Commit 04f2764a authored by Antonio Terceiro's avatar Antonio Terceiro

New upstream version 2.0.4

parents
/doc/
/pkg/
/tmp/
/html/
*.bundle
*.so
*.o
ext/openssl/mkmf.log
ext/openssl/Makefile
ext/openssl/extconf.h
language: c
sudo: required
group: edge
dist: trusty
services:
- docker
before_install:
- sudo apt-get -qq update
install:
- sudo sh -c "curl -L https://github.com/docker/compose/releases/download/1.8.0/docker-compose-`uname -s`-`uname -m` > /usr/local/bin/docker-compose"
- sudo chmod +x /usr/local/bin/docker-compose
script:
- docker -v
- docker-compose -v
- docker-compose build --no-cache
- docker-compose run test
matrix:
fast_finish: true
include:
- env: RUBY_VERSION=ruby-2.3 OPENSSL_VERSION=openssl-1.0.2
- env: RUBY_VERSION=ruby-2.4 OPENSSL_VERSION=openssl-1.0.0
- env: RUBY_VERSION=ruby-2.4 OPENSSL_VERSION=openssl-1.0.1
- env: RUBY_VERSION=ruby-2.4 OPENSSL_VERSION=openssl-1.0.2
- env: RUBY_VERSION=ruby-2.4 OPENSSL_VERSION=openssl-1.1.0
- env: RUBY_VERSION=ruby-2.4 OPENSSL_VERSION=libressl-2.3
- env: RUBY_VERSION=ruby-2.4 OPENSSL_VERSION=libressl-2.4
- env: RUBY_VERSION=ruby-2.4 OPENSSL_VERSION=libressl-2.5
- language: ruby
rvm: ruby-head
before_install:
- "rake install_dependencies"
script:
- "rake compile -- --enable-debug"
- "rake test"
allow_failures:
- language: ruby
rvm: ruby-head
Copyright (C) 1993-2013 Yukihiro Matsumoto. All rights reserved.
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions
are met:
1. Redistributions of source code must retain the above copyright
notice, this list of conditions and the following disclaimer.
2. Redistributions in binary form must reproduce the above copyright
notice, this list of conditions and the following disclaimer in the
documentation and/or other materials provided with the distribution.
THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
SUCH DAMAGE.
# Contributing to Ruby OpenSSL
Thank you for your interest in contributing to Ruby OpenSSL!
This documentation provides an overview how you can contribute.
## Bugs and feature requests
Bugs and feature requests are tracked on [GitHub].
If you think you found a bug, file a ticket on GitHub. Please DO NOT report
security issues here, there is a separate procedure which is described on
["Security at ruby-lang.org"](https://www.ruby-lang.org/en/security/).
When reporting a bug, please make sure you include the version of Ruby, the
version of openssl gem, the version of the OpenSSL library, along with a sample
file that illustrates the problem or link to repository or gem that is
associated with the bug.
There is a number of unresolved issues and feature requests for openssl that
need review. Before submitting a new ticket, it is recommended to check
[known issues] and [bugs.ruby-lang.org], the previous issue tracker.
## Submitting patches
Patches are also very welcome!
Please submit a [pull request] with your changes.
Make sure that your branch does:
* Have good commit messages
* Follow Ruby's coding style ([DeveloperHowTo])
* Pass the test suite successfully (see "Testing")
* Add an entry to [History.md] if necessary
## Testing
We have a test suite!
Test cases are located under the
[`test/`](https://github.com/ruby/openssl/tree/master/test) directory.
You can run it with the following three commands:
```
$ rake install_dependencies # installs rake-compiler, test-unit, ...
$ rake compile
$ rake test
```
### Docker
You can also use Docker Compose to run tests. It can be used to check that your
changes work correctly with various supported versions of Ruby and OpenSSL.
First, you need to install [Docker](https://www.docker.com/products/docker) and
[Docker Compose](https://www.docker.com/products/docker-compose) on your
computer.
If you're on MacOS or Windows, we recommended to use the official [Docker
Toolbox](https://www.docker.com/products/docker-toolbox). On Linux, follow the
instructions for your package manager. For further information, please check
the [official documentation](https://docs.docker.com/).
