openssl 2.0.0.beta.1

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: d174a9df67d20906bf3a603a2b482e3af32c697d
+  data.tar.gz: a0f9b0afe67208eaf57cbadfdd9bde7bcbcfa0b9
+SHA512:
+  metadata.gz: 11f0885002e471acd940354b95c43cab740b00c2768323c3348f860127f8d78fce9e13a7bd9ee0d78968789c6b1c240b0711332701740a7691893139f48406f2
+  data.tar.gz: 4355528336295a916266ba7c82ac7c3a4cbdc9d9bb155f3944ead1f3c962eca00f263646bff70f75c30d0ef065ed1022f4ca0c6273ee9f29c9820f083a2fdb9f

data/BSDL

@@ -0,0 +1,22 @@
+Copyright (C) 1993-2013 Yukihiro Matsumoto. All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions
+are met:
+1. Redistributions of source code must retain the above copyright
+notice, this list of conditions and the following disclaimer.
+2. Redistributions in binary form must reproduce the above copyright
+notice, this list of conditions and the following disclaimer in the
+documentation and/or other materials provided with the distribution.
+
+THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+SUCH DAMAGE.

data/CONTRIBUTING.md

@@ -0,0 +1,130 @@
+# Contributing to Ruby OpenSSL
+
+Thank you for your interest in contributing to Ruby OpenSSL!
+
+This documentation provides an overview how you can contribute.
+
+## Bugs and feature requests
+
+Bugs and feature requests are tracked on [GitHub].
+
+If you think you found a bug, file a ticket on GitHub. Please DO NOT report
+security issues here, there is a separate procedure which is described on
+["Security at ruby-lang.org"](https://www.ruby-lang.org/en/security/).
+
+When reporting a bug, please make sure you include the version of Ruby, the
+version of openssl gem, the version of the OpenSSL library, along with a sample
+file that illustrates the problem or link to repository or gem that is
+associated with the bug.
+
+There is a number of unresolved issues and feature requests for openssl that
+need review. Before submitting a new ticket, it is recommended to check
+[known issues] and [bugs.ruby-lang.org], the previous issue tracker.
+
+## Submitting patches
+
+Patches are also very welcome!
+
+Please submit a [pull request] with your changes.
+
+Make sure that your branch does:
+
+* Have good commit messages
+* Follow Ruby's coding style ([DeveloperHowTo])
+* Pass the test suite successfully (see "Testing")
+* Add an entry to [History.md] if necessary
+
+## Testing
+
+We have a test suite!
+
+Test cases are located under the
+[`test/`](https://github.com/ruby/openssl/tree/master/test) directory.
+
+You can run it with the following three commands:
+
+```
+$ gem install rake-compiler test-unit
+$ rake compile
+$ rake test
+```
+
+### Docker
+
+You can also use Docker Compose to run tests. It can be used to check that your
+changes work correctly with various supported versions of Ruby and OpenSSL.
+
+First, you need to install [Docker](https://www.docker.com/products/docker) and
+[Docker Compose](https://www.docker.com/products/docker-compose) on your
