rbs 1.3.3 → 1.4.0

data/core/integer.rbs

@@ -361,8 +361,7 @@ class Integer < Numeric
   #     18.floor(-1)      #=> 10
   #     (-18).floor(-1)   #=> -20
   #
-  def floor: () -> Integer
-           | (int digits) -> (Integer | Float)
+  def floor: (?int digits) -> Integer
 
   # Returns the greatest common divisor of the two integers. The result is always
   # positive. 0.gcd(x) and x.gcd(0) return x.abs.

data/core/io.rbs

@@ -534,8 +534,8 @@ class IO < Object
   #
   def read: (?Integer? length, ?String outbuf) -> String?
 
-  def read_nonblock: (Integer len) -> String
-                   | (Integer len, ?String buf) -> String
+  def read_nonblock: (Integer len, ?String buf, ?exception: true) -> String
+                   | (Integer len, ?String buf, exception: false) -> (String | :wait_readable | nil)
 
   # Reads a byte as with `IO#getbyte`, but raises an `EOFError` on end of
   # file.
@@ -704,6 +704,9 @@ class IO < Object
   #
   def write: (*_ToS string) -> Integer
 
+  def write_nonblock: (_ToS s, ?exception: true) -> Integer
+                    | (_ToS s, exception: false) -> (Integer | :wait_writable | nil)
+
   # Opens the file, optionally seeks to the given *offset*, then returns *length*
   # bytes (defaulting to the rest of the file). #binread ensures the file is
   # closed before returning.  The open mode would be `"rb:ASCII-8BIT"`.
@@ -746,7 +749,8 @@ class IO < Object
 
   def self.readlines: (String name, ?String sep, ?Integer limit, ?external_encoding: String external_encoding, ?internal_encoding: String internal_encoding, ?encoding: String encoding, ?textmode: untyped textmode, ?binmode: untyped binmode, ?autoclose: untyped autoclose, ?mode: String mode) -> ::Array[String]
 
-  def self.select: (::Array[io]? read_array, ?::Array[io]? write_array, ?::Array[io]? error_array, ?Numeric? timeout) -> ::Array[::Array[io]]?
+  def self.select: [X, Y, Z] (::Array[X & io]? read_array, ?::Array[Y & io]? write_array, ?::Array[Z & io]? error_array) -> [Array[X], Array[Y], Array[Z]]
+                 | [X, Y, Z] (::Array[X & io]? read_array, ?::Array[Y & io]? write_array, ?::Array[Z & io]? error_array, Numeric? timeout) -> [Array[X], Array[Y], Array[Z]]?
 
   def self.sysopen: (String path, ?String mode, ?String perm) -> Integer
 

data/core/kernel.rbs

@@ -113,6 +113,7 @@ module Kernel : BasicObject
   def self?.Array: (NilClass x) -> [ ]
            | [T] (::Array[T] x) -> ::Array[T]
            | [T] (::Range[T] x) -> ::Array[T]
+           | [T] (_Each[T] x) -> ::Array[T]
            | [K, V] (::Hash[K, V] x) -> ::Array[[K, V]]
            | [T] (T x) -> ::Array[T]
 
@@ -127,7 +128,15 @@ module Kernel : BasicObject
 
   def self?.Rational: (Numeric | String | Object x, ?Numeric | String y, ?exception: bool exception) -> Rational
 
-  def self?.String: (Object x) -> String
+  # Returns *arg* as a String.
+  #
+  # First tries to call its `to_str` method, then its `to_s` method.
+  #
+  #     String(self)        #=> "main"
+  #     String(self.class)  #=> "Object"
+  #     String(123456)      #=> "123456"
+  #
+  def self?.String: (_ToStr | _ToS x) -> String
 
   # Returns the called name of the current method as a
   # [Symbol](https://ruby-doc.org/core-2.6.3/Symbol.html). If called
@@ -463,6 +472,19 @@ module Kernel : BasicObject
   # ```
   def self?.exec: (*String args) -> bot
 
+  type redirect_fd = Integer # redirect to the file descriptor in parent process
+                   | :in | :out | :err # standard input / output / error
+                   | IO # the file descriptor specified as io.fileno
+                   | String # redirect to file with open(string, File::RDONLY)
+                   | [String] # # redirect to file with open(string, File::RDONLY)
+                   | [String, string | int] # redirect to file with open(string, open_mode, 0644)
+                   | [String, string | int, int] # redirect to file with open(string, open_mode, perm)
+                   | [:child, int] # redirect to the redirected file descriptor
+                   | :close # close the file descriptor in child process
+
+  def self?.spawn: (String command, *String args, ?unsetenv_others: boolish, ?pgroup?: (true | Integer), ?umask: Integer, ?in: redirect_fd, ?out: redirect_fd, ?err: redirect_fd, ?close_others: boolish, ?chdir: String) -> Integer
+                 | (Hash[string, string?] env, String command, *String args, ?unsetenv_others: boolish, ?pgroup?: (true | Integer), ?umask: Integer, ?in: redirect_fd, ?out: redirect_fd, ?err: redirect_fd, ?close_others: boolish, ?chdir: String) -> Integer
+
   # Executes *command…* in a subshell. *command…* is one of following forms.
   #
   #     commandline                 : command line string which is passed to the standard shell
@@ -488,7 +510,8 @@ module Kernel : BasicObject
   #     *
   #
   # See `Kernel.exec` for the standard shell.
-  def self?.system: (*String args) -> (NilClass | FalseClass | TrueClass)
+  def self?.system: (String command, *String args, ?unsetenv_others: boolish, ?pgroup?: (true | Integer), ?umask: Integer, ?in: redirect_fd, ?out: redirect_fd, ?err: redirect_fd, ?close_others: boolish, ?chdir: String) -> (NilClass | FalseClass | TrueClass)
+                  | (Hash[string, string?] env, String command, *String args, ?unsetenv_others: boolish, ?pgroup?: (true | Integer), ?umask: Integer, ?in: redirect_fd, ?out: redirect_fd, ?err: redirect_fd, ?close_others: boolish, ?chdir: String) -> (NilClass | FalseClass | TrueClass)
 end
 
 Kernel::RUBYGEMS_ACTIVATION_MONITOR: untyped

data/core/object.rbs

@@ -206,7 +206,7 @@ class Object < BasicObject
   #     enum.size # => 42
   #
   def enum_for: (Symbol method, *untyped args) ?{ (*untyped args) -> Integer } -> Enumerator[untyped, untyped]
-              | (*untyped args) ?{ (*untyped args) -> Integer } -> Enumerator[untyped, untyped]
+              | () ?{ () -> Integer } -> Enumerator[untyped, self]
 
   # Creates a new Enumerator which will enumerate by calling `method` on `obj`,
   # passing `args` if any.

data/core/range.rbs

@@ -101,7 +101,9 @@ class Range[out Elem] < Object
   # ```
   def begin: () -> Elem      # Begin-less ranges have type of Range[Integer?]
 
-  def bsearch: [U] () { (Elem) -> boolish } -> U?
+  def bsearch: () -> ::Enumerator[Elem, Elem?]
+             | () { (Elem) -> (true | false) } -> Elem?
+             | () { (Elem) -> ::Integer } -> Elem?
 
   def cover?: (untyped obj) -> bool
 
@@ -132,7 +134,7 @@ class Range[out Elem] < Object
   # (10..20).first(3)  #=> [10, 11, 12]
   # ```
   def first: () -> Elem
-           | (?Integer n) -> ::Array[Elem]
+           | (Integer n) -> ::Array[Elem]
 
   # Compute a hash-code for this range. Two ranges with equal begin and end
   # points (using `eql?` ), and the same
@@ -165,7 +167,7 @@ class Range[out Elem] < Object
   # (10...20).last(3)  #=> [17, 18, 19]
   # ```
   def last: () -> Elem
-          | (?Integer n) -> ::Array[Elem]
+          | (Integer n) -> ::Array[Elem]
 
   # Returns the maximum value in the range. Returns `nil` if the begin value
   # of the range larger than the end value. Returns `nil` if the begin value
@@ -178,9 +180,9 @@ class Range[out Elem] < Object
   # (10..20).max    #=> 20
   # ```
   def max: () -> Elem
-         | () { (Elem arg0, Elem arg1) -> Integer } -> Elem
-         | (?Integer n) -> ::Array[Elem]
-         | (?Integer n) { (Elem arg0, Elem arg1) -> Integer } -> ::Array[Elem]
+         | () { (Elem a, Elem b) -> Integer } -> Elem
+         | (Integer n) -> ::Array[Elem]
+         | (Integer n) { (Elem a, Elem b) -> Integer } -> ::Array[Elem]
 
   # Returns the minimum value in the range. Returns `nil` if the begin value
   # of the range is larger than the end value. Returns `nil` if the begin
@@ -193,9 +195,9 @@ class Range[out Elem] < Object
   # (10..20).min    #=> 10
   # ```
   def min: () -> Elem
-         | () { (Elem arg0, Elem arg1) -> Integer } -> Elem
-         | (?Integer n) -> ::Array[Elem]
-         | (?Integer n) { (Elem arg0, Elem arg1) -> Integer } -> ::Array[Elem]
+         | () { (Elem a, Elem b) -> Integer } -> Elem
+         | (Integer n) -> ::Array[Elem]
+         | (Integer n) { (Elem a, Elem b) -> Integer } -> ::Array[Elem]
 
   # Returns the number of elements in the range. Both the begin and the end
   # of the [Range](Range.downloaded.ruby_doc) must be

data/core/true_class.rbs

@@ -5,13 +5,13 @@
 class TrueClass
   public
 
-  def !: () -> bool
+  def !: () -> false
 
   # And---Returns `false` if *obj* is `nil` or `false`, `true` otherwise.
   #
   def &: (nil) -> false
        | (false) -> false
-       | (untyped obj) -> bool
+       | (untyped obj) -> true
 
   # Case Equality -- For class Object, effectively the same as calling `#==`, but
   # typically overridden by descendants to provide meaningful semantics in `case`
@@ -24,7 +24,7 @@ class TrueClass
   #
   def ^: (nil) -> true
        | (false) -> true
-       | (untyped obj) -> bool
+       | (untyped obj) -> false
 
   alias inspect to_s
 
@@ -42,5 +42,5 @@ class TrueClass
   #
   #     or
   #
-  def |: (boolish obj) -> bool
+  def |: (untyped obj) -> true
 end

data/lib/rbs.rb

@@ -44,6 +44,7 @@ require "rbs/factory"
 require "rbs/repository"
 require "rbs/ancestor_graph"
 require "rbs/locator"
+require "rbs/type_alias_dependency"
 
 begin
   require "rbs/parser"

data/lib/rbs/cli.rb

@@ -451,6 +451,7 @@ EOU
         builder.expand_alias(name).tap do |type|
           validator.validate_type type, context: [Namespace.root]
         end
+        validator.validate_type_alias(entry: decl)
       end
     end
 

data/lib/rbs/errors.rb

@@ -386,4 +386,20 @@ module RBS
       end
     end
   end
+
+  class RecursiveTypeAliasError < LoadingError
+    attr_reader :alias_names
+    attr_reader :location
+
+    def initialize(alias_names:, location:)
+      @alias_names = alias_names
+      @location = location
+
+      super "#{Location.to_string location}: Recursive type alias definition found for: #{name}"
+    end
+
+    def name
+      @alias_names.map(&:name).join(', ')
+    end
+  end
 end

data/lib/rbs/parser.rb

@@ -326,7 +326,7 @@ def next_token
     new_token(:tUKEYWORD, input.matched.chop.to_sym)
   when input.scan(/[A-Z]\w*[?!]:/)
     new_token(:tUKEYWORD_Q_E, input.matched.chop.to_sym)
-  when input.scan(/\$[A-Za-z_]\w*/)
+  when input.scan(/\$([A-Za-z_]\w*|[~*$?!@\/\\;,.=:<>"&`'+]|\d+|-[0-9_A-Za-z])/)
     new_token(:tGLOBALIDENT)
   when input.scan(/@[a-zA-Z_]\w*/)
     new_token(:tIVAR, input.matched.to_sym)

data/lib/rbs/parser.y

@@ -1708,7 +1708,7 @@ def next_token
     new_token(:tUKEYWORD, input.matched.chop.to_sym)
   when input.scan(/[A-Z]\w*[?!]:/)
     new_token(:tUKEYWORD_Q_E, input.matched.chop.to_sym)
-  when input.scan(/\$[A-Za-z_]\w*/)
+  when input.scan(/\$([A-Za-z_]\w*|[~*$?!@\/\\;,.=:<>"&`'+]|\d+|-[0-9_A-Za-z])/)
     new_token(:tGLOBALIDENT)
   when input.scan(/@[a-zA-Z_]\w*/)
     new_token(:tIVAR, input.matched.to_sym)

data/lib/rbs/prototype/rb.rb

@@ -319,9 +319,16 @@ module RBS
                          const_to_name(node.children[0])
                        end
 
