object
      Fix RDoc markup
      ssl: suppress compiler warning
      ext/openssl/deprecation.rb: remove broken-apple-openssl
      extconf.rb: print informative message if OpenSSL can't be found
      Rakefile: compile the extension before test
      kdf: introduce OpenSSL::KDF module
      ossl.h: add NUM2UINT64T() macro
      kdf: add scrypt
      Expand rb_define_copy_func() macro
      Expand FPTR_TO_FD() macro
      Remove SafeGet*() macros
      cipher: rename GetCipherPtr() to ossl_evp_get_cipherbyname()
      digest: rename GetDigestPtr() to ossl_evp_get_digestbyname()
      Add ossl_str_new(), an exception-safe rb_str_new()
      bio: simplify ossl_membio2str() using ossl_str_new()
      Remove unused functions and macros
      Drop support for LibreSSL 2.3
      ocsp: add OpenSSL::OCSP::Request#signed?
      asn1: infinite length -> indefinite length
      asn1: rearrange tests
      ssl: remove a needless NULL check in SSL::SSLContext#ciphers
      ssl: return nil in SSL::SSLSocket#cipher if session is not started
      asn1: remove an unnecessary function prototype
      asn1: require tag information when instantiating generic type
      asn1: initialize 'unused_bits' attribute of BitString with 0
      asn1: check for illegal 'unused_bits' value of BitString
      asn1: disallow NULL to be passed to asn1time_to_time()
      asn1: avoid truncating OID in OpenSSL::ASN1::ObjectId#oid
      asn1: allow constructed encoding with definite length form
      asn1: prohibit indefinite length form for primitive encoding
      asn1: allow tag number to be >= 32 for universal tag class
      asn1: use ossl_asn1_tag()
      asn1: clean up OpenSSL::ASN1::Constructive#to_der
      asn1: harmonize OpenSSL::ASN1::*#to_der
      asn1: prevent EOC octets from being in the middle of the content
      asn1: do not treat EOC octets as part of content octets
      x509name: add 'loc' and 'set' kwargs to OpenSSL::X509::Name#add_entry
      ssl: do not call session_remove_cb during GC
      Backport "Merge branch 'topic/test-memory-leak'" to maint
      cipher: update the documentation for Cipher#auth_tag=
      Rakefile: let sync:to_ruby know about test/openssl/fixtures
      test: fix formatting
      test/utils: remove OpenSSL::TestUtils.silent
      test/utils: add SSLTestCase#tls12_supported?
      test/utils: have start_server yield only the port number
      test/utils: do not set ecdh_curves in start_server
      test/utils: let server_loop close socket
      test/utils: improve error handling in start_server
      test/utils: add OpenSSL::TestUtils.openssl? and .libressl?
      test/utils: do not use DSA certificates in SSL tests
      test/test_ssl: remove test_invalid_shutdown_by_gc
      test/test_ssl: move test_multibyte_read_write to test_pair
      test/test_ssl_session: rearrange tests
      test/test_pair, test/test_ssl: fix for TLS 1.3
      ssl: remove useless call to rb_thread_wait_fd()
      ssl: fix NPN support
      ssl: mark OpenSSL::SSL::SSLContext::DEFAULT_{1024,2048} as private
      ssl: use 2048-bit group in the default tmp_dh_cb
      ssl: ensure that SSL option flags are non-negative
      ssl: update OpenSSL::SSL::OP_* flags
      ssl: prefer TLS_method() over SSLv23_method()
      ssl: add SSLContext#min_version= and #max_version=
      ssl: rework SSLContext#ssl_version=
      test/test_x509name: change script encoding to ASCII-8BIT
      x509name: refactor OpenSSL::X509::Name#to_s
      x509name: add OpenSSL::X509::Name#to_utf8
      x509name: add OpenSSL::X509::Name#inspect
      x509name: update regexp in OpenSSL::X509::Name.parse
      Ruby/OpenSSL 2.1.0.beta1

Marcus Stollsteimer (1):
      Fix rdoc for core Integer class

nobu (4):
      [DOC] {read,write}_nonblock with exception: false
      [DOC] keyword argument _exception_
      [DOC] mark up literals
      Revert r57690 except for read_nonblock

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@59734 b2dd03c8-39d4-4d8f-98ff-823fe69b080e

* NEWS, {ext,test,sample}/openssl: Import Ruby/OpenSSL 2.0.0.beta.1.
  ext/openssl is now converted into a default gem. The full commit
  history since r55538 can be found at:
  https://github.com/ruby/openssl/compare/08e1881f5663...v2.0.0.beta.1
  [Feature #9612]

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@56027 b2dd03c8-39d4-4d8f-98ff-823fe69b080e

* ext/openssl/ossl_ocsp.c: The "reuse" behavior of d2i_ functions does
  not work well with OpenSSL 1.0.0t. So avoid it.