+computer.
+
+If you're on MacOS or Windows, we recommended to use the official [Docker
+Toolbox](https://www.docker.com/products/docker-toolbox). On Linux, follow the
+instructions for your package manager. For further information, please check
+the [official documentation](https://docs.docker.com/).
+
+Once you have Docker and Docker Compose, running the following commands will
+build the container and execute the openssl tests. In this example, we will use
+Ruby version 2.3 with OpenSSL version 1.0.2.
+
+```
+$ docker-compose build
+$ export RUBY_VERSION=ruby-2.3
+$ export OPENSSL_VERSION=openssl-1.0.2
+$ docker-compose run test
+
+# You may want an interactive shell for dubugging
+$ docker-compose run debug
+```
+
+All possible values for `RUBY_VERSION` and `OPENSSL_VERSION` can be found in
+[`.travis.yml`](https://github.com/ruby/openssl/tree/master/.travis.yml).
+
+**NOTE**: these commands must be run from the openssl repository root, in order
+to use the
+[`docker-compose.yml`](https://github.com/ruby/openssl/blob/master/docker-compose.yml)
+file we have provided.
+
+This Docker image is built using the
+[Dockerfile](https://github.com/ruby/openssl/tree/master/tool/ruby-openssl-docker)
+provided in the repository.
+
+
+## Relation with Ruby source tree
+
+After Ruby 2.3, `ext/openssl` was converted into a "default gem", a library
+which ships with standard Ruby builds but can be upgraded via RubyGems. This
+means the development of this gem has migrated to a [separate
+repository][GitHub] and will be released independently.
+
+The version included in the Ruby source tree (trunk branch) is synchronized with
+the latest release.
+
+## Release policy
+
+Bug fixes (including security fixes) will be made only for the version series
+included in a stable Ruby release.
+
+## Security
+
+If you discovered a security issue, please send us in private, using the
+security issue handling procedure for Ruby core.
+
+You can either use [HackerOne] or send an email to security@ruby-lang.org.
+
+Please see [Security] page on ruby-lang.org website for details.
+
+Reported problems will be published after a fix is released.
+
+_Thanks for your contributions!_
+
+  _\- The Ruby OpenSSL team_
+
+[GitHub]: https://github.com/ruby/openssl
+[known issues]: https://github.com/ruby/openssl/issues
+[bugs.ruby-lang.org]: https://bugs.ruby-lang.org/issues?utf8=%E2%9C%93&set_filter=1&f%5B%5D=status_id&op%5Bstatus_id%5D=o&f%5B%5D=assigned_to_id&op%5Bassigned_to_id%5D=%3D&v%5Bassigned_to_id%5D%5B%5D=7150&f%5B%5D=&c%5B%5D=project&c%5B%5D=tracker&c%5B%5D=status&c%5B%5D=subject&c%5B%5D=assigned_to&c%5B%5D=updated_on&group_by=&t%5B%5D=
+[DeveloperHowTo]: https://bugs.ruby-lang.org/projects/ruby/wiki/DeveloperHowto
+[HackerOne]: https://hackerone.com/ruby
+[Security]: https://www.ruby-lang.org/en/security/
+[pull request]: https://github.com/ruby/openssl/compare
+[History.md]: https://github.com/ruby/openssl/tree/master/History.md