+          value_node = node.children.last
+          type = if value_node.nil?
+                  # Give up type prediction when node is MASGN.
+                  Types::Bases::Any.new(location: nil)
+                else
+                  node_type(value_node)
+                end
           decls << AST::Declarations::Constant.new(
             name: const_name,
-            type: node_type(node.children.last),
+            type: type,
             location: nil,
             comment: comments[node.first_lineno - 1]
           )

data/lib/rbs/prototype/runtime.rb

@@ -87,7 +87,7 @@ module RBS
             unless const_name(mix)
               RBS.logger.warn("Skipping anonymous module #{mix} included in #{mod}")
             else
-              module_name = module_full_name = to_type_name(const_name(mix))
+              module_name = module_full_name = to_type_name(const_name(mix), full_name: true)
               if module_full_name.namespace == type_name.namespace
                 module_name = TypeName.new(name: module_full_name.name, namespace: Namespace.empty)
               end

data/lib/rbs/type_alias_dependency.rb

@@ -0,0 +1,88 @@
+module RBS
+  class TypeAliasDependency
+    attr_reader :env
+
+    # Direct dependencies corresponds to a directed graph
+    # with vertices as types and directions based on assignment of types
+    attr_reader :direct_dependencies
+    # A hash which stores the transitive closure
+    # of the directed graph
+    attr_reader :dependencies
+
+    def initialize(env:)
+      @env = env
+    end
+
+    # Check if an alias type definition is circular & prohibited
+    def circular_definition?(alias_name)
+      # Construct transitive closure, if not constructed already
+      transitive_closure() unless @dependencies
+
+      # Check for recursive type alias
+      @dependencies[alias_name][alias_name]
+    end
+
+    def build_dependencies
+      return if @direct_dependencies
+
+      # Initialize hash(a directed graph)
+      @direct_dependencies = {}
+      # Initialize dependencies as an empty hash
+      @dependencies = {}
+      # Iterate over alias declarations inserted into environment
+      env.alias_decls.each do |name, entry|
+        # Construct a directed graph by recursively extracting type aliases
+        @direct_dependencies[name] = direct_dependency(entry.decl.type)
+        # Initialize dependencies with an empty hash
+        @dependencies[name] = {}
+      end
+    end
+
+    def transitive_closure
+      # Construct a graph of direct dependencies
+      build_dependencies()
+      # Construct transitive closure by using DFS(recursive technique)
+      @direct_dependencies.each_key do |name|
+        dependency(name, name)
+      end
+    end
+
+    private
+
+    # Constructs directed graph recursively
+    def direct_dependency(type, result = Set[])
+      case type
+      when RBS::Types::Union, RBS::Types::Intersection, RBS::Types::Optional
+        # Iterate over nested types & extract type aliases recursively
+        type.each_type do |nested_type|
+          direct_dependency(nested_type, result)
+        end
+      when RBS::Types::Alias
+        # Append type name if the type is an alias
+        result << type.name
+      end
+
+      result
+    end
+
+    # Recursive function to construct transitive closure
+    def dependency(start, vertex, nested = nil)
+      if (start == vertex)
+        if (@direct_dependencies[start].include?(vertex) || nested)
+          # Mark a vertex as connected to itself
+          # if it is connected as an edge || a path(traverse multiple edges)
+          @dependencies[start][vertex] = true
+        end
+      else
+        # Mark a pair of vertices as connected while recursively performing DFS
+        @dependencies[start][vertex] = true
+      end
+
+      # Iterate over the direct dependencies of the vertex
+      @direct_dependencies[vertex]&.each do |type_name|
+        # Invoke the function unless it is already checked
+        dependency(start, type_name, start == type_name) unless @dependencies[start][type_name]
+      end
+    end
+  end
+end

data/lib/rbs/validator.rb

@@ -53,5 +53,10 @@ module RBS
         validate_type(type, context: context)
       end
     end
+
+    def validate_type_alias(entry:)
+      @type_alias_dependency ||= TypeAliasDependency.new(env: env)
+      raise RecursiveTypeAliasError.new(alias_names: [entry.decl.name], location: entry.decl.location) if @type_alias_dependency.circular_definition?(entry.decl.name)
+    end
   end
 end

data/lib/rbs/version.rb

@@ -1,3 +1,3 @@
 module RBS
-  VERSION = "1.3.3"
+  VERSION = "1.4.0"
 end

data/sig/errors.rbs

@@ -196,4 +196,13 @@ module RBS
 
     def mixin_name: () -> String
   end
+
+  class RecursiveTypeAliasError < LoadingError
+    attr_reader alias_names: Array[TypeName]
+    attr_reader location: Location
+
+    def initialize: (alias_names: Array[TypeName], location: Location) -> void
+
+    def name: () -> String
+  end
 end

data/sig/type_alias_dependency.rbs

@@ -0,0 +1,22 @@
+module RBS
+  class TypeAliasDependency
+    attr_reader env: Environment
+
+    attr_reader direct_dependencies: Hash[TypeName, Set[TypeName]]
+    attr_reader dependencies: Hash[TypeName, Hash[TypeName, bool]]
+
+    def initialize: (env: Environment) -> void
+
+    def circular_definition?: (TypeName alias_name) -> bool
+
+    def build_dependencies: () -> void
+
+    def transitive_closure: () -> void
+
+    private
+
+    def direct_dependency: (Types::t `type`, ?Set[TypeName] result) -> Set[TypeName]
+
+    def dependency: (TypeName start, TypeName vertex, ?boolish nested) -> void
+  end
+end

data/sig/validator.rbs

@@ -8,5 +8,7 @@ module RBS
     def absolute_type: (Types::t, context: TypeNameResolver::context) { (Types::t) -> TypeName } -> Types::t
 
     def validate_type: (Types::t, context: TypeNameResolver::context) -> void
+
+    def validate_type_alias: (entry: Environment::SingleEntry[TypeName, AST::Declarations::Alias]) -> void
   end
 end