Once you have Docker and Docker Compose, running the following commands will
build the container and execute the openssl tests. In this example, we will use
Ruby version 2.3 with OpenSSL version 1.0.2.
```
$ docker-compose build
$ export RUBY_VERSION=ruby-2.3
$ export OPENSSL_VERSION=openssl-1.0.2
$ docker-compose run test
# You may want an interactive shell for dubugging
$ docker-compose run debug
```
All possible values for `RUBY_VERSION` and `OPENSSL_VERSION` can be found in
[`.travis.yml`](https://github.com/ruby/openssl/tree/master/.travis.yml).
**NOTE**: these commands must be run from the openssl repository root, in order
to use the
[`docker-compose.yml`](https://github.com/ruby/openssl/blob/master/docker-compose.yml)
file we have provided.
This Docker image is built using the
[Dockerfile](https://github.com/ruby/openssl/tree/master/tool/ruby-openssl-docker)
provided in the repository.
## Relation with Ruby source tree
After Ruby 2.3, `ext/openssl` was converted into a "default gem", a library
which ships with standard Ruby builds but can be upgraded via RubyGems. This
means the development of this gem has migrated to a [separate
repository][GitHub] and will be released independently.
The version included in the Ruby source tree (trunk branch) is synchronized with
the latest release.
## Release policy
Bug fixes (including security fixes) will be made only for the version series
included in a stable Ruby release.
## Security
If you discovered a security issue, please send us in private, using the
security issue handling procedure for Ruby core.
You can either use [HackerOne] or send an email to security@ruby-lang.org.
Please see [Security] page on ruby-lang.org website for details.
Reported problems will be published after a fix is released.
_Thanks for your contributions!_
_\- The Ruby OpenSSL team_
[GitHub]: https://github.com/ruby/openssl
[known issues]: https://github.com/ruby/openssl/issues
[bugs.ruby-lang.org]: https://bugs.ruby-lang.org/issues?utf8=%E2%9C%93&set_filter=1&f%5B%5D=status_id&op%5Bstatus_id%5D=o&f%5B%5D=assigned_to_id&op%5Bassigned_to_id%5D=%3D&v%5Bassigned_to_id%5D%5B%5D=7150&f%5B%5D=&c%5B%5D=project&c%5B%5D=tracker&c%5B%5D=status&c%5B%5D=subject&c%5B%5D=assigned_to&c%5B%5D=updated_on&group_by=&t%5B%5D=
[DeveloperHowTo]: https://bugs.ruby-lang.org/projects/ruby/wiki/DeveloperHowto
[HackerOne]: https://hackerone.com/ruby
[Security]: https://www.ruby-lang.org/en/security/
[pull request]: https://github.com/ruby/openssl/compare
[History.md]: https://github.com/ruby/openssl/tree/master/History.md
FROM zzak/ruby-openssl-docker:2.0
Version 2.0.4
=============
Bug fixes
---------
* It now compiles with LibreSSL without renaming on Windows (mswin).
* A workaround for the error queue leak of X509_load_cert_crl_file() that
causes random errors is added.
[[Bug #11033]](https://bugs.ruby-lang.org/issues/11033)
Version 2.0.3
=============
Bug fixes
---------
* OpenSSL::ASN1::Constructive#each which was broken by 2.0.0 is fixed.
[[ruby/openssl#96]](https://github.com/ruby/openssl/pull/96)
* Fixed build with static OpenSSL libraries on Windows.
[[Bug #13080]](https://bugs.ruby-lang.org/issues/13080)
* OpenSSL::X509::Name#eql? which was broken by 2.0.0 is fixed.
Version 2.0.2
=============
Bug fixes
---------
* Fix build with early 0.9.8 series which did not have SSL_CTX_clear_options().
[ruby-core:78693]
Version 2.0.1
=============
Bug fixes
---------
* A GC issue around OpenSSL::BN is fixed.
[[ruby/openssl#87]](https://github.com/ruby/openssl/issues/87)
* OpenSSL::ASN1 now parses BER encoding of GeneralizedTime without seconds.