data/History.md

@@ -0,0 +1,118 @@
+Version 2.0.0
+=============
+
+This is the first release of openssl gem, formerly a standard library of Ruby,
+ext/openssl. This is the successor of the version included in Ruby 2.3.
+
+Compatibility notes
+-------------------
+
+* Support for OpenSSL version 0.9.6 and 0.9.7 is completely removed. openssl gem
+  still works with OpenSSL 0.9.8, but users are strongly encouraged to upgrade
+  to at least 1.0.1, as OpenSSL < 1.0.1 will not receive any security fixes from
+  the OpenSSL development team.
+
+Supported platforms
+-------------------
+
+* OpenSSL 1.0.0, 1.0.1, 1.0.2, 1.1.0
+* OpenSSL < 0.9.8 is no longer supported.
+* LibreSSL 2.1, 2.2, 2.3, 2.4
+* Ruby 2.3, 2.4
+
+Notable changes
+---------------
+
+* Add support for OpenSSL 1.1.0. [Feature #12324]
+* Add support for LibreSSL
+
+* OpenSSL::Cipher
+
+  - OpenSSL::Cipher#key= and #iv= reject too long inputs. They used to truncate
+    silently. [Bug #12561]
+
+  - OpenSSL::Cipher#iv_len= is added. It allows changing IV (nonce) length if
+    using AEAD ciphers.
+    [Bug #8667] [Bug #10420] [GH ruby/ruby#569] [GH ruby/openssl#58]
+
+  - OpenSSL::Cipher#auth_tag_len= is added. This sets the authentication tag
+    length to be generated by an AEAD cipher.
+
+* OpenSSL::OCSP
+
+  - Accessor methods are added to OpenSSL::OCSP::CertificateId. [Feature #7181]
+
+  - OpenSSL::OCSP::Request and BasicResponse can be signed with non-SHA-1 hash
+    algorithm. [Feature #11552]
+
+  - OpenSSL::OCSP::CertificateId and BasicResponse can be encoded into DER.
+
+  - A new class OpenSSL::OCSP::SingleResponse is added for convenience.
+
+  - OpenSSL::OCSP::BasicResponse#add_status accepts absolute times. They used to
+    accept only relative seconds from the current time.
+
+* OpenSSL::PKey::EC follows the general PKey interface. [Bug #6567]
+
+* OpenSSL::PKey.read raises OpenSSL::PKey::PKeyError instead of ArgumentError
+  for consistency with OpenSSL::PKey::{DH,DSA,RSA,EC}#new.
+  [Bug #11774] [GH ruby/openssl#55]
+
+* OpenSSL::SSL
+
+  - OpenSSL::SSL::SSLSocket#tmp_key is added. A client can call it after the
+    connection is established to retrieve the ephemeral key. [GH ruby/ruby#1318]
+
+  - The automatic ephemeral ECDH curve selection is enabled by default when
+    built with OpenSSL >= 1.0.2 or LibreSSL.
+
+  - OpenSSL::SSL::SSLContext#security_level= is added. You can set the "security
+    level" of the SSL context. This is effective only when built with OpenSSL
+    1.1.0.
+
+  - A new option 'verify_hostname' is added to OpenSSL::SSL::SSLContext. When it
+    is enabled, and the SNI hostname is also set, the hostname verification on
+    the server certificate is automatically performed. It is now enabled by
+    OpenSSL::SSL::Context#set_params. [GH ruby/openssl#60]
+
+Removals
+--------
+
+* OpenSSL::Engine
+
+  - OpenSSL::Engine.cleanup does nothing when built with OpenSSL 1.1.0.
+
+* OpenSSL::SSL
+
+  - OpenSSL::PKey::DH::DEFAULT_512 is removed. Hence servers no longer use
+    512-bit DH group by default. It is considered too weak nowadays.
+    [Bug #11968] [GH ruby/ruby#1196]
+
+  - RC4 cipher suites are removed from OpenSSL::SSL::SSLContext::DEFAULT_PARAMS.
+    RC4 is now considered to be weak. [GH ruby/openssl#50]
+
+Deprecations
+------------
+
+* OpenSSL::PKey
+
+  - OpenSSL::PKey::RSA#n=, #e=, #d=, #p=, #q=, #dmp1=, #dmq1=, #iqmp=,
+    OpenSSL::PKey::DSA#p=, #q=, #g=, #priv_key=, #pub_key=,
+    OpenSSL::PKey::DH#p=, #g=, #priv_key= and #pub_key= are deprecated. They are
+    disabled when built with OpenSSL 1.1.0, due to its API change. Instead,
+    OpenSSL::PKey::RSA#set_key, #set_factors, #set_crt_params,
+    OpenSSL::PKey::DSA#set_pqg, #set_key, OpenSSL::PKey::DH#set_pqg and #set_key
+    are added.
+
+* OpenSSL::Random
+
+  - OpenSSL::Random.pseudo_bytes is deprecated, and not defined when built with
+    OpenSSL 1.1.0. Use OpenSSL::Random.random_bytes instead.
+
+* OpenSSL::SSL
+
+  - OpenSSL::SSL::SSLContext#tmp_ecdh_callback is deprecated, as the underlying
+    API SSL_CTX_set_tmp_ecdh_callback() is removed in OpenSSL 1.1.0. It was
+    first added in Ruby 2.3.0. To specify the curve to be used in ephemeral
+    ECDH, use OpenSSL::SSL::SSLContext#ecdh_curves=. The automatic curve
+    selection is also now enabled by default when built with a capable OpenSSL.