data/stdlib/openssl/0/openssl.rbs

@@ -0,0 +1,3711 @@
+# OpenSSL provides SSL, TLS and general purpose cryptography.  It wraps the
+# [OpenSSL](https://www.openssl.org/) library.
+#
+# # Examples
+#
+# All examples assume you have loaded OpenSSL with:
+#
+#     require 'openssl'
+#
+# These examples build atop each other.  For example the key created in the next
+# is used in throughout these examples.
+#
+# ## Keys
+#
+# ### Creating a Key
+#
+# This example creates a 2048 bit RSA keypair and writes it to the current
+# directory.
+#
+#     key = OpenSSL::PKey::RSA.new 2048
+#
+#     open 'private_key.pem', 'w' do |io| io.write key.to_pem end
+#     open 'public_key.pem', 'w' do |io| io.write key.public_key.to_pem end
+#
+# ### Exporting a Key
+#
+# Keys saved to disk without encryption are not secure as anyone who gets ahold
+# of the key may use it unless it is encrypted.  In order to securely export a
+# key you may export it with a pass phrase.
+#
+#     cipher = OpenSSL::Cipher.new 'AES-256-CBC'
+#     pass_phrase = 'my secure pass phrase goes here'
+#
+#     key_secure = key.export cipher, pass_phrase
+#
+#     open 'private.secure.pem', 'w' do |io|
+#       io.write key_secure
+#     end
+#
+# OpenSSL::Cipher.ciphers returns a list of available ciphers.
+#
+# ### Loading a Key
+#
+# A key can also be loaded from a file.
+#
+#     key2 = OpenSSL::PKey::RSA.new File.read 'private_key.pem'
+#     key2.public? # => true
+#     key2.private? # => true
+#
+# or
+#
+#     key3 = OpenSSL::PKey::RSA.new File.read 'public_key.pem'
+#     key3.public? # => true
+#     key3.private? # => false
+#
+# ### Loading an Encrypted Key
+#
+# OpenSSL will prompt you for your pass phrase when loading an encrypted key. If
+# you will not be able to type in the pass phrase you may provide it when
+# loading the key:
+#
+#     key4_pem = File.read 'private.secure.pem'
+#     pass_phrase = 'my secure pass phrase goes here'
+#     key4 = OpenSSL::PKey::RSA.new key4_pem, pass_phrase
+#
+# ## RSA Encryption
+#
+# RSA provides encryption and decryption using the public and private keys. You
+# can use a variety of padding methods depending upon the intended use of
+# encrypted data.
+#
+# ### Encryption & Decryption
+#
+# Asymmetric public/private key encryption is slow and victim to attack in cases
+# where it is used without padding or directly to encrypt larger chunks of data.
+# Typical use cases for RSA encryption involve "wrapping" a symmetric key with
+# the public key of the recipient who would "unwrap" that symmetric key again
+# using their private key. The following illustrates a simplified example of
+# such a key transport scheme. It shouldn't be used in practice, though,
+# standardized protocols should always be preferred.
+#
+#     wrapped_key = key.public_encrypt key
+#
+# A symmetric key encrypted with the public key can only be decrypted with the
+# corresponding private key of the recipient.
+#
+#     original_key = key.private_decrypt wrapped_key
+#
+# By default PKCS#1 padding will be used, but it is also possible to use other
+# forms of padding, see PKey::RSA for further details.
+#
+# ### Signatures
+#
+# Using "private_encrypt" to encrypt some data with the private key is
+# equivalent to applying a digital signature to the data. A verifying party may
+# validate the signature by comparing the result of decrypting the signature
+# with "public_decrypt" to the original data. However, OpenSSL::PKey already has
+# methods "sign" and "verify" that handle digital signatures in a standardized
+# way - "private_encrypt" and "public_decrypt" shouldn't be used in practice.
+#
+# To sign a document, a cryptographically secure hash of the document is
+# computed first, which is then signed using the private key.
+#
+#     signature = key.sign 'SHA256', document
+#
+# To validate the signature, again a hash of the document is computed and the
+# signature is decrypted using the public key. The result is then compared to
+# the hash just computed, if they are equal the signature was valid.
+#
+#     if key.verify 'SHA256', signature, document
+#       puts 'Valid'
+#     else
+#       puts 'Invalid'
+#     end
+#
+# ## PBKDF2 Password-based Encryption
+#
+# If supported by the underlying OpenSSL version used, Password-based Encryption
+# should use the features of PKCS5. If not supported or if required by legacy
+# applications, the older, less secure methods specified in RFC 2898 are also
+# supported (see below).
+#
+# PKCS5 supports PBKDF2 as it was specified in PKCS#5
+# [v2.0](http://www.rsa.com/rsalabs/node.asp?id=2127). It still uses a password,
+# a salt, and additionally a number of iterations that will slow the key
+# derivation process down. The slower this is, the more work it requires being
+# able to brute-force the resulting key.
+#
+# ### Encryption
+#
+# The strategy is to first instantiate a Cipher for encryption, and then to
+# generate a random IV plus a key derived from the password using PBKDF2. PKCS
+# #5 v2.0 recommends at least 8 bytes for the salt, the number of iterations
+# largely depends on the hardware being used.
+#
+#     cipher = OpenSSL::Cipher.new 'AES-256-CBC'
+#     cipher.encrypt
+#     iv = cipher.random_iv
+#
+#     pwd = 'some hopefully not to easily guessable password'
+#     salt = OpenSSL::Random.random_bytes 16
+#     iter = 20000
+#     key_len = cipher.key_len
+#     digest = OpenSSL::Digest.new('SHA256')
+#
+#     key = OpenSSL::PKCS5.pbkdf2_hmac(pwd, salt, iter, key_len, digest)
+#     cipher.key = key
+#
+#     Now encrypt the data:
+#
+#     encrypted = cipher.update document
+#     encrypted << cipher.final
+#
+# ### Decryption
+#
+# Use the same steps as before to derive the symmetric AES key, this time
+# setting the Cipher up for decryption.
+#
+#     cipher = OpenSSL::Cipher.new 'AES-256-CBC'
+#     cipher.decrypt
+#     cipher.iv = iv # the one generated with #random_iv
+#
+#     pwd = 'some hopefully not to easily guessable password'
+#     salt = ... # the one generated above
+#     iter = 20000
+#     key_len = cipher.key_len
+#     digest = OpenSSL::Digest.new('SHA256')
+#
+#     key = OpenSSL::PKCS5.pbkdf2_hmac(pwd, salt, iter, key_len, digest)
+#     cipher.key = key
+#
+#     Now decrypt the data:
+#
+#     decrypted = cipher.update encrypted
+#     decrypted << cipher.final
+#
+# ## PKCS #5 Password-based Encryption
+#
+# PKCS #5 is a password-based encryption standard documented at
+# [RFC2898](http://www.ietf.org/rfc/rfc2898.txt).  It allows a short password or
+# passphrase to be used to create a secure encryption key. If possible, PBKDF2
+# as described above should be used if the circumstances allow it.
+#
+# PKCS #5 uses a Cipher, a pass phrase and a salt to generate an encryption key.
+#
+#     pass_phrase = 'my secure pass phrase goes here'
+#     salt = '8 octets'
+#
+# ### Encryption
+#
+# First set up the cipher for encryption
+#
+#     encryptor = OpenSSL::Cipher.new 'AES-256-CBC'
+#     encryptor.encrypt
+#     encryptor.pkcs5_keyivgen pass_phrase, salt
+#
+# Then pass the data you want to encrypt through
+#
+#     encrypted = encryptor.update 'top secret document'
+#     encrypted << encryptor.final
+#
+# ### Decryption
+#
+# Use a new Cipher instance set up for decryption
+#
+#     decryptor = OpenSSL::Cipher.new 'AES-256-CBC'
+#     decryptor.decrypt
+#     decryptor.pkcs5_keyivgen pass_phrase, salt
+#
+# Then pass the data you want to decrypt through
+#
+#     plain = decryptor.update encrypted
+#     plain << decryptor.final
+#
+# ## X509 Certificates
+#
+# ### Creating a Certificate
+#
+# This example creates a self-signed certificate using an RSA key and a SHA1
+# signature.
+#
+#     key = OpenSSL::PKey::RSA.new 2048
+#     name = OpenSSL::X509::Name.parse '/CN=nobody/DC=example'
+#
+#     cert = OpenSSL::X509::Certificate.new
+#     cert.version = 2
+#     cert.serial = 0
+#     cert.not_before = Time.now
+#     cert.not_after = Time.now + 3600
+#
+#     cert.public_key = key.public_key
+#     cert.subject = name
+#
+# ### Certificate Extensions
+#
+# You can add extensions to the certificate with OpenSSL::SSL::ExtensionFactory
+# to indicate the purpose of the certificate.
+#
+#     extension_factory = OpenSSL::X509::ExtensionFactory.new nil, cert
+#
+#     cert.add_extension \
+#       extension_factory.create_extension('basicConstraints', 'CA:FALSE', true)
+#
+#     cert.add_extension \
+#       extension_factory.create_extension(
+#         'keyUsage', 'keyEncipherment,dataEncipherment,digitalSignature')
+#
+#     cert.add_extension \
+#       extension_factory.create_extension('subjectKeyIdentifier', 'hash')
+#
+# The list of supported extensions (and in some cases their possible values) can
+# be derived from the "objects.h" file in the OpenSSL source code.
+#
+# ### Signing a Certificate
+#
+# To sign a certificate set the issuer and use OpenSSL::X509::Certificate#sign
+# with a digest algorithm.  This creates a self-signed cert because we're using
+# the same name and key to sign the certificate as was used to create the
+# certificate.
+#
+#     cert.issuer = name
+#     cert.sign key, OpenSSL::Digest.new('SHA1')
+#
+#     open 'certificate.pem', 'w' do |io| io.write cert.to_pem end
+#
+# ### Loading a Certificate
+#
+# Like a key, a cert can also be loaded from a file.
+#
+#     cert2 = OpenSSL::X509::Certificate.new File.read 'certificate.pem'
+#
+# ### Verifying a Certificate
+#
+# Certificate#verify will return true when a certificate was signed with the
+# given public key.
+#
+#     raise 'certificate can not be verified' unless cert2.verify key
+#
+# ## Certificate Authority
+#
+# A certificate authority (CA) is a trusted third party that allows you to
+# verify the ownership of unknown certificates.  The CA issues key signatures
+# that indicate it trusts the user of that key.  A user encountering the key can
+# verify the signature by using the CA's public key.
+#
+# ### CA Key
+#
+# CA keys are valuable, so we encrypt and save it to disk and make sure it is
+# not readable by other users.
+#
+#     ca_key = OpenSSL::PKey::RSA.new 2048
+#     pass_phrase = 'my secure pass phrase goes here'
+#
+#     cipher = OpenSSL::Cipher.new 'AES-256-CBC'
+#
+#     open 'ca_key.pem', 'w', 0400 do |io|
+#       io.write ca_key.export(cipher, pass_phrase)
+#     end
+#
+# ### CA Certificate
+#
+# A CA certificate is created the same way we created a certificate above, but
+# with different extensions.
+#
+#     ca_name = OpenSSL::X509::Name.parse '/CN=ca/DC=example'
+#
+#     ca_cert = OpenSSL::X509::Certificate.new
+#     ca_cert.serial = 0
+#     ca_cert.version = 2
+#     ca_cert.not_before = Time.now
+#     ca_cert.not_after = Time.now + 86400
+#
+#     ca_cert.public_key = ca_key.public_key
+#     ca_cert.subject = ca_name
+#     ca_cert.issuer = ca_name
+#
+#     extension_factory = OpenSSL::X509::ExtensionFactory.new
+#     extension_factory.subject_certificate = ca_cert
+#     extension_factory.issuer_certificate = ca_cert
+#
+#     ca_cert.add_extension \
+#       extension_factory.create_extension('subjectKeyIdentifier', 'hash')
+#
+# This extension indicates the CA's key may be used as a CA.
+#
+#     ca_cert.add_extension \
+#       extension_factory.create_extension('basicConstraints', 'CA:TRUE', true)
+#
+# This extension indicates the CA's key may be used to verify signatures on both
+# certificates and certificate revocations.
+#
+#     ca_cert.add_extension \
+#       extension_factory.create_extension(
+#         'keyUsage', 'cRLSign,keyCertSign', true)
+#
+# Root CA certificates are self-signed.
+#
+#     ca_cert.sign ca_key, OpenSSL::Digest.new('SHA1')
+#
+# The CA certificate is saved to disk so it may be distributed to all the users
+# of the keys this CA will sign.
+#
+#     open 'ca_cert.pem', 'w' do |io|
+#       io.write ca_cert.to_pem
+#     end
+#
+# ### Certificate Signing Request
+#
+# The CA signs keys through a Certificate Signing Request (CSR).  The CSR
+# contains the information necessary to identify the key.
+#
+#     csr = OpenSSL::X509::Request.new
+#     csr.version = 0
+#     csr.subject = name
+#     csr.public_key = key.public_key
+#     csr.sign key, OpenSSL::Digest.new('SHA1')
+#
+# A CSR is saved to disk and sent to the CA for signing.
+#
+#     open 'csr.pem', 'w' do |io|
+#       io.write csr.to_pem
+#     end
+#
+# ### Creating a Certificate from a CSR
+#
+# Upon receiving a CSR the CA will verify it before signing it.  A minimal
+# verification would be to check the CSR's signature.
+#
+#     csr = OpenSSL::X509::Request.new File.read 'csr.pem'
+#
+#     raise 'CSR can not be verified' unless csr.verify csr.public_key
+#
+# After verification a certificate is created, marked for various usages, signed
+# with the CA key and returned to the requester.
+#
+#     csr_cert = OpenSSL::X509::Certificate.new
+#     csr_cert.serial = 0
+#     csr_cert.version = 2
+#     csr_cert.not_before = Time.now
+#     csr_cert.not_after = Time.now + 600
+#
+#     csr_cert.subject = csr.subject
+#     csr_cert.public_key = csr.public_key
+#     csr_cert.issuer = ca_cert.subject
+#
+#     extension_factory = OpenSSL::X509::ExtensionFactory.new
+#     extension_factory.subject_certificate = csr_cert
+#     extension_factory.issuer_certificate = ca_cert
+#
+#     csr_cert.add_extension \
