ruby/openssl exposes OIDs to Ruby as strings in many places, but the
conversion logic has been duplicated and the behavior is inconsistent.
There are mainly two patterns:

 - Returns the short name associated with the OID/NID, or the dotted
   decimal notation if it is unknown to OpenSSL.
 - Returns the long name, or the dotted decimal notation.

These patterns are implemented using different OpenSSL APIs and that
caused subtle differences. Add helper functions ossl_asn1obj_to_string()
and ossl_asn1obj_to_string_long_name() to unify the logic.

Also, document the current behaviors where it is not yet done. The
inconsistency was likely unintentional, but since it dates back to the
original implementations, standardizing it now would cause more issues
than it resolves.

https://github.com/ruby/openssl/commit/2ea36c21a4

https://github.com/ruby/openssl/commit/dbfcc44b37

https://github.com/ruby/openssl/commit/71cd1e3f5c

prevent `ossl_ts_*_free()` from calling when `d2i_TS_*_bio()` failed.

https://github.com/ruby/openssl/commit/b29e215786

LibreSSL 3.2.4 made the certificate verification logic back closer to
pre-3.2.2 one, which is more compatible with OpenSSL.

Part of the fixes added by commit a0e98d48c91f ("Enhance TLS 1.3 support
on LibreSSL 3.2/3.3", 2020-12-03) is required for 3.2.2 and 3.2.3 only
(and ~3.3.1, however 3.3 does not have a stable release yet). Since both
releases are security fix, it should be safe to remove those special
treatment from our test suite.

While we are at it, TestSSL#test_ecdh_curves is split into TLS 1.2 and
TLS 1.3 variants for clarity.

https://github.com/ruby/openssl/commit/a9954bac22

Made stored values `Symbol`s instead of `ID`s.

Fixes https://bugs.ruby-lang.org/issues/17625

Co-Authored-By: xtkoba (Tee KOBAYASHI) <xtkoba+ruby@gmail.com>

https://github.com/ruby/openssl/commit/f2d004679a

This defines TLS1_3_VERSION when using LibreSSL 3.2+.  LibreSSL 3.2/3.3
doesn't advertise this by default, even though it will use TLS 1.3
in both client and server modes.

Changes between LibreSSL 3.1 and 3.2/3.3 broke a few tests, Defining
TLS1_3_VERSION by itself fixes 1 test failure.  A few tests now
fail on LibreSSL 3.2/3.3 unless TLS 1.2 is set as the maximum version,
and this adjusts those tests.  The client CA test doesn't work in
LibreSSL 3.2+, so I've marked that as pending.

For the hostname verification, LibreSSL 3.2.2+ has a new stricter
hostname verifier that doesn't like subjectAltName such as
c*.example.com and d.*.example.com, so adjust the related tests.

With these changes, the tests pass on LibreSSL 3.2/3.3.

https://github.com/ruby/openssl/commit/a0e98d48c9

https://github.com/ruby/openssl/commit/b28fb2f05c

Stop the special treatment of invalid hashAlgorithm of the message
imprint. Those invalid values can only appear after the object is
instantiated, before the user sets an actual message digest algorithm.

OpenSSL::Timestamp::TokenInfo#algorithm already does the same.

Also, remove the test case "test_create_request" since it does not make
much sense. Those fields are to be set by the user after creation of
the object and checking the initial value is pointless.

Fixes: https://github.com/ruby/openssl/issues/335

https://github.com/ruby/openssl/commit/890a6476fa

This reverts commit a6d007c70b3aa5b55c9ca774446130356bd36eac.

Unfortunately, the test fails on armv7l
https://rubyci.org/logs/rubyci.s3.amazonaws.com/scw-9d6766/ruby-master/log/20200216T091708Z.fail.html.gz