data/LICENSE.txt

@@ -0,0 +1,56 @@
+Ruby is copyrighted free software by Yukihiro Matsumoto <matz@netlab.jp>.
+You can redistribute it and/or modify it under either the terms of the
+2-clause BSDL (see the file BSDL), or the conditions below:
+
+  1. You may make and give away verbatim copies of the source form of the
+     software without restriction, provided that you duplicate all of the
+     original copyright notices and associated disclaimers.
+
+  2. You may modify your copy of the software in any way, provided that
+     you do at least ONE of the following:
+
+       a) place your modifications in the Public Domain or otherwise
+          make them Freely Available, such as by posting said
+	  modifications to Usenet or an equivalent medium, or by allowing
+	  the author to include your modifications in the software.
+
+       b) use the modified software only within your corporation or
+          organization.
+
+       c) give non-standard binaries non-standard names, with
+          instructions on where to get the original software distribution.
+
+       d) make other distribution arrangements with the author.
+
+  3. You may distribute the software in object code or binary form,
+     provided that you do at least ONE of the following:
+
+       a) distribute the binaries and library files of the software,
+	  together with instructions (in the manual page or equivalent)
+	  on where to get the original distribution.
+
+       b) accompany the distribution with the machine-readable source of
+	  the software.
+
+       c) give non-standard binaries non-standard names, with
+          instructions on where to get the original software distribution.
+
+       d) make other distribution arrangements with the author.
+
+  4. You may modify and include the part of the software into any other
+     software (possibly commercial).  But some files in the distribution
+     are not written by the author, so that they are not under these terms.
+
+     For the list of those files and their copying conditions, see the
+     file LEGAL.
+
+  5. The scripts and library files supplied as input to or produced as 
+     output from the software do not automatically fall under the
+     copyright of the software, but belong to whomever generated them, 
+     and may be sold commercially, and may be aggregated with this
+     software.
+
+  6. THIS SOFTWARE IS PROVIDED "AS IS" AND WITHOUT ANY EXPRESS OR
+     IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
+     WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+     PURPOSE.

data/README.md

@@ -0,0 +1,70 @@
+# OpenSSL
+
+[![Build Status](https://travis-ci.org/ruby/openssl.svg?branch=master)](https://travis-ci.org/ruby/openssl)
+
+OpenSSL provides SSL, TLS and general purpose cryptography. It wraps the
+OpenSSL library.
+
+## Installation
+
+The openssl gem is available at [rubygems.org](https://rubygems.org/gems/openssl).
+You can install with:
+
+```
+gem install openssl
+```
+
+You may need to specify the path where OpenSSL is installed.
+
+```
+gem install openssl -- --with-openssl-dir=/opt/openssl
+```
+
+Alternatively, you can install the gem with `bundler`:
+
+```ruby
+# Gemfile
+gem 'openssl'
+# or specify git master
+gem 'openssl', github: 'ruby/openssl'
+```
+
+After doing `bundle install`, you should have the gem installed in your bundle.
+
+## Usage
+
+Once installed, you can require "openssl" in your application.
+
+```ruby
+require "openssl"
+```
+
+**NOTE**: If you are using Ruby 2.3 (and not Bundler), you **must** activate
+the gem version of openssl, otherwise the default gem packaged with the Ruby
+installation will be used:
+
+```ruby
+gem "openssl"
+require "openssl"
+```
+
+See the documentation on OpenSSL for more usage,
+and the official [OpenSSL library](http://www.openssl.org/).
+
+## Getting Started
+
+1. `$ gem install rake-compiler test-unit`
+2. `$ rake compile`
+3. `$ rake test`
+
+## Contributing
+
+Please read our [CONTRIBUTING.md] for instructions.
+
+## Security
+
+Security issues should be reported to ruby-core by following the process
+described on ["Security at ruby-lang.org"](https://www.ruby-lang.org/en/security/).
+
+
+[CONTRIBUTING.md]: https://github.com/ruby/openssl/tree/master/CONTRIBUTING.md