+#       extension_factory.create_extension('basicConstraints', 'CA:FALSE')
+#
+#     csr_cert.add_extension \
+#       extension_factory.create_extension(
+#         'keyUsage', 'keyEncipherment,dataEncipherment,digitalSignature')
+#
+#     csr_cert.add_extension \
+#       extension_factory.create_extension('subjectKeyIdentifier', 'hash')
+#
+#     csr_cert.sign ca_key, OpenSSL::Digest.new('SHA1')
+#
+#     open 'csr_cert.pem', 'w' do |io|
+#       io.write csr_cert.to_pem
+#     end
+#
+# ## SSL and TLS Connections
+#
+# Using our created key and certificate we can create an SSL or TLS connection.
+# An SSLContext is used to set up an SSL session.
+#
+#     context = OpenSSL::SSL::SSLContext.new
+#
+# ### SSL Server
+#
+# An SSL server requires the certificate and private key to communicate securely
+# with its clients:
+#
+#     context.cert = cert
+#     context.key = key
+#
+# Then create an SSLServer with a TCP server socket and the context.  Use the
+# SSLServer like an ordinary TCP server.
+#
+#     require 'socket'
+#
+#     tcp_server = TCPServer.new 5000
+#     ssl_server = OpenSSL::SSL::SSLServer.new tcp_server, context
+#
+#     loop do
+#       ssl_connection = ssl_server.accept
+#
+#       data = connection.gets
+#
+#       response = "I got #{data.dump}"
+#       puts response
+#
+#       connection.puts "I got #{data.dump}"
+#       connection.close
+#     end
+#
+# ### SSL client
+#
+# An SSL client is created with a TCP socket and the context. SSLSocket#connect
+# must be called to initiate the SSL handshake and start encryption.  A key and
+# certificate are not required for the client socket.
+#
+# Note that SSLSocket#close doesn't close the underlying socket by default. Set
+# SSLSocket#sync_close to true if you want.
+#
+#     require 'socket'
+#
+#     tcp_socket = TCPSocket.new 'localhost', 5000
+#     ssl_client = OpenSSL::SSL::SSLSocket.new tcp_socket, context
+#     ssl_client.sync_close = true
+#     ssl_client.connect
+#
+#     ssl_client.puts "hello server!"
+#     puts ssl_client.gets
+#
+#     ssl_client.close # shutdown the TLS connection and close tcp_socket
+#
+# ### Peer Verification
+#
+# An unverified SSL connection does not provide much security.  For enhanced
+# security the client or server can verify the certificate of its peer.
+#
+# The client can be modified to verify the server's certificate against the
+# certificate authority's certificate:
+#
+#     context.ca_file = 'ca_cert.pem'
+#     context.verify_mode = OpenSSL::SSL::VERIFY_PEER
+#
+#     require 'socket'
+#
+#     tcp_socket = TCPSocket.new 'localhost', 5000
+#     ssl_client = OpenSSL::SSL::SSLSocket.new tcp_socket, context
+#     ssl_client.connect
+#
+#     ssl_client.puts "hello server!"
+#     puts ssl_client.gets
+#
+# If the server certificate is invalid or `context.ca_file` is not set when
+# verifying peers an OpenSSL::SSL::SSLError will be raised.
+module OpenSSL
+  # Returns a Digest subclass by *name*
+  #
+  #     require 'openssl'
+  #
+  #     OpenSSL::Digest("MD5")
+  #     # => OpenSSL::Digest::MD5
+  #
+  #     Digest("Foo")
+  #     # => NameError: wrong constant name Foo
+  #
+  def self.Digest: (String name) -> singleton(Digest)
+
+  def self.debug: () -> bool
+
+  # Turns on or off debug mode. With debug mode, all erros added to the OpenSSL
+  # error queue will be printed to stderr.
+  #
+  def self.debug=: [U] (boolish) -> U
+
+  # See any remaining errors held in queue.
+  #
+  # Any errors you see here are probably due to a bug in Ruby's OpenSSL
+  # implementation.
+  #
+  def self.errors: () -> Array[String]
+
+  def self.fips_mode: () -> bool
+
+  # Turns FIPS mode on or off. Turning on FIPS mode will obviously only have an
+  # effect for FIPS-capable installations of the OpenSSL library. Trying to do so
+  # otherwise will result in an error.
+  #
+  # ### Examples
+  #     OpenSSL.fips_mode = true   # turn FIPS mode on
+  #     OpenSSL.fips_mode = false  # and off again
+  #
+  def self.fips_mode=: [U] (boolish) -> U
+
+  # Constant time memory comparison for fixed length strings, such as results of
+  # HMAC calculations.
+  #
+  # Returns `true` if the strings are identical, `false` if they are of the same
+  # length but not identical. If the length is different, `ArgumentError` is
+  # raised.
+  #
+  def self.fixed_length_secure_compare: (String, String) -> bool
+
+  # Constant time memory comparison. Inputs are hashed using SHA-256 to mask the
+  # length of the secret. Returns `true` if the strings are identical, `false`
+  # otherwise.
+  #
+  #
+  def self.secure_compare: (String a, String b) -> bool
+
+  OPENSSL_FIPS: bool
+
+  OPENSSL_LIBRARY_VERSION: String
+
+  OPENSSL_VERSION: String
+
+  OPENSSL_VERSION_NUMBER: Integer
+
+  VERSION: String
+
+  module ASN1
+    type tagging = :IMPLICIT | :EXPLICIT
+
+    type tag_class = :UNIVERSAL | :CONTEXT_SPECIFIC | :APPLICATION | :PRIVATE
+
+    def self.BMPString: (String value, ?bn tag, ?tagging tagging) -> BMPString
+
+    def self.BitString: (String value, ?bn tag, ?tagging tagging) -> BitString
+
+    def self.Boolean: (boolish value, ?bn tag, ?tagging tagging) -> Boolean
+
+    def self.EndOfContent: () -> EndOfContent
+
+    def self.Enumerated: (bn value, ?bn tag, ?tagging tagging) -> Enumerated
+
+    def self.GeneralString: (String value, ?bn tag, ?tagging tagging) -> GeneralString
+
+    def self.GeneralizedTime: (::Time value, ?bn tag, ?tagging tagging) -> GeneralizedTime
+
+    def self.GraphicString: (String value, ?bn tag, ?tagging tagging) -> GraphicString
+
+    def self.IA5String: (String value, ?bn tag, ?tagging tagging) -> IA5String
+
+    def self.ISO64String: (String value, ?bn tag, ?tagging tagging) -> ISO64String
+
+    def self.Integer: (bn value, ?bn tag, ?tagging tagging) -> Integer
+
+    def self.Null: (nil) -> Null
+
+    def self.NumericString: (String value, ?bn tag, ?tagging tagging) -> NumericString
+
+    def self.ObjectId: (String value, ?bn tag, ?tagging tagging) -> ObjectId
+
+    def self.OctetString: (String value, ?bn tag, ?tagging tagging) -> OctetString
+
+    def self.PrintableString: (String value, ?bn tag, ?tagging tagging) -> PrintableString
+
+    def self.Sequence: (Array[ASN1Data] value, ?bn tag, ?tagging tagging) -> Sequence
+
+    def self.Set: (Array[ASN1Data] value, ?bn tag, ?tagging tagging) -> Set
+
+    def self.T61String: (String value, ?bn tag, ?tagging tagging) -> T61String
+
+    def self.UTCTime: (::Time value, ?bn tag, ?tagging tagging) -> UTCTime
+
+    def self.UTF8String: (String value, ?bn tag, ?tagging tagging) -> UTF8String
+
+    def self.UniversalString: (String value, ?bn tag, ?tagging tagging) -> UniversalString
+
+    def self.VideotexString: (String value, ?bn tag, ?tagging tagging) -> VideotexString
+
+    def self.decode: (String | _ToDer der) -> ASN1Data
+
+    def self.decode_all: (String | _ToDer der) -> Array[ASN1Data]
+
+    def self.traverse: (String | _ToDer der) { (::Integer, ::Integer, ::Integer, ::Integer, bool, tag_class, ::Integer) -> void } -> void
+
+    BIT_STRING: Integer
+
+    BMPSTRING: Integer
+
+    BOOLEAN: Integer
+
+    CHARACTER_STRING: Integer
+
+    EMBEDDED_PDV: Integer
+
+    ENUMERATED: Integer
+
+    EOC: Integer
+
+    EXTERNAL: Integer
+
+    GENERALIZEDTIME: Integer
+
+    GENERALSTRING: Integer
+
+    GRAPHICSTRING: Integer
+
+    IA5STRING: Integer
+
+    INTEGER: Integer
+
+    ISO64STRING: Integer
+
+    NULL: Integer
+
+    NUMERICSTRING: Integer
+
+    OBJECT: Integer
+
+    OBJECT_DESCRIPTOR: Integer
+
+    OCTET_STRING: Integer
+
+    PRINTABLESTRING: Integer
+
+    REAL: Integer
+
+    RELATIVE_OID: Integer
+
+    SEQUENCE: Integer
+
+    SET: Integer
+
+    T61STRING: Integer
+
+    UNIVERSALSTRING: Integer
+
+    UNIVERSAL_TAG_NAME: Array[untyped]
+
+    UTCTIME: Integer
+
+    UTF8STRING: Integer
+
+    VIDEOTEXSTRING: Integer
+
+    interface _ToDer
+      def to_der: () -> String
+    end
+
+    class ASN1Data
+      public
+
+      def indefinite_length: () -> bool
+
+      def indefinite_length=: [U] (boolish) -> U
+
+      alias infinite_length indefinite_length
+
+      alias infinite_length= indefinite_length=
+
+      def tag: () -> bn
+
+      def tag=: (::Integer) -> ::Integer
+              | (BN) -> BN
+
+      def tag_class: () -> tag_class
+
+      def tag_class=: (tag_class) -> tag_class
+
+      def to_der: () -> String
+
+      def value: () -> untyped
+
+      def value=: (untyped) -> untyped
+
+      private
+
+      def initialize: (untyped value, ::Integer tag, tag_class tag_class) -> void
+    end
+
+    class ASN1Error < OpenSSL::OpenSSLError
+    end
+
+    class BMPString < OpenSSL::ASN1::Primitive
+    end
+
+    class BitString < OpenSSL::ASN1::Primitive
+      public
+
+      def unused_bits: () -> ::Integer
+
+      def unused_bits=: (::Integer) -> ::Integer
+
+      def value: () -> String
+
+      def value=: (String) -> String
+    end
+
+    class Boolean < OpenSSL::ASN1::Primitive
+      def value: () -> bool
+
+      def value=: [U] (boolish) -> U
+    end
+
+    class Constructive < OpenSSL::ASN1::ASN1Data
+      include Enumerable[ASN1Data]
+
+      public
+
+      def each: () ?{ (ASN1Data) -> void }-> self
+
+      def tagging: () -> tagging?
+
+      def tagging=: (tagging) -> tagging
+
+      def to_der: () -> String
+
+      private
+
+      def initialize: (Array[ASN1Data]) -> void
+    end
+
+    class EndOfContent < OpenSSL::ASN1::ASN1Data
+      public
+
+      def to_der: () -> String
+
+      private
+
+      def initialize: () -> void
+    end
+
+    class Enumerated < OpenSSL::ASN1::Primitive
+      def value: () -> ::Integer
+
+      def value=: (::Integer) -> ::Integer
+    end
+
+    class GeneralString < OpenSSL::ASN1::Primitive
+      def value: () -> String
+
+      def value=: (String) -> String
+    end
+
+    class GeneralizedTime < OpenSSL::ASN1::Primitive
+      def value: () -> Time
+
+      def value=: (Time) -> Time
+    end
+
+    class GraphicString < OpenSSL::ASN1::Primitive
+      def value: () -> String
+
+      def value=: (String) -> String
+    end
+
+    class IA5String < OpenSSL::ASN1::Primitive
+      def value: () -> String
+
+      def value=: (String) -> String
+    end
+
+    class ISO64String < OpenSSL::ASN1::Primitive
+      def value: () -> String
+
+      def value=: (String) -> String
+    end
+
+    class Integer < OpenSSL::ASN1::Primitive
+      def value: () -> ::Integer
+
+      def value=: (::Integer) -> ::Integer
+    end
+
+    class Null < OpenSSL::ASN1::Primitive
+      def value: () -> nil
+
+      def value=: (nil) -> nil
+    end
+
+    class NumericString < OpenSSL::ASN1::Primitive
+      def value: () -> String
+
+      def value=: (String) -> String
+    end
+
+    class ObjectId < OpenSSL::ASN1::Primitive
+      def self.register: (String object_id, String short_name, String ong_name) -> bool
+
+      def value: () -> String
+
+      def value=: (String) -> String
+
+      public
+
+      def ==: (ObjectId other) -> bool
+
+      def ln: () -> String?
+
+      alias long_name ln
+
+      def oid: () -> String
+
+      alias short_name sn
+
+      def sn: () -> String?
+    end
+
+    class OctetString < OpenSSL::ASN1::Primitive
+      def value: () -> String
+
+      def value=: (String) -> String
+    end
+
+    class Primitive < OpenSSL::ASN1::ASN1Data
+      public
+
+      def tagging: () -> tagging?
+
+      def tagging=: (tagging) -> tagging
+
+      def to_der: () -> String
+
+      private
+
+      def initialize: (untyped value, ?Integer tag, ?tagging tagging) -> void
+    end
+
+    class PrintableString < OpenSSL::ASN1::Primitive
+      def value: () -> String
+
+      def value=: (String) -> String
+    end
+
+    class Sequence < OpenSSL::ASN1::Constructive
+      def value: () -> Array[ASN1Data]
+
+      def value=: (Array[ASN1Data]) -> Array[ASN1Data]
+    end
+
+    class Set < OpenSSL::ASN1::Constructive
+    end
+
+    class T61String < OpenSSL::ASN1::Primitive
+      def value: () -> String
+
+      def value=: (String) -> String
+    end
+
+    class UTCTime < OpenSSL::ASN1::Primitive
+      def value: () -> Time
+
+      def value=: (Time) -> Time
+    end
+
+    class UTF8String < OpenSSL::ASN1::Primitive
+      def value: () -> String
+
+      def value=: (String) -> String
+    end
+
+    class UniversalString < OpenSSL::ASN1::Primitive
+      def value: () -> String
+
+      def value=: (String) -> String
+    end
+
+    class VideotexString < OpenSSL::ASN1::Primitive
+      def value: () -> String
+
+      def value=: (String) -> String
+    end
+  end
+
+  type bn = BN | ::Integer
+
+  class BN
+    include Comparable
+
+    def self.generate_prime: (::Integer bits, ?boolish safe, ?bn add, ?bn rem) -> instance
+
+    def self.pseudo_rand: (*untyped) -> untyped
+
+    def self.pseudo_rand_range: (untyped) -> untyped
+
+    def self.rand: (*untyped) -> untyped
+
+    def self.rand_range: (untyped) -> untyped
+
+    public
+
+    def %: (int) -> instance
+
+    def *: (int) -> instance
+
+    def **: (int) -> instance
+
+    def +: (int) -> instance
+
+    def +@: () -> instance
+
+    def -: (int) -> instance
+
+    def -@: () -> instance
+
+    def /: (int) -> [instance, instance]
+
+    def <<: (int) -> instance
+
+    alias <=> cmp
+
+    def ==: (untyped) -> bool
+
+    alias === ==
+
+    def >>: (int) -> int
+
