openssl: import v2.0.4

Import Ruby/OpenSSL 2.0.4. Only bug (and typo) fixes. The full commit
history since v2.0.3 (imported at r57482) can be found at:

  https://github.com/ruby/openssl/compare/v2.0.3...v2.0.4

This contains the fix for [Bug #11033].

----------------------------------------------------------------
Jun Aruga (1):
      Update .travis.yml and Dockerfile

Kazuki Yamaguchi (9):
      test/test_pkey_ec: do not use dummy 0 order
      test/test_ssl: fix typo in test_sysread_and_syswrite
      ssl: check return value of SSL_set_fd()
      Fix typos
      test/test_x509store: skip OpenSSL::TestX509Store#test_set_errors
      tool/sync-with-trunk: 'LASY' -> 'LAST'
      x509store: clear error queue after calling X509_LOOKUP_load_file()
      extconf.rb: simplify searching libraries logic
      Ruby/OpenSSL 2.0.4

SHIBATA Hiroshi (1):
      Fix typos

Vladimir Rybas (1):
      Fix documentation for OpenSSL::Cipher#final

nobu (2):
      openssl: fix broken openssl check
      openssl: fix broken openssl check

usa (1):
      Search SSL libraries by testing various filename patterns

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@59081 b2dd03c8-39d4-4d8f-98ff-823fe69b080e

3 files changed, 26 insertions, 2 deletions

diff --git a/test/openssl/test_pkcs7.rb b/test/openssl/test_pkcs7.rb
index 48d5999752..3219155462 100644
--- a/test/openssl/test_pkcs7.rb
+++ b/test/openssl/test_pkcs7.rb
@@ -51,7 +51,7 @@ class OpenSSL::TestPKCS7 < OpenSSL::TestCase
     assert_equal(@ee1_cert.serial, signers[0].serial)
     assert_equal(@ee1_cert.issuer.to_s, signers[0].issuer.to_s)
 
-    # Normaly OpenSSL tries to translate the supplied content into canonical
+    # Normally OpenSSL tries to translate the supplied content into canonical
     # MIME format (e.g. a newline character is converted into CR+LF).
     # If the content is a binary, PKCS7::BINARY flag should be used.
 
diff --git a/test/openssl/test_ssl.rb b/test/openssl/test_ssl.rb
index 8d74f25f5f..1906656635 100644
--- a/test/openssl/test_ssl.rb
+++ b/test/openssl/test_ssl.rb
@@ -66,7 +66,7 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase
         buf = ""
         ssl.syswrite(str)
         assert_same buf, ssl.sysread(str.size, buf)
-        assert_equal(str, newstr)
+        assert_equal(str, buf)
       }
     }
   end
diff --git a/test/openssl/test_x509store.rb b/test/openssl/test_x509store.rb
index af0d8b2836..c45233aaec 100644
--- a/test/openssl/test_x509store.rb
+++ b/test/openssl/test_x509store.rb
@@ -34,6 +34,29 @@ class OpenSSL::TestX509Store < OpenSSL::TestCase
     OpenSSL::TestUtils.issue_crl(*args)
   end
 
+  def test_add_file
+    ca_exts = [
+      ["basicConstraints", "CA:TRUE", true],
+      ["keyUsage", "cRLSign,keyCertSign", true],
+    ]
+    cert1 = issue_cert(@ca1, @rsa1024, 1, ca_exts, nil, nil)
+    cert2 = issue_cert(@ca2, @rsa2048, 1, ca_exts, nil, nil)
+    tmpfile = Tempfile.open { |f| f << cert1.to_pem << cert2.to_pem; f }
+
+    store = OpenSSL::X509::Store.new
+    assert_equal false, store.verify(cert1)
+    assert_equal false, store.verify(cert2)
+    store.add_file(tmpfile.path)
+    assert_equal true, store.verify(cert1)
+    assert_equal true, store.verify(cert2)
+
+    # OpenSSL < 1.1.1 leaks an error on a duplicate certificate
+    assert_nothing_raised { store.add_file(tmpfile.path) }
+    assert_equal [], OpenSSL.errors
+  ensure
+    tmpfile and tmpfile.close!
+  end
+
   def test_verify
     # OpenSSL uses time(2) while Time.now uses clock_gettime(CLOCK_REALTIME),
     # and there may be difference.
@@ -194,6 +217,7 @@ class OpenSSL::TestX509Store < OpenSSL::TestCase
   end
 
   def test_set_errors
+    return if OpenSSL::OPENSSL_VERSION_NUMBER >= 0x10100000
     now = Time.now
     ca1_cert = issue_cert(@ca1, @rsa2048, 1, [], nil, nil)
     store = OpenSSL::X509::Store.new