openssl: drop OpenSSL 0.9.6/0.9.7 support

* ext/openssl, test/openssl: Drop OpenSSL < 0.9.8 support.

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55162 b2dd03c8-39d4-4d8f-98ff-823fe69b080e

5 files changed, 36 insertions, 55 deletions

diff --git a/test/openssl/test_cipher.rb b/test/openssl/test_cipher.rb
index aec33fdd1a..ec14f46714 100644
--- a/test/openssl/test_cipher.rb
+++ b/test/openssl/test_cipher.rb
@@ -114,40 +114,38 @@ class OpenSSL::TestCipher < OpenSSL::TestCase
     end
   end if has_cipher?('aes-128-ctr')
 
-  if OpenSSL::OPENSSL_VERSION_NUMBER > 0x00907000
-    def test_ciphers
-      OpenSSL::Cipher.ciphers.each{|name|
-        next if /netbsd/ =~ RUBY_PLATFORM && /idea|rc5/i =~ name
-        begin
-          assert_kind_of(OpenSSL::Cipher::Cipher, OpenSSL::Cipher::Cipher.new(name))
-        rescue OpenSSL::Cipher::CipherError => e
-          next if /wrap/ =~ name and e.message == 'wrap mode not allowed'
-          raise
-        end
-      }
-    end
+  def test_ciphers
+    OpenSSL::Cipher.ciphers.each{|name|
+      next if /netbsd/ =~ RUBY_PLATFORM && /idea|rc5/i =~ name
+      begin
+        assert_kind_of(OpenSSL::Cipher::Cipher, OpenSSL::Cipher::Cipher.new(name))
+      rescue OpenSSL::Cipher::CipherError => e
+        next if /wrap/ =~ name and e.message == 'wrap mode not allowed'
+        raise
+      end
+    }
+  end
 
-    def test_AES
-      pt = File.read(__FILE__)
-      %w(ECB CBC CFB OFB).each{|mode|
-        c1 = OpenSSL::Cipher::AES256.new(mode)
-        c1.encrypt
-        c1.pkcs5_keyivgen("passwd")
-        ct = c1.update(pt) + c1.final
-
-        c2 = OpenSSL::Cipher::AES256.new(mode)
-        c2.decrypt
-        c2.pkcs5_keyivgen("passwd")
-        assert_equal(pt, c2.update(ct) + c2.final)
-      }
-    end
+  def test_AES
+    pt = File.read(__FILE__)
+    %w(ECB CBC CFB OFB).each{|mode|
+      c1 = OpenSSL::Cipher::AES256.new(mode)
+      c1.encrypt
+      c1.pkcs5_keyivgen("passwd")
+      ct = c1.update(pt) + c1.final
+
+      c2 = OpenSSL::Cipher::AES256.new(mode)
+      c2.decrypt
+      c2.pkcs5_keyivgen("passwd")
+      assert_equal(pt, c2.update(ct) + c2.final)
+    }
+  end
 
-    def test_AES_crush
-      500.times do
-        assert_nothing_raised("[Bug #2768]") do
-          # it caused OpenSSL SEGV by uninitialized key
-          OpenSSL::Cipher::AES128.new("ECB").update "." * 17
-        end
+  def test_AES_crush
+    500.times do
+      assert_nothing_raised("[Bug #2768]") do
+        # it caused OpenSSL SEGV by uninitialized key
+        OpenSSL::Cipher::AES128.new("ECB").update "." * 17
       end
     end
   end
diff --git a/test/openssl/test_pkcs7.rb b/test/openssl/test_pkcs7.rb
index dfe4c6ca82..def4910ccd 100644
--- a/test/openssl/test_pkcs7.rb
+++ b/test/openssl/test_pkcs7.rb
@@ -123,12 +123,6 @@ class OpenSSL::TestPKCS7 < OpenSSL::TestCase
   end
 