+    def bit_set?: (int) -> bool
+
+    def clear_bit!: (int) -> void
+
+    def cmp: (Integer) -> Integer
+
+    def coerce: (::Integer) -> Array[Integer]
+              | (BN) -> Array[BN]
+
+    def copy: (int) -> instance
+
+    def eql?: (untyped other) -> bool
+
+    def gcd: (int) -> instance
+
+    def hash: () -> Integer
+
+    def lshift!: (int bits) -> self
+
+    def mask_bits!: (int) -> void
+
+    def mod_add: (int, int) -> instance
+
+    def mod_exp: (int, int) -> instance
+
+    def mod_inverse: (int) -> instance
+
+    def mod_mul: (int, int) -> instance
+
+    def mod_sqr: (int) -> instance
+
+    def mod_sub: (int, int) -> instance
+
+    def negative?: () -> bool
+
+    def num_bits: () -> ::Integer
+
+    def num_bytes: () -> ::Integer
+
+    def odd?: () -> bool
+
+    def one?: () -> bool
+
+    def pretty_print: (untyped q) -> untyped
+
+    def prime?: (?int checks) -> bool
+
+    def prime_fasttest?: (?int checks, ?int trial_div) -> bool
+
+    def rshift!: (int bits) -> self
+
+    def set_bit!: (int bit) -> self
+
+    def sqr: () -> instance
+
+    def to_bn: () -> self
+
+    def to_i: () -> ::Integer
+
+    alias to_int to_i
+
+    def to_s: () -> String
+            | (0) -> String
+            | (2) -> String
+            | (10) -> String
+            | (16) -> String
+            | (int base) -> String
+
+    def ucmp: (int bn2) -> ::Integer
+
+    def zero?: () -> bool
+
+    private
+
+    def initialize: (instance) -> void
+                  | (int) -> void
+                  | (String) -> void
+                  | (String, 0 | 2 | 10 | 16) -> void
+
+    def initialize_copy: (instance other) -> instance
+  end
+
+  class BNError < OpenSSL::OpenSSLError
+  end
+
+  module Buffering
+    include Enumerable[untyped]
+
+    public
+
+    def <<: (String s) -> self
+
+    def close: () -> void
+
+    def each: (?String eol) ?{ (String) -> void } -> void
+
+    def each_byte: () ?{ (Integer) -> void } -> void
+
+    alias each_line each
+
+    alias eof eof?
+
+    def eof?: () -> bool
+
+    def flush: () -> self
+
+    def getc: () -> String?
+
+    def gets: (?(String | Regexp) eol, ?Integer limit) -> String?
+
+    def print: (*untyped args) -> nil
+
+    def printf: (String format_string, *untyped args) -> nil
+
+    def puts: (*untyped args) -> nil
+
+    def read: (?Integer? size, ?String buf) -> String?
+
+    def read_nonblock: (Integer maxlen, ?String buf, ?exception: true) -> String
+                     | (Integer maxlen, ?String buf, exception: false) -> (String | :wait_writable | :wait_readable | nil)
+
+    def readchar: () -> String
+
+    def readline: (?String eol) -> String
+
+    def readlines: (?String eol) -> ::Array[String]
+
+    def readpartial: (Integer maxlen, ?String buf) -> String
+
+    def sync: () -> bool
+
+    def sync=: (boolish) -> void
+
+    def ungetc: (String c) -> String
+
+    def write: (*_ToS s) -> Integer
+
+    def write_nonblock: (_ToS s, ?exception: true) -> Integer
+                      | (_ToS s, exception: false) -> (Integer | :wait_writable | :wait_readable | nil)
+
+    private
+
+    def consume_rbuff: (?untyped size) -> untyped
+
+    def do_write: (untyped s) -> untyped
+
+    def fill_rbuff: () -> untyped
+
+    BLOCK_SIZE: Integer
+
+    class Buffer < String
+      BINARY: Encoding
+
+      def <<: (String string) -> self
+
+      alias concat <<
+    end
+  end
+
+  class Cipher
+    def self.ciphers: () -> Array[String]
+
+    public
+
+    def auth_data=: (String) -> String
+
+    def auth_tag: (?Integer tag_len) -> String
+
+    def auth_tag=: (String) -> String
+
+    def auth_tag_len=: (Integer) -> Integer
+
+    def authenticated?: () -> bool
+
+    def block_size: () -> Integer
+
+    def decrypt: () -> self
+
+    def encrypt: () -> self
+
+    def final: () -> String
+
+    def iv=: (String iv) -> String
+
+    def iv_len: () -> Integer
+
+    def iv_len=: (Integer) -> Integer
+
+    def key=: (String key) -> String
+
+    def key_len: () -> Integer
+
+    def key_len=: (Integer) -> Integer
+
+    def name: () -> String
+
+    def padding=: (Integer) -> Integer
+
+    def pkcs5_keyivgen: (String pass, ?String salt, ?Integer iterations, ?String digest) -> void
+
+    def random_iv: () -> String
+
+    def random_key: () -> String
+
+    def reset: () -> self
+
+    def update: (String data, ?String buffer) -> String
+
+    private
+
+    def ciphers: () -> Array[String]
+
+    def initialize: (String cipher_name) -> void
+
+    def initialize_copy: (untyped) -> untyped
+
+    class AES < OpenSSL::Cipher
+      private
+
+      def initialize: (*_ToS args) -> void
+    end
+
+    class AES128 < OpenSSL::Cipher
+      private
+
+      def initialize: (?_ToS mode) -> void
+    end
+
+    class AES192 < OpenSSL::Cipher
+      private
+
+      def initialize: (?_ToS mode) -> void
+    end
+
+    class AES256 < OpenSSL::Cipher
+      private
+
+      def initialize: (?_ToS mode) -> void
+    end
+
+    class BF < OpenSSL::Cipher
+      private
+
+      def initialize: (*_ToS args) -> void
+    end
+
+    class CAST5 < OpenSSL::Cipher
+      private
+
+      def initialize: (*_ToS args) -> void
+    end
+
+    class Cipher < OpenSSL::Cipher
+    end
+
+    class CipherError < OpenSSL::OpenSSLError
+    end
+
+    class DES < OpenSSL::Cipher
+      private
+
+      def initialize: (*_ToS args) -> void
+    end
+
+    class IDEA < OpenSSL::Cipher
+      private
+
+      def initialize: (*_ToS args) -> void
+    end
+
+    class RC2 < OpenSSL::Cipher
+      private
+
+      def initialize: (*_ToS args) -> void
+    end
+
+    class RC4 < OpenSSL::Cipher
+      private
+
+      def initialize: (*_ToS args) -> void
+    end
+
+    class RC5 < OpenSSL::Cipher
+      private
+
+      def initialize: (*_ToS args) -> void
+    end
+  end
+
+  class Config
+    include Enumerable[[String, String, String]]
+
+    def self.load: (?_ToS filename) -> instance
+
+    def self.parse: (String string) -> instance
+
+    def self.parse_config: (IO io) -> Hash[String, Hash[String, String]]
+
+    public
+
+    def []: (String section) -> Hash[String, String]
+
+    def []=: (String section, _Each[[String, String]] pairs) -> _Each[[String, String]]
+
+    def add_value: (String section, untyped key, untyped value) -> untyped
+
+    def each: () { ([String, String, String] args0) -> void } -> self
+
+    def get_value: (String section, String key) -> String?
+
+    def inspect: () -> String
+
+    def section: (String name) -> Hash[String, String]
+
+    def sections: () -> Array[String]
+
+    def to_s: () -> String
+
+    private
+
+    def initialize: (?_ToS filename) -> void
+
+    def initialize_copy: (instance other) -> void
+
+    DEFAULT_CONFIG_FILE: String
+  end
+
+  class ConfigError < OpenSSL::OpenSSLError
+  end
+
+  class Digest
+    def self.digest: (String name, String data) -> String
+
+    public
+
+    alias << update
+
+    def block_length: () -> Integer
+
+    def digest: () -> String
+
+    def digest_length: () -> Integer
+
+    def hexdigest: () -> String
+
+    def name: () -> String
+
+    def reset: () -> self
+
+    def update: (String data) -> self
+
+    private
+
+    def finish: (*untyped) -> untyped
+
+    def initialize: (String name, ?String data) -> void
+
+    def initialize_copy: (instance) -> void
+
+    class Digest < OpenSSL::Digest
+    end
+
+    class DigestError < OpenSSL::OpenSSLError
+    end
+
+    class MD4 < OpenSSL::Digest
+      def self.digest: (String data) -> String
+
+      def self.hexdigest: (String data) -> String
+
+      private
+
+      def initialize: (?String data) -> void
+    end
+
+    class MD5 < OpenSSL::Digest
+      def self.digest: (String data) -> String
+
+      def self.hexdigest: (String data) -> String
+
+      private
+
+      def initialize: (?String data) -> void
+    end
+
+    class RIPEMD160 < OpenSSL::Digest
+      def self.digest: (String data) -> String
+
+      def self.hexdigest: (String data) -> String
+
+      private
+
+      def initialize: (?String data) -> void
+    end
+
+    class SHA1 < OpenSSL::Digest
+      def self.digest: (String data) -> String
+
+      def self.hexdigest: (String data) -> String
+
+      private
+
+      def initialize: (?String data) -> void
+    end
+
+    class SHA224 < OpenSSL::Digest
+      def self.digest: (String data) -> String
+
+      def self.hexdigest: (String data) -> String
+
+      private
+
+      def initialize: (?String data) -> void
+    end
+
+    class SHA256 < OpenSSL::Digest
+      def self.digest: (String data) -> String
+
+      def self.hexdigest: (String data) -> String
+
+      private
+
+      def initialize: (?String data) -> void
+    end
+
+    class SHA384 < OpenSSL::Digest
+      def self.digest: (String data) -> String
+
+      def self.hexdigest: (String data) -> String
+
+      private
+
+      def initialize: (?String data) -> void
+    end
+
+    class SHA512 < OpenSSL::Digest
+      def self.digest: (String data) -> String
+
+      def self.hexdigest: (String data) -> String
+
+      private
+
+      def initialize: (?String data) -> void
+    end
+  end
+
+  class Engine
+    def self.by_id: (String name) -> instance
+
+    def self.cleanup: () -> void
+
+    def self.engines: () -> Array[instance]
+
+    def self.load: (?String name) -> (true | nil)
+
+    public
+
+    def cipher: (String cipher) -> Cipher
+
+    def cmds: () -> Array[[String, String, String]]
+
+    def ctrl_cmd: (String cmd, ?String value) -> self
+
+    def digest: (String digest) -> Digest
+
+    def finish: () -> nil
+
+    def id: () -> String
+
+    def inspect: () -> String
+
+    def load_private_key: (?String id, ?String data) -> PKey::PKey
+
+    def load_public_key: (?String id, ?String data) -> PKey::PKey
+
+    def name: () -> String
+
+    def set_default: (Integer flag) -> bool
+
+    METHOD_ALL: Integer
+
+    METHOD_CIPHERS: Integer
+
+    METHOD_DH: Integer
+
+    METHOD_DIGESTS: Integer
+
+    METHOD_DSA: Integer
+
+    METHOD_NONE: Integer
+
+    METHOD_RAND: Integer
+
+    METHOD_RSA: Integer
+
+    class EngineError < OpenSSL::OpenSSLError
+    end
+  end
+
+  module ExtConfig
+    HAVE_TLSEXT_HOST_NAME: bool
+
+    OPENSSL_NO_SOCK: bool
+  end
+
+  class HMAC
+    def self.digest: (String algo, String key, String data) -> String
+
+    def self.hexdigest: (String algo, String key, String data) -> String
+
+    public
+
+    alias << update
+
+    def ==: (instance other) -> bool
+
+    def digest: () -> String
+
+    def hexdigest: () -> String
+
+    alias inspect hexdigest
+
+    def reset: () -> self
+
+    alias to_s hexdigest
+
+    def update: (String data) -> self
+
+    private
+
+    def initialize: (String key, Digest digest) -> void
+
+    def initialize_copy: (instance) -> void
+  end
+
+  class HMACError < OpenSSL::OpenSSLError
+  end
+
+  module KDF
+    def self.hkdf: (String ikm, salt: String, info: String, length: Integer, hash: String) -> String
+
+    def self.pbkdf2_hmac: (String pass, salt: String, iterations: Integer, length: Integer, hash: String | Digest) -> String
+
+    def self.scrypt: (String pass, salt: String, N: Integer, r: Integer, p: Integer, length: Integer) -> String
+
+    private
+
+    def hkdf: (*untyped) -> untyped
+
+    def pbkdf2_hmac: (*untyped) -> untyped
+
+    def scrypt: (*untyped) -> untyped
+
+    class KDFError < OpenSSL::OpenSSLError
+    end
+  end
+
+  module Marshal
+    def self.included: (untyped base) -> untyped
+
+    public
+
+    def _dump: (untyped _level) -> untyped
+
+    module ClassMethods
+      public
+
+      def _load: (untyped string) -> untyped
+    end
+  end
+
+  module Netscape
+    class SPKI
+      public
+
+      def challenge: () -> String
+
+      def challenge=: (String) -> String
+
+      def public_key: () -> PKey::PKey
+
+      def public_key=: (PKey::PKey) -> PKey::PKey
+
+      def sign: (PKey::PKey key, Digest digest) -> instance
+
+      def to_der: () -> String
+
+      def to_pem: () -> String
+
+      alias to_s to_pem
+
+      def to_text: () -> String
+
+      def verify: (PKey::PKey key) -> bool
+
+      private
+
+      def initialize: (?String request) -> void
+    end
+
+    class SPKIError < OpenSSL::OpenSSLError
+    end
+  end
+
+  module OCSP
+    NOCASIGN: Integer
+
+    NOCERTS: Integer
+
+    NOCHAIN: Integer
+
+    NOCHECKS: Integer
+
+    NODELEGATED: Integer
+
+    NOEXPLICIT: Integer
+
+    NOINTERN: Integer
+
+    NOSIGS: Integer
+
+    NOTIME: Integer
+
+    NOVERIFY: Integer
+
+    RESPID_KEY: Integer
+
+    RESPONSE_STATUS_INTERNALERROR: Integer
+
+    RESPONSE_STATUS_MALFORMEDREQUEST: Integer
+
+    RESPONSE_STATUS_SIGREQUIRED: Integer
+
+    RESPONSE_STATUS_SUCCESSFUL: Integer
+
+    RESPONSE_STATUS_TRYLATER: Integer
+
+    RESPONSE_STATUS_UNAUTHORIZED: Integer
+
+    REVOKED_STATUS_AFFILIATIONCHANGED: Integer
+
+    REVOKED_STATUS_CACOMPROMISE: Integer
+
+    REVOKED_STATUS_CERTIFICATEHOLD: Integer
+
+    REVOKED_STATUS_CESSATIONOFOPERATION: Integer
+
+    REVOKED_STATUS_KEYCOMPROMISE: Integer
+
+    REVOKED_STATUS_NOSTATUS: Integer
+
+    REVOKED_STATUS_REMOVEFROMCRL: Integer
+
+    REVOKED_STATUS_SUPERSEDED: Integer
+
+    REVOKED_STATUS_UNSPECIFIED: Integer
+
+    TRUSTOTHER: Integer
+
+    V_CERTSTATUS_GOOD: Integer
+
+    V_CERTSTATUS_REVOKED: Integer
+
+    V_CERTSTATUS_UNKNOWN: Integer
