* ext/openssl/ossl_ssl.c: Add SSL constants and allow to unset SSL
  option to prevent BEAST attack. See [Bug #5353].

  In OpenSSL, OP_DONT_INSERT_EMPTY_FRAGMENTS is used to prevent
  TLS-CBC-IV vulunerability described at
  http://www.openssl.org/~bodo/tls-cbc.txt
  It's known issue of TLSv1/SSLv3 but it attracts lots of attention
  these days as BEAST attack. (CVE-2011-3389)

  Until now ossl sets OP_ALL at SSLContext allocation and call
  SSL_CTX_set_options at connection.  SSL_CTX_set_options updates the
  value by using |= so bits set by OP_ALL cannot be unset afterwards.
  This commit changes to call SSL_CTX_set_options only 1 time for each
  SSLContext. It sets the specified value if SSLContext#options= are
  called and sets OP_ALL if not.

  To help users to unset bits in OP_ALL, this commit also adds several
  constant to SSL such as
  OpenSSL::SSL::OP_DONT_INSERT_EMPTY_FRAGMENTS.  These constants were
  not exposed in Ruby because there's no way to unset bits in OP_ALL
  before.

  Following is an example to enable 0/n split for BEAST prevention.

    ctx.options = OP_ALL & ~OP_DONT_INSERT_EMPTY_FRAGMENTS

* test/openssl/test_ssl.rb: Test above option exists.



git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_9_2@34525 b2dd03c8-39d4-4d8f-98ff-823fe69b080e

--
        * ext/openssl/ossl_ssl.c: By trunk@31346, function check of SSLv2 is executed.
        However, the problem is not revised in this.
        This adds the control of using function of SSLv2 in made macro by function check.

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_9_2@32382 b2dd03c8-39d4-4d8f-98ff-823fe69b080e

--
        * ext/openssl/ossl_ssl.c (ssl_get_error): Thread context switch was
          blocked on Windows while blocking call for SSLSocket.  Need to 
          convert errno for letting rb_io_wait_readable detect EWOULDBLOCK.  
          Patch by arton. ref #3794.

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_9_2@30334 b2dd03c8-39d4-4d8f-98ff-823fe69b080e

--
* etc/openssl/ossl_ssl.c (ossl_ssl_get_cert): raise exception if
  pointer is invalid.  Thanks Ippei Obayashi! [ruby-dev:42573]
--
STDIN is not valid when ruby doesn't have tty.
--
making ssl test a little better

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_9_2@30138 b2dd03c8-39d4-4d8f-98ff-823fe69b080e

--
* suppress warnings.

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_9_2@27976 b2dd03c8-39d4-4d8f-98ff-823fe69b080e

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@27437 b2dd03c8-39d4-4d8f-98ff-823fe69b080e

  which allows net/https to specify timeout.  [ruby-core:24812]

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@27282 b2dd03c8-39d4-4d8f-98ff-823fe69b080e

  patched by Jeroen van Meeuwen at [ruby-core:25210]
  fixed by Nobuyoshi Nakada [ruby-core:25238],
  Hongli Lai [ruby-core:27417],
  and Motohiro KOSAKI [ruby-core:28063]

* ext/openssl/ossl_ssl.c (ossl_ssl_method_tab),
  (ossl_ssl_cipher_to_ary): constified.

* ext/openssl/ossl_pkcs7.c (pkcs7_get_certs, pkcs7_get_crls):
  split pkcs7_get_certs_or_crls.

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@26781 b2dd03c8-39d4-4d8f-98ff-823fe69b080e

          warning at SSLSocket#connect.


git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@25976 b2dd03c8-39d4-4d8f-98ff-823fe69b080e

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@23030 b2dd03c8-39d4-4d8f-98ff-823fe69b080e