   def test_enveloped
-    if OpenSSL::OPENSSL_VERSION_NUMBER <= 0x0090704f
-      # PKCS7_encrypt() of OpenSSL-0.9.7d goes to SEGV.
-      # http://www.mail-archive.com/openssl-dev@openssl.org/msg17376.html
-      return
-    end
-
     certs = [@ee1_cert, @ee2_cert]
     cipher = OpenSSL::Cipher::AES.new("128-CBC")
     data = "aaaaa\nbbbbb\nccccc\n"
diff --git a/test/openssl/test_ssl.rb b/test/openssl/test_ssl.rb
index d7b996d662..9a717a4256 100644
--- a/test/openssl/test_ssl.rb
+++ b/test/openssl/test_ssl.rb
@@ -869,10 +869,8 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase
     start_server(OpenSSL::SSL::VERIFY_NONE, true, :ctx_proc => ctx_proc, :server_proc => server_proc) do |server, port|
       2.times do |i|
         ctx = OpenSSL::SSL::SSLContext.new
-        if defined?(OpenSSL::SSL::OP_NO_TICKET)
-          # disable RFC4507 support
-          ctx.options = OpenSSL::SSL::OP_NO_TICKET
-        end
+        # disable RFC4507 support
+        ctx.options = OpenSSL::SSL::OP_NO_TICKET
         server_connect(port, ctx) { |ssl|
           ssl.hostname = (i & 1 == 0) ? 'foo.example.com' : 'bar.example.com'
           str = "x" * 100 + "\n"
diff --git a/test/openssl/test_ssl_session.rb b/test/openssl/test_ssl_session.rb
index ee1a907fcb..cdcab02f95 100644
--- a/test/openssl/test_ssl_session.rb
+++ b/test/openssl/test_ssl_session.rb
@@ -61,9 +61,7 @@ tddwpBAEDjcwMzA5NTYzMTU1MzAwpQMCARM=
         # SSL_SESSION_time keeps long value so we can't keep nsec fragment.
         session.time = t1 = Time.now.to_i
         assert_equal(Time.at(t1), session.time)
-        if session.respond_to?(:id)
-          assert_not_nil(session.id)
-        end
+        assert_not_nil(session.id)
         pem = session.to_pem
         assert_match(/\A-----BEGIN SSL SESSION PARAMETERS-----/, pem)
         assert_match(/-----END SSL SESSION PARAMETERS-----\Z/, pem)
@@ -170,10 +168,7 @@ __EOS__
         session = ssl.session
         if last_session
           assert(ssl.session_reused?)
-
-          if session.respond_to?(:id)
-            assert_equal(session.id, last_session.id)
-          end
+          assert_equal(session.id, last_session.id)
           assert_equal(session.to_pem, last_session.to_pem)
           assert_equal(session.to_der, last_session.to_der)
           # Older version of OpenSSL may not be consistent.  Look up which versions later.
@@ -246,10 +241,8 @@ __EOS__
       10.times do |i|
         sock = TCPSocket.new("127.0.0.1", port)
         ctx = OpenSSL::SSL::SSLContext.new
-        if defined?(OpenSSL::SSL::OP_NO_TICKET)
-          # disable RFC4507 support
-          ctx.options = OpenSSL::SSL::OP_NO_TICKET
-        end
+        # disable RFC4507 support
+        ctx.options = OpenSSL::SSL::OP_NO_TICKET
         ssl = OpenSSL::SSL::SSLSocket.new(sock, ctx)
         ssl.sync_close = true
         ssl.session = first_session if first_session
diff --git a/test/openssl/test_x509store.rb b/test/openssl/test_x509store.rb
index 6a443a7cf1..8dee1679f6 100644
--- a/test/openssl/test_x509store.rb
+++ b/test/openssl/test_x509store.rb
@@ -148,8 +148,6 @@ class OpenSSL::TestX509Store < OpenSSL::TestCase
     assert_equal(false, store.verify(OpenSSL::X509::Certificate.new(ee1_cert)))
     assert_equal(OpenSSL::X509::V_ERR_CERT_NOT_YET_VALID, store.error)
 
-    return unless defined?(OpenSSL::X509::V_FLAG_CRL_CHECK)
-
     store = OpenSSL::X509::Store.new
     store.purpose = OpenSSL::X509::PURPOSE_ANY
     store.flags = OpenSSL::X509::V_FLAG_CRL_CHECK