+
+    V_RESPID_KEY: Integer
+
+    V_RESPID_NAME: Integer
+
+    type ocsp_status = Integer
+
+    class BasicResponse
+      public
+
+      def add_nonce: (?String nonce) -> self
+
+      def add_status: (CertificateId certificate_id, ocsp_status status, Integer? reason, Integer? revocation_time, ?(Integer | Time) this_update, ?(Integer | Time) next_update, ?Array[X509::Extension] extensions) -> self
+
+      def copy_nonce: (Request request) -> Integer
+
+      def find_response: (CertificateId certificate_id) -> SingleResponse?
+
+      def responses: () -> Array[SingleResponse]
+
+      def sign: (X509::Certificate cert, PKey::PKey key, ?Array[X509::Certificate] certs, ?Integer flags, ?Digest digest) -> self
+
+      def status: () -> Integer
+
+      def to_der: () -> String
+
+      def verify: (Array[X509::Certificate] certs, X509::Store store, ?Integer flags) -> bool
+
+      private
+
+      def initialize: (?String der) -> void
+
+      def initialize_copy: (instance) -> void
+    end
+
+    class CertificateId
+      public
+
+      def cmp: (instance other) -> bool
+
+      def cmp_issuer: (instance other) -> bool
+
+      def hash_algorithm: () -> String
+
+      def issuer_key_hash: () -> String
+
+      def issuer_name_hash: () -> String
+
+      def serial: () -> Integer
+
+      def to_der: () -> String
+
+      private
+
+      def initialize: (String | ASN1::_ToDer der) -> void
+                    | (X509::Certificate subject, X509::Certificate issuer, ?Digest digest) -> void
+
+      def initialize_copy: (instance) -> void
+    end
+
+    class OCSPError < OpenSSL::OpenSSLError
+    end
+
+    class Request
+      public
+
+      def add_certid: (CertificateId certificate_id) -> self
+
+      def add_nonce: (?String nonce) -> self
+
+      def certid: () -> Array[CertificateId]
+
+      def check_nonce: (Response response) -> (-1 | 0 | 1 | 2 | 3)
+
+      def sign: (X509::Certificate cert, PKey::PKey key, ?Array[X509::Certificate] certs, ?Integer flags, ?Digest digest) -> self
+
+      def signed?: () -> bool
+
+      def to_der: () -> String
+
+      def verify: (Array[X509::Certificate] certs, X509::Store store, ?Integer flags) -> bool
+
+      private
+
+      def initialize: (?String der) -> void
+
+      def initialize_copy: (instance) -> void
+    end
+
+    class Response
+      def self.create: (Integer status, ?BasicResponse response) -> instance
+
+      public
+
+      def basic: () -> BasicResponse?
+
+      def status: () -> Integer
+
+      def status_string: () -> String
+
+      def to_der: () -> String
+
+      private
+
+      def initialize: (?String der) -> void
+
+      def initialize_copy: (instance) -> void
+    end
+
+    class SingleResponse
+      public
+
+      def cert_status: () -> ocsp_status
+
+      def certid: () -> CertificateId
+
+      def check_validity: (?Integer nsec, ?Integer maxsec) -> bool
+
+      def extensions: () -> Array[X509::Certificate]
+
+      def next_update: () -> Time?
+
+      def revocation_reason: () -> Integer?
+
+      def revocation_time: () -> Time?
+
+      def this_update: () -> Time
+
+      def to_der: () -> String
+
+      private
+
+      def initialize: (String der) -> void
+
+      def initialize_copy: (instance) -> void
+    end
+  end
+
+  class OpenSSLError < StandardError
+  end
+
+  class PKCS12
+    def self.create: (String pass, String name, PKey::PKey key, X509::Certificate cert, ?Array[X509::Certificate]? ca, ?String? key_pbe, ?String? cert_pbe, ?Integer? key_iter, ?Integer? mac_iter, ?Integer? keytype) -> instance
+
+    public
+
+    def ca_certs: () -> Array[X509::Certificate]?
+
+    def certificate: () -> X509::Certificate
+
+    def key: () -> PKey::PKey
+
+    def to_der: () -> String
+
+    private
+
+    def initialize: (?String der, ?String pass) -> void
+
+    def initialize_copy: (instance) -> void
+
+    class PKCS12Error < OpenSSL::OpenSSLError
+    end
+  end
+
+  module PKCS5
+    def self.pbkdf2_hmac: (String pass, String salt, Integer iter, Integer keylen, String | Digest digest) -> String
+
+    def self.pbkdf2_hmac_sha1: (String pass, String salt, Integer iter, Integer keylen) -> String
+
+    private
+
+    def pbkdf2_hmac: (untyped pass, untyped salt, untyped iter, untyped keylen, untyped digest) -> untyped
+
+    def pbkdf2_hmac_sha1: (untyped pass, untyped salt, untyped iter, untyped keylen) -> untyped
+  end
+
+  class PKCS7
+    def self.encrypt: (X509::Certificate certs, String data, ?Cipher cipher, ?Integer flags) -> instance
+
+    def self.read_smime: (String ) -> instance
+
+    def self.sign: (X509::Certificate certs,PKey::PKey key, String data, ?OpenSSL::Cipher cipher, ?Integer flags) -> instance
+
+    def self.write_smime: (instance pkcs7, ?String data, ?Integer flags) -> String
+
+    public
+
+    def add_certificate: (X509::Certificate cert) -> self
+
+    def add_crl: (X509::CRL crl) -> self
+
+    def add_data: (String data) -> self
+
+    def add_recipient: (RecipientInfo recipient) -> self
+
+    def add_signer: (SignerInfo signer) -> self
+
+    def certificates: () -> Array[X509::Certificate]?
+
+    def certificates=: (Array[X509::Certificate]) -> self
+
+    def cipher=: (Cipher cipher) -> self
+
+    def crls: () -> Array[X509::CRL]?
+
+    def crls=: (Array[X509::CRL]) -> self
+
+    def data: () -> String?
+
+    alias data= add_data
+
+    def decrypt: (PKey::PKey p1, ?PKey::PKey p2, ?PKey::PKey p3) -> String
+
+    def detached: () -> bool
+
+    def detached=: [U] (boolish) -> U
+
+    def detached?: () -> bool
+
+    def error_string: () -> String?
+
+    def error_string=: (String) -> String
+
+    def recipients: () -> Array[RecipientInfo]
+
+    def signers: () -> Array[SignerInfo]
+
+    def to_der: () -> String
+
+    def to_pem: () -> String
+
+    alias to_s to_pem
+
+    def type: () -> String?
+
+    def type=: (String) -> String
+
+    def verify: (PKey::PKey p1, PKey::PKey p2, ?PKey::PKey p3, ?PKey::PKey p4) -> bool
+
+    private
+
+    def initialize: (?String der) -> void
+
+    def initialize_copy: (instance) -> untyped
+
+    BINARY: Integer
+
+    DETACHED: Integer
+
+    NOATTR: Integer
+
+    NOCERTS: Integer
+
+    NOCHAIN: Integer
+
+    NOINTERN: Integer
+
+    NOSIGS: Integer
+
+    NOSMIMECAP: Integer
+
+    NOVERIFY: Integer
+
+    TEXT: Integer
+
+    class PKCS7Error < OpenSSL::OpenSSLError
+    end
+
+    class RecipientInfo
+      public
+
+      def enc_key: () -> PKey::PKey
+
+      def issuer: () -> X509::Name
+
+      def serial: () -> Integer
+
+      private
+
+      def initialize: (X509::Certificate certificate) -> void
+    end
+
+    class SignerInfo
+      public
+
+      def issuer: () -> X509::Name
+
+      def serial: () -> Integer
+
+      def signed_time: () -> Time?
+
+      private
+
+      def initialize: (X509::Certificate certificate, PKey::PKey key, Digest digest) -> void
+    end
+  end
+
+  module PKey
+    def self?.read: (String | IO pem, ?String password) -> PKey
+
+    class DH < OpenSSL::PKey::PKey
+      include OpenSSL::Marshal
+
+      extend OpenSSL::Marshal::ClassMethods
+
+      def self.generate: (Integer size, ?Integer generator) -> instance
+
+      public
+
+      def compute_key: (bn pub_bn) -> String
+
+      def export: () -> String
+
+      def g: () -> BN?
+
+      def generate_key!: () -> self
+
+      def p: () -> BN
+
+      def params: () -> Hash[String, BN]
+
+      def params_ok?: () -> bool
+
+      def priv_key: () -> BN
+
+      def private?: () -> bool
+
+      def pub_key: () -> BN
+
+      def public?: () -> bool
+
+      def public_key: () -> instance
+
+      def q: () -> BN
+
+      def set_key: (bn pub_key, bn? priv_key) -> self
+
+      def set_pqg: (bn p, bn q, bn g) -> self
+
+      def to_der: () -> String
+
+      alias to_pem export
+
+      alias to_s export
+
+      def to_text: () -> String
+
+      private
+
+      def initialize: (Integer size, ?Integer generator) -> void
+                    | (String pem) -> void
+                    | () -> void
+
+      def initialize_copy: (instance) -> void
+    end
+
+    class DHError < OpenSSL::PKey::PKeyError
+    end
+
+    class DSA < OpenSSL::PKey::PKey
+      include OpenSSL::Marshal
+
+      extend OpenSSL::Marshal::ClassMethods
+
+      def self.generate: (Integer size) -> instance
+
+      public
+
+      def export: (String cipher, String password) -> String
+                | () -> String
+
+      def g: () -> BN
+
+      def p: () -> BN
+
+      def params: () -> Hash[String, BN]
+
+      def priv_key: () -> BN
+
+      def private?: () -> bool
+
+      def pub_key: () -> BN
+
+      def public?: () -> bool
+
+      def public_key: () -> instance
+
+      def q: () -> BN
+
+      def set_key: (bn pub_key, bn? priv_key) -> self
+
+      def set_pqg: (bn p, bn q, bn g) -> self
+
+      def syssign: (String digest) -> String
+
+      def sysverify: (String digest, String data) -> bool
+
+      def to_der: () -> String
+
+      alias to_pem export
+
+      alias to_s export
+
+      def to_text: () -> String
+
+      private
+
+      def initialize: (String pem, ?String pass) -> void
+                    | (?Integer size) -> void
+
+      def initialize_copy: (instance) -> void
+    end
+
+    class DSAError < OpenSSL::PKey::PKeyError
+    end
+
+    class EC < OpenSSL::PKey::PKey
+      include OpenSSL::Marshal
+
+      extend OpenSSL::Marshal::ClassMethods
+
+      def self.builtin_curves: () -> Array[[String, String]]
+
+      def self.generate: (String | Group pem_or_der_or_group_or_curve_name) -> instance
+
+      public
+
+      def check_key: () -> true
+
+      def dh_compute_key: (instance public_key) -> String
+
+      def dsa_sign_asn1: (String digest) -> String
+
+      def dsa_verify_asn1: (String digest, String signature) -> bool
+
+      def export: (String cipher, String password) -> String
+                | () -> String
+
+      alias generate_key generate_key!
+
+      def generate_key!: () -> self
+
+      def group: () -> Group?
+
+      def group=: (Group) -> Group
+
+      def private?: () -> bool
+
+      def private_key: () -> BN?
+
+      def private_key=: (bn priv_key) -> self
+
+      alias private_key? private?
+
+      def public?: () -> bool
+
+      def public_key: () -> Point?
+
+      def public_key=: (bn priv_key) -> self
+
+      alias public_key? public?
+
+      def to_der: () -> String
+
+      alias to_pem export
+
+      def to_text: () -> String
+
+      private
+
+      def initialize: (instance ec_key) -> void
+                    | (Group group) -> void
+                    | (String pem_or_der_or_curve, ?String pass) -> void
+
+      def initialize_copy: (instance) -> void
+
+      EXPLICIT_CURVE: Integer
+
+      NAMED_CURVE: Integer
+
+      type ec_method = :GFp_simple | :GFp_mont | :GFp_nist | :GF2m_simple
+
+      type point_conversion_format = :compressed | :uncompressed | :hybrid
+
+      class Group
+        public
+
+        alias == eql?
+
+        def asn1_flag: () -> Integer
+
+        def asn1_flag=: (Integer) -> Integer
+
+        def cofactor: () -> BN
+
+        def curve_name: () -> String
+
+        def degree: () -> Integer
+
+        def eql?: (instance other) -> bool
+
+        def generator: () -> Point?
+
+        def order: () -> BN
+
+        def point_conversion_form: () -> point_conversion_format
+
+        def point_conversion_form=: (point_conversion_format format) -> point_conversion_format
+
+        def seed: () -> String?
+
+        def seed=: (String seed) -> String
+
+        def set_generator: ( Point generator, Integer order, Integer cofactor) -> self
+
+        def to_der: () -> String
+
+        def to_pem: () -> String
+
+        def to_text: () -> String
+
+        private
+
+        def initialize: (instance group) -> void
+                      | (String pem_or_der_encoded) -> void
+                      | (ec_method ec_method) -> void
+                      | (:GFp | :GF2m ec_method, Integer bignum_p, Integer bignum_a, Integer bignum_b) -> void
+
+        def initialize_copy: (instance) -> void
+
+        class Error < OpenSSL::OpenSSLError
+        end
+      end
+
+      class Point
+        public
+
+        alias == eql?
+
+        def add: (instance point) -> instance
+
+        def eql?: (instance other) -> bool
+
+        def group: () -> Group
+
+        def infinity?: () -> bool
+
+        def invert!: () -> self
+
+        def make_affine!: () -> self
+
+        def mul: (bn bn1, ?bn bn2) -> instance
+               | (Array[bn] bns, Array[instance], ?bn bn2) -> instance
+
+        def on_curve?: () -> bool
+
+        def set_to_infinity!: () -> self
+
+        def to_bn: (?point_conversion_format conversion_form) -> BN
+
+        def to_octet_string: (point_conversion_format) -> String
+
+        private
+
+        def initialize: (instance point) -> void
+                      | (Group group, ?(String | BN) encoded_point) -> void
+
+        def initialize_copy: (instance) -> void
+
+        class Error < OpenSSL::OpenSSLError
+        end
+      end
+    end
+
+    class ECError < OpenSSL::PKey::PKeyError
+    end
+
+    class PKey
+      public
+
+      def inspect: () -> String
+
+      def oid: () -> String
+
+      def private_to_der: (String cipher, String password) -> String
+                        | () -> String