data/ext/openssl/deprecation.rb

@@ -0,0 +1,26 @@
+# frozen_string_literal: false
+module OpenSSL
+  def self.deprecated_warning_flag
+    unless flag = (@deprecated_warning_flag ||= nil)
+      if try_compile("", flag = "-Werror=deprecated-declarations")
+        if with_config("broken-apple-openssl")
+          flag = "-Wno-deprecated-declarations"
+        end
+        $warnflags << " #{flag}"
+      else
+        flag = ""
+      end
+      @deprecated_warning_flag = flag
+    end
+    flag
+  end
+
+  def self.check_func(func, header)
+    have_func(func, header, deprecated_warning_flag)
+  end
+
+  def self.check_func_or_macro(func, header)
+    check_func(func, header) or
+      have_macro(func, header) && $defs.push("-DHAVE_#{func.upcase}")
+  end
+end

data/ext/openssl/extconf.rb

@@ -0,0 +1,158 @@
+# -*- coding: us-ascii -*-
+# frozen_string_literal: false
+=begin
+= Info
+  'OpenSSL for Ruby 2' project
+  Copyright (C) 2002  Michal Rokos <m.rokos@sh.cvut.cz>
+  All rights reserved.
+
+= Licence
+  This program is licensed under the same licence as Ruby.
+  (See the file 'LICENCE'.)
+=end
+
+require "mkmf"
+require File.expand_path('../deprecation', __FILE__)
+
+dir_config("openssl")
+dir_config("kerberos")
+
+Logging::message "=== OpenSSL for Ruby configurator ===\n"
+
+# Add -Werror=deprecated-declarations to $warnflags if available
+OpenSSL.deprecated_warning_flag
+
+##
+# Adds -DOSSL_DEBUG for compilation and some more targets when GCC is used
+# To turn it on, use: --with-debug or --enable-debug
+#
+if with_config("debug") or enable_config("debug")
+  $defs.push("-DOSSL_DEBUG")
+end
+
+Logging::message "=== Checking for system dependent stuff... ===\n"
+have_library("nsl", "t_open")
+have_library("socket", "socket")
+have_header("assert.h")
+
+Logging::message "=== Checking for required stuff... ===\n"
+if $mingw
+  have_library("wsock32")
+  have_library("gdi32")
+end
+
+result = pkg_config("openssl") && have_header("openssl/ssl.h")
+unless result
+  result = have_header("openssl/ssl.h")
+  result &&= %w[crypto libeay32].any? {|lib| have_library(lib, "CRYPTO_malloc")}
+  result &&= %w[ssl ssleay32].any? {|lib| have_library(lib, "SSL_new")}
+  unless result
+    Logging::message "=== Checking for required stuff failed. ===\n"
+    Logging::message "Makefile wasn't created. Fix the errors above.\n"
+    exit 1
+  end
+end
+
+result = checking_for("OpenSSL version is 0.9.8 or later") {
+  try_static_assert("OPENSSL_VERSION_NUMBER >= 0x00908000L", "openssl/opensslv.h")
+}
+unless result
+  raise "OpenSSL 0.9.8 or later required."
+end
+
+unless OpenSSL.check_func("SSL_library_init()", "openssl/ssl.h")
+  raise "Ignore OpenSSL broken by Apple.\nPlease use another openssl. (e.g. using `configure --with-openssl-dir=/path/to/openssl')"
+end
+
+Logging::message "=== Checking for OpenSSL features... ===\n"
+# compile options
+
+# check OPENSSL_NO_{SSL2,SSL3_METHOD} macro: on some environment, these symbols
+# exist even if compiled with no-ssl2 or no-ssl3-method.
+unless have_macro("OPENSSL_NO_SSL2", "openssl/opensslconf.h")
+  have_func("SSLv2_method")
+end