[[ruby/openssl#88]](https://github.com/ruby/openssl/pull/88)
Version 2.0.0
=============
This is the first release of openssl gem, formerly a standard library of Ruby,
ext/openssl. This is the successor of the version included in Ruby 2.3.
Compatibility notes
-------------------
* Support for OpenSSL version 0.9.6 and 0.9.7 is completely removed. openssl gem
still works with OpenSSL 0.9.8, but users are strongly encouraged to upgrade
to at least 1.0.1, as OpenSSL < 1.0.1 will not receive any security fixes from
the OpenSSL development team.
Supported platforms
-------------------
* OpenSSL 1.0.0, 1.0.1, 1.0.2, 1.1.0
* OpenSSL < 0.9.8 is no longer supported.
* LibreSSL 2.3, 2.4, 2.5
* Ruby 2.3, 2.4
Notable changes
---------------
* Add support for OpenSSL 1.1.0.
[[Feature #12324]](https://bugs.ruby-lang.org/issues/12324)
* Add support for LibreSSL
* OpenSSL::Cipher
- OpenSSL::Cipher#key= and #iv= reject too long inputs. They used to truncate
silently. [[Bug #12561]](https://bugs.ruby-lang.org/issues/12561)
- OpenSSL::Cipher#iv_len= is added. It allows changing IV (nonce) length if
using AEAD ciphers.
[[Bug #8667]](https://bugs.ruby-lang.org/issues/8667),
[[Bug #10420]](https://bugs.ruby-lang.org/issues/10420),
[[GH ruby/ruby#569]](https://github.com/ruby/ruby/pull/569),
[[GH ruby/openssl#58]](https://github.com/ruby/openssl/pull/58)
- OpenSSL::Cipher#auth_tag_len= is added. This sets the authentication tag
length to be generated by an AEAD cipher.
* OpenSSL::OCSP
- Accessor methods are added to OpenSSL::OCSP::CertificateId.
[[Feature #7181]](https://bugs.ruby-lang.org/issues/7181)
- OpenSSL::OCSP::Request and BasicResponse can be signed with non-SHA-1 hash
algorithm. [[Feature #11552]](https://bugs.ruby-lang.org/issues/11552)
- OpenSSL::OCSP::CertificateId and BasicResponse can be encoded into DER.
- A new class OpenSSL::OCSP::SingleResponse is added for convenience.
- OpenSSL::OCSP::BasicResponse#add_status accepts absolute times. They used to
accept only relative seconds from the current time.
* OpenSSL::PKey
- OpenSSL::PKey::EC follows the general PKey interface.
[[Bug #6567]](https://bugs.ruby-lang.org/issues/6567)
- OpenSSL::PKey.read raises OpenSSL::PKey::PKeyError instead of ArgumentError
for consistency with OpenSSL::PKey::{DH,DSA,RSA,EC}#new.
[[Bug #11774]](https://bugs.ruby-lang.org/issues/11774),
[[GH ruby/openssl#55]](https://github.com/ruby/openssl/pull/55)
- OpenSSL::PKey::EC::Group retrieved by OpenSSL::PKey::EC#group is no longer
linked with the EC key. Modifications to the EC::Group have no effect on the
key. [[GH ruby/openssl#71]](https://github.com/ruby/openssl/pull/71)
- OpenSSL::PKey::EC::Point#to_bn allows specifying the point conversion form
by the optional argument.
* OpenSSL::SSL
- OpenSSL::SSL::SSLSocket#tmp_key is added. A client can call it after the
connection is established to retrieve the ephemeral key.
[[GH ruby/ruby#1318]](https://github.com/ruby/ruby/pull/1318)
- The automatic ephemeral ECDH curve selection is enabled by default when
built with OpenSSL >= 1.0.2 or LibreSSL.
- OpenSSL::SSL::SSLContext#security_level= is added. You can set the "security
level" of the SSL context. This is effective only when built with OpenSSL
1.1.0.