+
+      def private_to_pem: (String cipher, String password) -> String
+                        | () -> String
+
+      def public_to_der: () -> String
+
+      def public_to_pem: () -> String
+
+      def sign: (Digest digest, String data) -> String
+
+      def verify: (Digest digest, String signature, String data) -> bool
+
+      private
+
+      def initialize: () -> void
+    end
+
+    class PKeyError < OpenSSL::OpenSSLError
+    end
+
+    class RSA < OpenSSL::PKey::PKey
+      include OpenSSL::Marshal
+
+      extend OpenSSL::Marshal::ClassMethods
+
+      def self.generate: (Integer size, ?Integer exponent) -> instance
+
+      public
+
+      def d: () -> BN?
+
+      def dmp1: () -> BN?
+
+      def dmq1: () -> BN?
+
+      def e: () -> BN?
+
+      def export: (String cipher, String password) -> String
+                | () -> String
+
+      def iqmp: () -> BN?
+
+      def n: () -> BN?
+
+      def p: () -> BN?
+
+      def params: () -> Hash[String, BN]
+
+      def private?: () -> bool
+
+      def private_decrypt: (String data, ?Integer padding) -> String
+
+      def private_encrypt: (String data, ?Integer padding) -> String
+
+      def public?: () -> bool
+
+      def public_decrypt: (String data, ?Integer padding) -> String
+
+      def public_encrypt: (String data, ?Integer padding) -> String
+
+      def public_key: () -> instance
+
+      def q: () -> BN?
+
+      def set_crt_params: (bn dmp1, bn dmq1, bn iqmp) -> self
+
+      def set_factors: (bn p, bn q) -> self
+
+      def set_key: (bn n, bn e, bn d) -> self
+
+      def sign_pss: (String digest, String data, salt_length: :digest | :max | Integer, mgf1_hash: String) -> String
+
+      def to_der: () -> String
+
+      alias to_pem export
+
+      alias to_s export
+
+      def to_text: () -> String
+
+      def verify_pss: (String digest, String signature, String data, salt_length: :auto | :digest | Integer, mgf1_hash: String) -> bool
+
+      private
+
+      def initialize: (Integer key_size) -> void
+                    | (String encoded_key, ?String pass_phrase) -> void
+
+      def initialize_copy: (instance) -> void
+
+      NO_PADDING: Integer
+
+      PKCS1_OAEP_PADDING: Integer
+
+      PKCS1_PADDING: Integer
+
+      SSLV23_PADDING: Integer
+    end
+
+    class RSAError < OpenSSL::PKey::PKeyError
+    end
+  end
+
+  module Random
+    def self.load_random_file: (String filename) -> true
+
+    def self.random_add: (String str, Numeric entropy) -> self
+
+    def self.random_bytes: (Integer length) -> String
+
+    def self.seed: (String seed) -> String
+
+    def self.status?: () -> bool
+
+    def self.write_random_file: (String filename) -> true
+
+    class RandomError < OpenSSL::OpenSSLError
+    end
+  end
+
+  module SSL
+    def self.verify_certificate_identity: (X509::Certificate cert, String hostname) -> bool
+
+    def self.verify_hostname: (String hostname, String san) -> bool
+
+    def self.verify_wildcard: (String domain_component, String san_component) -> bool
+
+    OP_ALL: Integer
+
+    OP_ALLOW_NO_DHE_KEX: Integer
+
+    OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION: Integer
+
+    OP_CIPHER_SERVER_PREFERENCE: Integer
+
+    OP_CRYPTOPRO_TLSEXT_BUG: Integer
+
+    OP_DONT_INSERT_EMPTY_FRAGMENTS: Integer
+
+    OP_EPHEMERAL_RSA: Integer
+
+    OP_LEGACY_SERVER_CONNECT: Integer
+
+    OP_MICROSOFT_BIG_SSLV3_BUFFER: Integer
+
+    OP_MICROSOFT_SESS_ID_BUG: Integer
+
+    OP_MSIE_SSLV2_RSA_PADDING: Integer
+
+    OP_NETSCAPE_CA_DN_BUG: Integer
+
+    OP_NETSCAPE_CHALLENGE_BUG: Integer
+
+    OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG: Integer
+
+    OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG: Integer
+
+    OP_NO_COMPRESSION: Integer
+
+    OP_NO_ENCRYPT_THEN_MAC: Integer
+
+    OP_NO_RENEGOTIATION: Integer
+
+    OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION: Integer
+
+    OP_NO_SSLv2: Integer
+
+    OP_NO_SSLv3: Integer
+
+    OP_NO_TICKET: Integer
+
+    OP_NO_TLSv1: Integer
+
+    OP_NO_TLSv1_1: Integer
+
+    OP_NO_TLSv1_2: Integer
+
+    OP_NO_TLSv1_3: Integer
+
+    OP_PKCS1_CHECK_1: Integer
+
+    OP_PKCS1_CHECK_2: Integer
+
+    OP_SAFARI_ECDHE_ECDSA_BUG: Integer
+
+    OP_SINGLE_DH_USE: Integer
+
+    OP_SINGLE_ECDH_USE: Integer
+
+    OP_SSLEAY_080_CLIENT_DH_BUG: Integer
+
+    OP_SSLREF2_REUSE_CERT_TYPE_BUG: Integer
+
+    OP_TLSEXT_PADDING: Integer
+
+    OP_TLS_BLOCK_PADDING_BUG: Integer
+
+    OP_TLS_D5_BUG: Integer
+
+    OP_TLS_ROLLBACK_BUG: Integer
+
+    SSL2_VERSION: Integer
+
+    SSL3_VERSION: Integer
+
+    TLS1_1_VERSION: Integer
+
+    TLS1_2_VERSION: Integer
+
+    TLS1_3_VERSION: Integer
+
+    TLS1_VERSION: Integer
+
+    VERIFY_CLIENT_ONCE: Integer
+
+    VERIFY_FAIL_IF_NO_PEER_CERT: Integer
+
+    VERIFY_NONE: Integer
+
+    VERIFY_PEER: Integer
+
+    type tls_version = Symbol | Integer
+
+    type verify_mode = Integer
+
+    class SSLContext
+      public
+
+      def add_certificate: (X509::Certificate certificate, PKey::PKey pkey, ?Array[X509::Certificate] extra_certs) -> self
+
+      def alpn_protocols: () -> Array[String]?
+
+      def alpn_protocols=: (Array[String]) -> Array[String]
+
+      def alpn_select_cb: () -> (^(Array[String]) -> String? | nil)
+
+      def alpn_select_cb=: (^(Array[String]) -> String? alpn_select_callback) -> void
+
+      def ca_file: () -> String
+
+      def ca_file=: (String ca_file) -> String
+
+      def ca_path: () -> String?
+
+      def ca_path=: (String ca_path) -> String
+
+      def cert: () -> X509::Certificate?
+
+      def cert=: ( X509::Certificate cert) ->  X509::Certificate
+
+      def cert_store: () -> X509::Store?
+
+      def cert_store=: (X509::Store store) -> X509::Store
+
+      def ciphers: () -> Array[[String, String, Integer, Integer]]
+
+      def ciphers=: (Array[[String, String, Integer, Integer]] ciphers) -> void
+                  | (Array[String] ciphers) -> void
+                  | (String colon_sep_ciphers) -> void
+
+      def client_ca: () -> (Array[X509::Certificate] | X509::Certificate)
+
+      def client_ca=: (Array[X509::Certificate] | X509::Certificate client_ca) -> void
+
+      def client_cert_cb: () -> (^(Session) -> [X509::Certificate, PKey::PKey]? | nil)
+
+      def client_cert_cb=: (^(Session) -> [X509::Certificate, PKey::PKey]? client_cert_cb) -> void
+
+      def ecdh_curves=: (String ecdh_curves) -> String
+
+      def enable_fallback_scsv: () -> nil
+
+      def extra_chain_cert: () -> Array[X509::Certificate]?
+
+      def extra_chain_cert=: (Array[X509::Certificate] extra_certs) -> Array[X509::Certificate]
+
+      def flush_sessions: (Time time) -> self
+
+      alias freeze setup
+
+      def key: () -> PKey::PKey?
+
+      def key=: (PKey::PKey) -> PKey::PKey
+
+      def max_version=: (tls_version version) -> tls_version
+
+      def min_version=: (tls_version version) -> tls_version
+
+      def npn_protocols: () -> untyped
+
+      def npn_protocols=: (untyped) -> untyped
+
+      def npn_select_cb: () -> untyped
+
+      def npn_select_cb=: (untyped) -> untyped
+
+      def options: () -> Integer
+
+      def options=: (Integer ssl_options) -> Integer
+
+      def renegotiation_cb: () -> (^(SSLSocket) -> void | nil)
+
+      def renegotiation_cb=: (^(SSLSocket) -> void) -> void
+
+      def security_level: () -> Integer
+
+      def security_level=: (Integer sec_level) -> Integer
+
+      def servername_cb: () -> (^(SSLSocket, String) -> SSLContext? | nil)
+
+      def servername_cb=: (^(SSLSocket, String) -> SSLContext?) -> ^(SSLSocket, String) -> SSLContext?
+
+      def session_add: (Session) -> bool
+
+      def session_cache_mode: () -> Integer
+
+      def session_cache_mode=: (Integer) -> Integer
+
+      def session_cache_size: () -> Integer
+
+      def session_cache_size=: (Integer) -> Integer
+
+      def session_cache_stats: () -> Hash[Symbol, Integer]
+
+      def session_get_cb: () -> (^(SSLSocket, Integer) -> Session? | nil)
+
+      def session_get_cb=: (^(SSLSocket, Integer) -> Session?) -> void
+
+      def session_id_context: () -> Integer?
+
+      def session_id_context=: (Integer) -> Integer
+
+      def session_new_cb: () -> (^(SSLSocket) -> untyped | nil)
+
+      def session_new_cb=: (^(SSLSocket) -> untyped) -> ^(SSLSocket) -> untyped
+
+      def session_remove: (Session session) -> bool
+
+      def session_remove_cb: () -> (^(SSLContext, Session) -> void | nil)
+
+      def session_remove_cb=: (^(SSLContext, Session) -> void ) -> void
+
+      def set_params: (?untyped params) -> untyped
+
+      def setup: () -> untyped
+
+      alias ssl_timeout timeout
+
+      alias ssl_timeout= timeout=
+
+      def ssl_version=: (tls_version meth) -> tls_version
+
+      def timeout: () -> Integer?
+
+      def timeout=: (Integer) -> Integer
+
+      def tmp_dh_callback: () -> (^(Session, Integer, Integer) -> PKey::DH | nil)
+
+      def tmp_dh_callback=: (^(Session, Integer, Integer) -> PKey::DH) -> void
+
+      def verify_callback: () -> (^(bool, X509::StoreContext) -> untyped | nil)
+
+      def verify_callback=: (^(bool, X509::StoreContext) -> untyped) -> void
+
+      def verify_depth: () -> Integer?
+
+      def verify_depth=: (Integer) -> Integer
+
+      def verify_hostname: () -> bool?
+
+      def verify_hostname=: [U] (boolish) -> U
+
+      def verify_mode: () -> verify_mode?
+
+      def verify_mode=: (verify_mode) -> verify_mode
+
+      private
+
+      def initialize: (?tls_version version) -> void
+
+      def set_minmax_proto_version: (untyped, untyped) -> untyped
+
+      DEFAULT_CERT_STORE: X509::Store
+
+      DEFAULT_PARAMS: Hash[Symbol, untyped]
+
+      DEFAULT_TMP_DH_CALLBACK: Proc
+
+      METHODS: Array[Symbol]
+
+      SESSION_CACHE_BOTH: Integer
+
+      SESSION_CACHE_CLIENT: Integer
+
+      SESSION_CACHE_NO_AUTO_CLEAR: Integer
+
+      SESSION_CACHE_NO_INTERNAL: Integer
+
+      SESSION_CACHE_NO_INTERNAL_LOOKUP: Integer
+
+      SESSION_CACHE_NO_INTERNAL_STORE: Integer
+
+      SESSION_CACHE_OFF: Integer
+
+      SESSION_CACHE_SERVER: Integer
+    end
+
+    class SSLError < OpenSSL::OpenSSLError
+    end
+
+    class SSLErrorWaitReadable < OpenSSL::SSL::SSLError
+      include IO::WaitReadable
+    end
+
+    class SSLErrorWaitWritable < OpenSSL::SSL::SSLError
+      include IO::WaitWritable
+    end
+
+    class SSLServer
+      include OpenSSL::SSL::SocketForwarder
+
+      public
+
+      def accept: () -> SSLSocket
+
+      def close: () -> nil
+
+      def listen: (Integer backlog) -> void
+
+      def shutdown: (Symbol | String | Integer how) -> void
+
+      def start_immediately: () -> bool
+
+      def start_immediately=: [U] (boolish) -> U
+
+      def to_io: () -> (TCPServer | UNIXServer)
+
+      private
+
+      def initialize: (TCPServer | UNIXServer svr, untyped ctx) -> void
+    end
+
+    class SSLSocket
+      include OpenSSL::SSL::SocketForwarder
+
+      include OpenSSL::Buffering
+
+      def self.open: (untyped remote_host, untyped remote_port, ?untyped local_host, ?untyped local_port, ?context: untyped) -> untyped
+
+      public
+
+      def accept: () -> self
+
+      def accept_nonblock: (?exception: true) -> self
+                         | (exception: false) -> (self | :wait_readable | :wait_writable)
+
+      def alpn_protocol: () -> String?
+
+      def cert: () -> X509::Certificate?
+
+      def cipher: () -> [String, String, Integer, Integer]?
+
+      def client_ca: () -> (Array[X509::Name] | Array[X509::Certificate] | X509::Certificate)
+
+      def connect: () -> self
+
+      def connect_nonblock: (?exception: true) -> self
+                          | (exception: false) -> (self | :wait_readable | :wait_writable)
+
+      def context: () -> SSLContext
+
+      def finished_message: () -> String?
+
+      def hostname: () -> String?
+
+      def hostname=: (String) -> String
+
+      def io: () -> BasicSocket
+
+      def npn_protocol: () -> String?
+
+      def peer_cert: () -> X509::Certificate?
+
+      def peer_cert_chain: () -> Array[X509::Certificate]?
+
+      def peer_finished_message: () -> String?
+
+      def pending: () -> Integer
+
+      def post_connection_check: (String hostname) -> true
+
+      def session: () -> Session?
+
+      def session=: (Session) -> Session
+
+      def session_reused?: () -> bool
+
+      def ssl_version: () -> tls_version
+
+      def state: () -> String
+
+      def sync_close: () -> bool
+
+      def sync_close=: [U] (boolish) -> U
+
+      def sysclose: () -> nil
+
+      def sysread: (Integer length, ?String buffer) -> String
+
+      def syswrite: (String data) -> Integer
+
+      def tmp_key: () -> PKey::PKey?
+
+      alias to_io io
+
+      def verify_result: () -> Integer
+
+      private
+
+      def client_cert_cb: () -> untyped
+
+      def initialize: (*untyped) -> void
+
+      def session_get_cb: () -> untyped
+
+      def session_new_cb: () -> untyped
+
+      def stop: () -> untyped
+
+      def sysread_nonblock: (*untyped) -> untyped
+
+      def syswrite_nonblock: (*untyped) -> untyped
+
+      def tmp_dh_callback: () -> untyped
+
+      def tmp_ecdh_callback: () -> untyped
+
+      def using_anon_cipher?: () -> untyped
+    end
+
+    class Session
+      public
+
+      def ==: (instance other) -> bool
+
+      def id: () -> String
+
+      def time: () -> Time
+