+unless have_macro("OPENSSL_NO_SSL3_METHOD", "openssl/opensslconf.h")
+  have_func("SSLv3_method")
+end
+have_func("TLSv1_1_method")
+have_func("TLSv1_2_method")
+have_func("RAND_egd")
+engines = %w{builtin_engines openbsd_dev_crypto dynamic 4758cca aep atalla chil
+             cswift nuron sureware ubsec padlock capi gmp gost cryptodev aesni}
+engines.each { |name|
+  OpenSSL.check_func_or_macro("ENGINE_load_#{name}", "openssl/engine.h")
+}
+
+# added in 0.9.8X
+have_func("EVP_CIPHER_CTX_new")
+have_func("EVP_CIPHER_CTX_free")
+
+# added in 1.0.0
+have_func("ASN1_TIME_adj")
+have_func("EVP_CIPHER_CTX_copy")
+have_func("EVP_PKEY_base_id")
+have_func("HMAC_CTX_copy")
+have_func("PKCS5_PBKDF2_HMAC")
+have_func("X509_NAME_hash_old")
+have_func("X509_STORE_CTX_get0_current_crl")
+have_func("X509_STORE_set_verify_cb")
+have_func("i2d_ASN1_SET_ANY")
+have_func("SSL_SESSION_cmp") # removed
+OpenSSL.check_func_or_macro("SSL_set_tlsext_host_name", "openssl/ssl.h")
+have_struct_member("CRYPTO_THREADID", "ptr", "openssl/crypto.h")
+
+# added in 1.0.1
+have_func("SSL_CTX_set_next_proto_select_cb")
+have_macro("EVP_CTRL_GCM_GET_TAG", ['openssl/evp.h']) && $defs.push("-DHAVE_AUTHENTICATED_ENCRYPTION")
+
+# added in 1.0.2
+have_func("EC_curve_nist2nid")
+have_func("X509_REVOKED_dup")
+have_func("X509_STORE_CTX_get0_store")
+have_func("SSL_CTX_set_alpn_select_cb")
+OpenSSL.check_func_or_macro("SSL_CTX_set1_curves_list", "openssl/ssl.h")
+OpenSSL.check_func_or_macro("SSL_CTX_set_ecdh_auto", "openssl/ssl.h")
+OpenSSL.check_func_or_macro("SSL_get_server_tmp_key", "openssl/ssl.h")
+have_func("SSL_is_server")
+
+# added in 1.1.0
+have_func("CRYPTO_lock") || $defs.push("-DHAVE_OPENSSL_110_THREADING_API")
+have_struct_member("SSL", "ctx", "openssl/ssl.h") || $defs.push("-DHAVE_OPAQUE_OPENSSL")
+have_func("BN_GENCB_new")
+have_func("BN_GENCB_free")
+have_func("BN_GENCB_get_arg")
+have_func("EVP_MD_CTX_new")
+have_func("EVP_MD_CTX_free")
+have_func("HMAC_CTX_new")
+have_func("HMAC_CTX_free")
+OpenSSL.check_func("RAND_pseudo_bytes", "openssl/rand.h") # deprecated
+have_func("X509_STORE_get_ex_data")
+have_func("X509_STORE_set_ex_data")
+have_func("X509_CRL_get0_signature")
+have_func("X509_REQ_get0_signature")
+have_func("X509_REVOKED_get0_serialNumber")
+have_func("X509_REVOKED_get0_revocationDate")
+have_func("X509_get0_tbs_sigalg")
+have_func("X509_STORE_CTX_get0_untrusted")
+have_func("X509_STORE_CTX_get0_cert")
+have_func("X509_STORE_CTX_get0_chain")
+have_func("OCSP_SINGLERESP_get0_id")
+have_func("SSL_CTX_get_ciphers")
+have_func("X509_up_ref")
+have_func("X509_CRL_up_ref")
+have_func("X509_STORE_up_ref")
+have_func("SSL_SESSION_up_ref")
+have_func("EVP_PKEY_up_ref")
+OpenSSL.check_func_or_macro("SSL_CTX_set_tmp_ecdh_callback", "openssl/ssl.h") # removed
+OpenSSL.check_func_or_macro("SSL_CTX_set_min_proto_version", "openssl/ssl.h")
+have_func("SSL_CTX_get_security_level")
+have_func("X509_get0_notBefore")
+
+Logging::message "=== Checking done. ===\n"
+
+create_header
+create_makefile("openssl") {|conf|
+  conf << "THREAD_MODEL = #{CONFIG["THREAD_MODEL"]}\n"
+}
+Logging::message "Done.\n"