- A new option 'verify_hostname' is added to OpenSSL::SSL::SSLContext. When it
is enabled, and the SNI hostname is also set, the hostname verification on
the server certificate is automatically performed. It is now enabled by
OpenSSL::SSL::Context#set_params.
[[GH ruby/openssl#60]](https://github.com/ruby/openssl/pull/60)
Removals
--------
* OpenSSL::Engine
- OpenSSL::Engine.cleanup does nothing when built with OpenSSL 1.1.0.
* OpenSSL::SSL
- OpenSSL::PKey::DH::DEFAULT_512 is removed. Hence servers no longer use
512-bit DH group by default. It is considered too weak nowadays.
[[Bug #11968]](https://bugs.ruby-lang.org/issues/11968),
[[GH ruby/ruby#1196]](https://github.com/ruby/ruby/pull/1196)
- RC4 cipher suites are removed from OpenSSL::SSL::SSLContext::DEFAULT_PARAMS.
RC4 is now considered to be weak.
[[GH ruby/openssl#50]](https://github.com/ruby/openssl/pull/50)
Deprecations
------------
* OpenSSL::PKey
- OpenSSL::PKey::RSA#n=, #e=, #d=, #p=, #q=, #dmp1=, #dmq1=, #iqmp=,
OpenSSL::PKey::DSA#p=, #q=, #g=, #priv_key=, #pub_key=,
OpenSSL::PKey::DH#p=, #g=, #priv_key= and #pub_key= are deprecated. They are
disabled when built with OpenSSL 1.1.0, due to its API change. Instead,
OpenSSL::PKey::RSA#set_key, #set_factors, #set_crt_params,
OpenSSL::PKey::DSA#set_pqg, #set_key, OpenSSL::PKey::DH#set_pqg and #set_key
are added.
* OpenSSL::Random
- OpenSSL::Random.pseudo_bytes is deprecated, and not defined when built with
OpenSSL 1.1.0. Use OpenSSL::Random.random_bytes instead.
* OpenSSL::SSL
- OpenSSL::SSL::SSLContext#tmp_ecdh_callback is deprecated, as the underlying
API SSL_CTX_set_tmp_ecdh_callback() is removed in OpenSSL 1.1.0. It was
first added in Ruby 2.3.0. To specify the curve to be used in ephemeral
ECDH, use OpenSSL::SSL::SSLContext#ecdh_curves=. The automatic curve
selection is also now enabled by default when built with a capable OpenSSL.
Ruby is copyrighted free software by Yukihiro Matsumoto <matz@netlab.jp>.
You can redistribute it and/or modify it under either the terms of the
2-clause BSDL (see the file BSDL), or the conditions below:
1. You may make and give away verbatim copies of the source form of the
software without restriction, provided that you duplicate all of the
original copyright notices and associated disclaimers.
2. You may modify your copy of the software in any way, provided that
you do at least ONE of the following:
a) place your modifications in the Public Domain or otherwise
make them Freely Available, such as by posting said
modifications to Usenet or an equivalent medium, or by allowing
the author to include your modifications in the software.
b) use the modified software only within your corporation or
organization.
c) give non-standard binaries non-standard names, with
instructions on where to get the original software distribution.
d) make other distribution arrangements with the author.
3. You may distribute the software in object code or binary form,
provided that you do at least ONE of the following:
a) distribute the binaries and library files of the software,
together with instructions (in the manual page or equivalent)
on where to get the original distribution.
b) accompany the distribution with the machine-readable source of
the software.
c) give non-standard binaries non-standard names, with
instructions on where to get the original software distribution.
d) make other distribution arrangements with the author.
4. You may modify and include the part of the software into any other
software (possibly commercial). But some files in the distribution
are not written by the author, so that they are not under these terms.
For the list of those files and their copying conditions, see the
file LEGAL.
5. The scripts and library files supplied as input to or produced as
output from the software do not automatically fall under the
copyright of the software, but belong to whomever generated them,
and may be sold commercially, and may be aggregated with this
software.
6. THIS SOFTWARE IS PROVIDED "AS IS" AND WITHOUT ANY EXPRESS OR
IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
PURPOSE.