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55538 b2dd03c8-39d4-4d8f-98ff-823fe69b080e

* ext/openssl/ossl_ocsp.c: Add OCSP::SingleResponse that represents an
  OCSP SingleResponse structure. Also add two new methods #responses
  and #find_response to OCSP::BasicResponse. A BasicResponse has one or
  more SingleResponse. We have OCSP::BasicResponse#status that returns
  them as an array of arrays, each containing the content of a
  SingleResponse, but this is not useful. When validating an OCSP
  response, we need to look into the each SingleResponse and check their
  validity but it is not simple. For example, when validating for a
  certificate 'cert', the code would be like:

    # certid_target is an OpenSSL::OCSP::CertificateId for cert
    basic = res.basic
    result = basic.status.any? do |ary|
      ary[0].cmp(certid_target) &&
        ary[4] <= Time.now && (!ary[5] || Time.now <= ary[5])
    end

  Adding OCSP::SingleResponse at the same time allows exposing
  OCSP_check_validity(). With this, the code above can be rewritten as:

    basic = res.basic
    single = basic.find_response(certid_target)
    result = single.check_validity

* test/openssl/test_ocsp.rb: Test this.

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55457 b2dd03c8-39d4-4d8f-98ff-823fe69b080e

* ext/openssl/ossl_ocsp.c (ossl_ocspbres_add_status): Allow specifying
  the times (thisUpdate, nextUpdate and revocationTime) with Time
  objects. Currently they accepts only relative seconds from the current
  time. This is inconvenience, especially for revocationTime. When
  Integer is passed, they are still treated as relative times. Since the
  type check is currently done with rb_Integer(), this is a slightly
  incompatible change. Hope no one passes a relative time as String or
  Time object...
  Also, allow passing nil as nextUpdate. It is optional.

* ext/openssl/ruby_missing.h: Define RB_INTEGER_TYPE_P() if not defined.
  openssl gem will be released before Ruby 2.4.0.

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55456 b2dd03c8-39d4-4d8f-98ff-823fe69b080e

* ext/openssl/ossl_ocsp.c: Implement OCSP::{CertificateId,Request,
  BasicResponse,Response}#initialize_copy.
  [ruby-core:75504] [Bug #12381]

* test/openssl/test_ocsp.rb: Test them.

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55455 b2dd03c8-39d4-4d8f-98ff-823fe69b080e

* ext/openssl/ossl_ocsp.c (ossl_ocspreq_verify, ossl_ocspbres_verify):
  Use ossl_clear_error() so that they don't print warnings to stderr and
  leak errors in the OpenSSL error queue. Also, check the return value
  of OCSP_*_verify() correctly. They can return -1 on verification
  failure.

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55423 b2dd03c8-39d4-4d8f-98ff-823fe69b080e

* ext/openssl/ossl_ocsp.c (ossl_ocspreq_sign, ossl_ocspbres_sign): Allow
  specifying hash algorithm used in signing. They are hard coded to use
  SHA-1.
  Based on a patch provided by Tim Shirley <tidoublemy@gmail.com>.
  [ruby-core:70915] [Feature #11552] [GH ruby/openssl#28]

* test/openssl/test_ocsp.rb: Test sign-verify works.

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55422 b2dd03c8-39d4-4d8f-98ff-823fe69b080e

* ext/openssl/ossl_ocsp.c (ossl_ocspcid_get_issuer_name_hash,
  ossl_ocspcid_get_issuer_key_hash, ossl_ocspcid_get_hash_algorithm):
  Add accessor methods OCSP::CertificateId#issuer_name_hash,
  #issuer_key_hash, #hash_algorithm.
  Based on a patch provided by Paul Kehrer <paul.l.kehrer@gmail.com>.
  [ruby-core:48062] [Feature #7181]

* test/openssl/test_ocsp.rb: Test these new methods.

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55411 b2dd03c8-39d4-4d8f-98ff-823fe69b080e

* ext/openssl/ossl_ocsp.c (ossl_ocspbres_to_der, ossl_ocspcid_to_der):
  Implement #to_der methods for OCSP::BasicResponse and
  OCSP::CertificateId.

  (ossl_ocspreq_initialize, ossl_ocspres_initialize): Use GetOCSP*()
  instead of raw DATA_PTR().

  (ossl_ocspbres_initialize, ossl_ocspcid_initialize): Allow
  initializing from DER string.

  (Init_ossl_ocsp): Define new #to_der methods.

* test/openssl/test_ocsp.rb: Test these changes. Also add missing tests
  for OCSP::{Response,Request}#to_der.

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55409 b2dd03c8-39d4-4d8f-98ff-823fe69b080e