# OpenSSL for Ruby
[![Build Status](https://travis-ci.org/ruby/openssl.svg?branch=master)](https://travis-ci.org/ruby/openssl)
[![Build status](https://ci.appveyor.com/api/projects/status/b8djtmwo7l26f88y/branch/master?svg=true)](https://ci.appveyor.com/project/ruby/openssl/branch/master)
OpenSSL provides SSL, TLS and general purpose cryptography. It wraps the
OpenSSL library.
## Installation
The openssl gem is available at [rubygems.org](https://rubygems.org/gems/openssl).
You can install with:
```
gem install openssl
```
You may need to specify the path where OpenSSL is installed.
```
gem install openssl -- --with-openssl-dir=/opt/openssl
```
Alternatively, you can install the gem with `bundler`:
```ruby
# Gemfile
gem 'openssl'
# or specify git master
gem 'openssl', github: 'ruby/openssl'
```
After doing `bundle install`, you should have the gem installed in your bundle.
## Usage
Once installed, you can require "openssl" in your application.
```ruby
require "openssl"
```
**NOTE**: If you are using Ruby 2.3 (and not Bundler), you **must** activate
the gem version of openssl, otherwise the default gem packaged with the Ruby
installation will be used:
```ruby
gem "openssl"
require "openssl"
```
## Documentation
See https://ruby.github.io/openssl/.
## Contributing
Please read our [CONTRIBUTING.md] for instructions.
## Security
Security issues should be reported to ruby-core by following the process
described on ["Security at ruby-lang.org"](https://www.ruby-lang.org/en/security/).
[CONTRIBUTING.md]: https://github.com/ruby/openssl/tree/master/CONTRIBUTING.md
require 'rake'
require 'rake/testtask'
require 'rdoc/task'
begin
require 'rake/extensiontask'
Rake::ExtensionTask.new('openssl')
rescue LoadError
warn "rake-compiler not installed. Run 'rake install_dependencies' to " \
"install testing dependency gems."
end
Rake::TestTask.new do |t|
t.libs << 'test'
t.warning = true
end
RDoc::Task.new do |rdoc|
rdoc.main = "README.md"
rdoc.rdoc_files.include("*.md", "lib/**/*.rb", "ext/**/*.c")
end
task :test => :debug
task :debug do
ruby "-I./lib -ropenssl -ve'puts OpenSSL::OPENSSL_VERSION, OpenSSL::OPENSSL_LIBRARY_VERSION'"
end
task :install_dependencies do
if ENV["USE_HTTP_RUBYGEMS_ORG"] == "1"
Gem.sources.replace([Gem::Source.new("http://rubygems.org")])
end
Gem.configuration.verbose = false
gemspec = eval(File.read("openssl.gemspec"))
gemspec.development_dependencies.each do |dep|
print "Installing #{dep.name} (#{dep.requirement}) ... "
gem = Gem.install(dep.name, dep.requirement, force: true)
puts "#{gem[0].version}"
end
end
namespace :sync do
task :from_ruby do
sh "./tool/sync-with-trunk"
end
task :to_ruby do
trunk_path = ENV.fetch("RUBY_TRUNK_PATH", "../ruby")
rsync = "rsync -av --delete"
excludes = %w{Makefile extconf.h mkmf.log depend *.o *.so *.bundle}
excludes.each { |name| rsync << " --exclude #{name}" }
paths = [
["ext/openssl/", "ext/openssl/"],
["test/utils.rb", "test/openssl/"],
["test/ut_eof.rb", "test/openssl/"],
["test/test_*", "test/openssl/"],
["lib/", "ext/openssl/lib/"],
["sample/", "sample/openssl/"],
["History.md", "ext/openssl/"],
]
paths.each do |src, dst|
sh "#{rsync} #{src} #{trunk_path}/#{dst}"
end
gemspec_file = File.expand_path("../openssl.gemspec", __FILE__)
gemspec = eval(File.read(gemspec_file), binding, gemspec_file)
File.write("#{trunk_path}/ext/openssl/openssl.gemspec", gemspec.to_ruby)
puts "Don't forget to update ext/openssl/depend"
end
end
---
clone_depth: 10
install:
- SET PATH=C:\Ruby%ruby_version%\bin;%PATH%
- appveyor DownloadFile http://dl.bintray.com/oneclick/OpenKnapsack/x64/openssl-1.0.2j-x64-windows.tar.lzma
- 7z e openssl-1.0.2j-x64-windows.tar.lzma
- 7z x -y -oC:\Ruby%ruby_version% openssl-1.0.2j-x64-windows.tar
- ruby -S rake install_dependencies
build_script:
- rake -rdevkit compile -- --with-openssl-dir=C:\Ruby%ruby_version%
test_script:
- rake test
deploy: off
environment:
matrix:
- ruby_version: "23-x64"
compile: &defaults
build: .
environment:
RUBY_VERSION:
OPENSSL_VERSION:
MDEBUG:
command: rake compile
test:
<<: *defaults
command: rake compile test
debug:
<<: *defaults
command: /bin/bash
# frozen_string_literal: false
module OpenSSL
def self.deprecated_warning_flag
unless flag = (@deprecated_warning_flag ||= nil)
if try_compile("", flag = "-Werror=deprecated-declarations")
if /darwin/ =~ RUBY_PLATFORM and with_config("broken-apple-openssl")
flag = "-Wno-deprecated-declarations"
end
$warnflags << " #{flag}"
else
flag = ""
end
@deprecated_warning_flag = flag
end
flag
end
def self.check_func(func, header)
have_func(func, header, deprecated_warning_flag)
end
def self.check_func_or_macro(func, header)
check_func(func, header) or
have_macro(func, header) && $defs.push("-DHAVE_#{func.upcase}")
end
end
# -*- coding: us-ascii -*-
# frozen_string_literal: false
=begin
= Info
'OpenSSL for Ruby 2' project
Copyright (C) 2002 Michal Rokos <m.rokos@sh.cvut.cz>
All rights reserved.
= Licence
This program is licensed under the same licence as Ruby.
(See the file 'LICENCE'.)
=end
require "mkmf"
require File.expand_path('../deprecation', __FILE__)
dir_config("openssl")
dir_config("kerberos")
Logging::message "=== OpenSSL for Ruby configurator ===\n"
# Add -Werror=deprecated-declarations to $warnflags if available
OpenSSL.deprecated_warning_flag
##
# Adds -DOSSL_DEBUG for compilation and some more targets when GCC is used
# To turn it on, use: --with-debug or --enable-debug
#
if with_config("debug") or enable_config("debug")
$defs.push("-DOSSL_DEBUG")
end
Logging::message "=== Checking for system dependent stuff... ===\n"
have_library("nsl", "t_open")
have_library("socket", "socket")
Logging::message "=== Checking for required stuff... ===\n"
result = pkg_config("openssl") && have_header("openssl/ssl.h")
def find_openssl_library
if $mswin || $mingw
# required for static OpenSSL libraries
have_library("gdi32") # OpenSSL <= 1.0.2 (for RAND_screen())
have_library("crypt32")
end
return false unless have_header("openssl/ssl.h")
ret = have_library("crypto", "CRYPTO_malloc") &&
have_library("ssl", "SSL_new")
return ret if ret
if $mswin
# OpenSSL >= 1.1.0: libcrypto.lib and libssl.lib.
if have_library("libcrypto", "CRYPTO_malloc") &&
have_library("libssl", "SSL_new")
return true
end
# OpenSSL <= 1.0.2: libeay32.lib and ssleay32.lib.
if have_library("libeay32", "CRYPTO_malloc") &&
have_library("ssleay32", "SSL_new")
return true
end
# LibreSSL: libcrypto-##.lib and libssl-##.lib, where ## is the ABI version
# number. We have to find the version number out by scanning libpath.
libpath = $LIBPATH.dup
libpath |= ENV["LIB"].split(File::PATH_SEPARATOR)
libpath.map! { |d| d.tr(File::ALT_SEPARATOR, File::SEPARATOR) }
ret = [
["crypto", "CRYPTO_malloc"],