+      def time=: (Time | Integer start_time) -> Time
+
+      def timeout: () -> Integer
+
+      def timeout=: (Integer timeout) -> Integer
+
+      def to_der: () -> String
+
+      def to_pem: () -> String
+
+      def to_text: () -> String
+
+      private
+
+      def initialize: (SSLSocket | String sock_or_str) -> void
+
+      def initialize_copy: (instance) -> void
+
+      class SessionError < OpenSSL::OpenSSLError
+      end
+    end
+
+    module SocketForwarder
+      public
+
+      def addr: () -> Addrinfo?
+
+      def closed?: () -> untyped
+
+      def do_not_reverse_lookup=: (boolish flag) -> boolish
+
+      def fcntl: (*untyped args) -> untyped
+
+      def fileno: () -> Integer
+
+      def getsockopt: (Symbol | Integer level, Symbol | Integer optname) -> (Integer | boolish | String)
+
+      def peeraddr: () -> untyped
+
+      def setsockopt: (untyped level, untyped optname, untyped optval) -> untyped
+    end
+  end
+
+  module Timestamp
+    class Factory
+      public
+
+      def additional_certs: () -> Array[X509::Certificate]?
+
+      def additional_certs=: (Array[X509::Certificate]? certs) -> Array[X509::Certificate]?
+
+      def allowed_digests: () -> Array[String | Digest]?
+
+      def allowed_digests=: (Array[String | Digest]) -> Array[String | Digest]
+
+      def create_timestamp: (PKey::PKey key, X509::Certificate cert, Request request) -> Response
+
+      def default_policy_id: () -> String?
+
+      def default_policy_id=: (String) -> String
+
+      def gen_time: () -> Time?
+
+      def gen_time=: (Time) -> Time
+
+      def serial_number: () -> Integer?
+
+      def serial_number=: (Integer) -> Integer
+    end
+
+    class Request
+      public
+
+      def algorithm: () -> String
+
+      def algorithm=: (String) -> String
+
+      def cert_requested=: [U] (boolish) -> U
+
+      def cert_requested?: () -> bool
+
+      def message_imprint: () -> String?
+
+      def message_imprint=: (String) -> String
+
+      def nonce: () -> BN?
+
+      def nonce=: (bn nonce) -> BN
+
+      def policy_id: () -> String?
+
+      def policy_id=: (String policy_id) -> String
+
+      def to_der: () -> String
+
+      def version: () -> Integer
+
+      def version=: (Integer) -> Integer
+
+      private
+
+      def initialize: (?(File | String) request_der) -> void
+    end
+
+    class Response
+      public
+
+      def failure_info: () -> Symbol?
+
+      def status: () -> BN
+
+      def status_text: () -> Array[String]?
+
+      def to_der: () -> String
+
+      def token: () -> PKCS7?
+
+      def token_info: () -> TokenInfo?
+
+      def tsa_certificate: () -> X509::Certificate?
+
+      def verify: (Request request, X509::Store store, ?X509::Certificate intermediate_cert) -> instance
+
+      private
+
+      def initialize: (File | String response_der) -> void
+
+      GRANTED: Integer
+
+      GRANTED_WITH_MODS: Integer
+
+      REJECTION: Integer
+
+      REVOCATION_NOTIFICATION: Integer
+
+      REVOCATION_WARNING: Integer
+
+      WAITING: Integer
+    end
+
+    class TimestampError < OpenSSL::OpenSSLError
+    end
+
+    class TokenInfo
+      public
+
+      def algorithm: () -> String?
+
+      def gen_time: () -> Time
+
+      def message_imprint: () -> String
+
+      def nonce: () -> BN?
+
+      def ordering: () -> bool?
+
+      def policy_id: () -> String?
+
+      def serial_number: () -> BN?
+
+      def to_der: () -> String
+
+      def version: () -> Integer
+
+      private
+
+      def initialize: (File | String token_der) -> void
+    end
+  end
+
+  module X509
+    DEFAULT_CERT_AREA: String
+
+    DEFAULT_CERT_DIR: String
+
+    DEFAULT_CERT_DIR_ENV: String
+
+    DEFAULT_CERT_FILE: String
+
+    DEFAULT_CERT_FILE_ENV: String
+
+    DEFAULT_PRIVATE_DIR: String
+
+    PURPOSE_ANY: Integer
+
+    PURPOSE_CRL_SIGN: Integer
+
+    PURPOSE_NS_SSL_SERVER: Integer
+
+    PURPOSE_OCSP_HELPER: Integer
+
+    PURPOSE_SMIME_ENCRYPT: Integer
+
+    PURPOSE_SMIME_SIGN: Integer
+
+    PURPOSE_SSL_CLIENT: Integer
+
+    PURPOSE_SSL_SERVER: Integer
+
+    PURPOSE_TIMESTAMP_SIGN: Integer
+
+    TRUST_COMPAT: Integer
+
+    TRUST_EMAIL: Integer
+
+    TRUST_OBJECT_SIGN: Integer
+
+    TRUST_OCSP_REQUEST: Integer
+
+    TRUST_OCSP_SIGN: Integer
+
+    TRUST_SSL_CLIENT: Integer
+
+    TRUST_SSL_SERVER: Integer
+
+    TRUST_TSA: Integer
+
+    V_ERR_AKID_ISSUER_SERIAL_MISMATCH: Integer
+
+    V_ERR_AKID_SKID_MISMATCH: Integer
+
+    V_ERR_APPLICATION_VERIFICATION: Integer
+
+    V_ERR_CA_KEY_TOO_SMALL: Integer
+
+    V_ERR_CA_MD_TOO_WEAK: Integer
+
+    V_ERR_CERT_CHAIN_TOO_LONG: Integer
+
+    V_ERR_CERT_HAS_EXPIRED: Integer
+
+    V_ERR_CERT_NOT_YET_VALID: Integer
+
+    V_ERR_CERT_REJECTED: Integer
+
+    V_ERR_CERT_REVOKED: Integer
+
+    V_ERR_CERT_SIGNATURE_FAILURE: Integer
+
+    V_ERR_CERT_UNTRUSTED: Integer
+
+    V_ERR_CRL_HAS_EXPIRED: Integer
+
+    V_ERR_CRL_NOT_YET_VALID: Integer
+
+    V_ERR_CRL_PATH_VALIDATION_ERROR: Integer
+
+    V_ERR_CRL_SIGNATURE_FAILURE: Integer
+
+    V_ERR_DANE_NO_MATCH: Integer
+
+    V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT: Integer
+
+    V_ERR_DIFFERENT_CRL_SCOPE: Integer
+
+    V_ERR_EE_KEY_TOO_SMALL: Integer
+
+    V_ERR_EMAIL_MISMATCH: Integer
+
+    V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD: Integer
+
+    V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD: Integer
+
+    V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD: Integer
+
+    V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD: Integer
+
+    V_ERR_EXCLUDED_VIOLATION: Integer
+
+    V_ERR_HOSTNAME_MISMATCH: Integer
+
+    V_ERR_INVALID_CA: Integer
+
+    V_ERR_INVALID_CALL: Integer
+
+    V_ERR_INVALID_EXTENSION: Integer
+
+    V_ERR_INVALID_NON_CA: Integer
+
+    V_ERR_INVALID_POLICY_EXTENSION: Integer
+
+    V_ERR_INVALID_PURPOSE: Integer
+
+    V_ERR_IP_ADDRESS_MISMATCH: Integer
+
+    V_ERR_KEYUSAGE_NO_CERTSIGN: Integer
+
+    V_ERR_KEYUSAGE_NO_CRL_SIGN: Integer
+
+    V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE: Integer
+
+    V_ERR_NO_EXPLICIT_POLICY: Integer
+
+    V_ERR_NO_VALID_SCTS: Integer
+
+    V_ERR_OCSP_CERT_UNKNOWN: Integer
+
+    V_ERR_OCSP_VERIFY_FAILED: Integer
+
+    V_ERR_OCSP_VERIFY_NEEDED: Integer
+
+    V_ERR_OUT_OF_MEM: Integer
+
+    V_ERR_PATH_LENGTH_EXCEEDED: Integer
+
+    V_ERR_PATH_LOOP: Integer
+
+    V_ERR_PERMITTED_VIOLATION: Integer
+
+    V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED: Integer
+
+    V_ERR_PROXY_PATH_LENGTH_EXCEEDED: Integer
+
+    V_ERR_PROXY_SUBJECT_NAME_VIOLATION: Integer
+
+    V_ERR_SELF_SIGNED_CERT_IN_CHAIN: Integer
+
+    V_ERR_STORE_LOOKUP: Integer
+
+    V_ERR_SUBJECT_ISSUER_MISMATCH: Integer
+
+    V_ERR_SUBTREE_MINMAX: Integer
+
+    V_ERR_SUITE_B_CANNOT_SIGN_P_384_WITH_P_256: Integer
+
+    V_ERR_SUITE_B_INVALID_ALGORITHM: Integer
+
+    V_ERR_SUITE_B_INVALID_CURVE: Integer
+
+    V_ERR_SUITE_B_INVALID_SIGNATURE_ALGORITHM: Integer
+
+    V_ERR_SUITE_B_INVALID_VERSION: Integer
+
+    V_ERR_SUITE_B_LOS_NOT_ALLOWED: Integer
+
+    V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY: Integer
+
+    V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE: Integer
+
+    V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE: Integer
+
+    V_ERR_UNABLE_TO_GET_CRL: Integer
+
+    V_ERR_UNABLE_TO_GET_CRL_ISSUER: Integer
+
+    V_ERR_UNABLE_TO_GET_ISSUER_CERT: Integer
+
+    V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY: Integer
+
+    V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE: Integer
+
+    V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION: Integer
+
+    V_ERR_UNHANDLED_CRITICAL_EXTENSION: Integer
+
+    V_ERR_UNNESTED_RESOURCE: Integer
+
+    V_ERR_UNSPECIFIED: Integer
+
+    V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX: Integer
+
+    V_ERR_UNSUPPORTED_CONSTRAINT_TYPE: Integer
+
+    V_ERR_UNSUPPORTED_EXTENSION_FEATURE: Integer
+
+    V_ERR_UNSUPPORTED_NAME_SYNTAX: Integer
+
+    V_FLAG_ALLOW_PROXY_CERTS: Integer
+
+    V_FLAG_CHECK_SS_SIGNATURE: Integer
+
+    V_FLAG_CRL_CHECK: Integer
+
+    V_FLAG_CRL_CHECK_ALL: Integer
+
+    V_FLAG_EXPLICIT_POLICY: Integer
+
+    V_FLAG_EXTENDED_CRL_SUPPORT: Integer
+
+    V_FLAG_IGNORE_CRITICAL: Integer
+
+    V_FLAG_INHIBIT_ANY: Integer
+
+    V_FLAG_INHIBIT_MAP: Integer
+
+    V_FLAG_NOTIFY_POLICY: Integer
+
+    V_FLAG_NO_ALT_CHAINS: Integer
+
+    V_FLAG_NO_CHECK_TIME: Integer
+
+    V_FLAG_PARTIAL_CHAIN: Integer
+
+    V_FLAG_POLICY_CHECK: Integer
+
+    V_FLAG_SUITEB_128_LOS: Integer
+
+    V_FLAG_SUITEB_128_LOS_ONLY: Integer
+
+    V_FLAG_SUITEB_192_LOS: Integer
+
+    V_FLAG_TRUSTED_FIRST: Integer
+
+    V_FLAG_USE_CHECK_TIME: Integer
+
+    V_FLAG_USE_DELTAS: Integer
+
+    V_FLAG_X509_STRICT: Integer
+
+    V_OK: Integer
+
+    class Attribute
+      include OpenSSL::Marshal
+
+      extend OpenSSL::Marshal::ClassMethods
+
+      public
+
+      def ==: (instance other) -> bool
+
+      def oid: () -> String
+
+      def oid=: (String) -> String
+
+      def to_der: () -> String
+
+      def value: () -> ASN1::Set
+
+      def value=: (ASN1::ASN1Data) -> ASN1::Set
+
+      private
+
+      def initialize: (String der) -> void
+                    | (String oid, ASN1::ASN1Data value) -> void
+
+      def initialize_copy: (instance) -> void
+    end
+
+    class AttributeError < OpenSSL::OpenSSLError
+    end
+
+    class CRL
+      include OpenSSL::X509::Extension::AuthorityKeyIdentifier
+
+      include OpenSSL::Marshal
+
+      extend OpenSSL::Marshal::ClassMethods
+
+      public
+
+      def ==: (instance other) -> bool
+
+      def add_extension: (Extension ext) -> Extension
+
+      def add_revoked: (Revoked revoked) -> Revoked
+
+      def extensions: () -> Array[Extension]
+
+      def extensions=: (Array[Extension] extensions) -> Array[Extension]
+
+      def issuer: () -> X509::Name
+
+      def issuer=: (X509::Name issuer) -> X509::Name
+
+      def last_update: () -> Time?
+
+      def last_update=: (Time last_update) -> Time
+
+      def next_update: () -> Time?
+
+      def next_update=: (Time next_update) -> Time
+
+      def revoked: () -> Array[Revoked]
+
+      def revoked=: (Array[Revoked]) -> Array[Revoked]
+
+      def sign: (PKey::PKey key, Digest digest) -> String
+
+      def signature_algorithm: () -> String
+
+      def to_der: () -> String
+
+      def to_pem: () -> String
+
+      alias to_s to_pem
+
+      def to_text: () -> String
+
+      def verify: (PKey::PKey key) -> bool
+
+      def version: () -> Integer
+
+      def version=: (Integer) -> Integer
+
+      private
+
+      def initialize: (?String der) -> void
+
+      def initialize_copy: (instance) -> void
+    end
+
+    class CRLError < OpenSSL::OpenSSLError
+    end
+
+    class Certificate
+      include OpenSSL::X509::Extension::AuthorityInfoAccess
+
+      include OpenSSL::X509::Extension::CRLDistributionPoints
+
+      include OpenSSL::X509::Extension::AuthorityKeyIdentifier
+
+      include OpenSSL::X509::Extension::SubjectKeyIdentifier
+
+      include OpenSSL::Marshal
+
+      extend OpenSSL::Marshal::ClassMethods
+
+      public
+
+      def ==: (instance other) -> bool
+
+      def add_extension: (Extension ext) -> Extension
+
+      def check_private_key: (PKey::PKey key) -> bool
+
+      def extensions: () -> Array[Extension]
+
+      def extensions=: (Array[Extension]) -> Array[Extension]
+
+      def inspect: () -> String
+
+      def issuer: () -> Name
+
+      def issuer=: (Name) -> Name
+
+      def not_after: () -> Time?
+
+      def not_after=: (Time) -> Time
+
+      def not_before: () -> Time?
+
+      def not_before=: (Time) -> Time
+
+      def pretty_print: (untyped q) -> untyped
+
+      def public_key: () -> PKey::PKey
+
+      def public_key=: (PKey::PKey pkey) -> PKey::PKey
+
+      def serial: () -> BN
+
+      def serial=: (bn serial) -> bn
+
+      def sign: (PKey::PKey key, String digest) -> String
+
+      def signature_algorithm: () -> String
+
+      def subject: () -> Name
+
+      def subject=: (Name) -> Name
+
+      def to_der: () -> String
+
+      def to_pem: () -> String
+
+      alias to_s to_pem
+
+      def to_text: () -> String
+
+      def verify: (PKey::PKey key) -> bool
+
+      def version: () -> Integer
+
+      def version=: (Integer) -> Integer
+
+      private
+
+      def initialize: (?String pem) -> void
+
+      def initialize_copy: (instance) -> void
+    end
+
+    class CertificateError < OpenSSL::OpenSSLError
+    end
+
+    class Extension
+      include OpenSSL::Marshal
+
+      extend OpenSSL::Marshal::ClassMethods
+
+      public
+
+      def ==: (instance other) -> bool
+
+      def critical=: [U] (boolish) -> U
+
+      def critical?: () -> bool
+
+      def oid: () -> String
+
+      def oid=: (String oid) -> String
+
+      def to_a: () -> [String, String, bool]
+
+      def to_der: () -> String
+
+      def to_h: () -> Hash[String, untyped]
+
+      def to_s: () -> String
+
+      def value: () -> String
+
+      def value=: (String | ASN1::_ToDer data) -> String
+
+      def value_der: () -> String
+
+      private
+
+      def initialize: (String der) -> void
+                    | (String oid, String value, ?boolish critical) -> void
+
+      def initialize_copy: (instance) -> void
+
+      module AuthorityInfoAccess
+        include OpenSSL::X509::Extension::Helpers
+
+        public
+
+        def ca_issuer_uris: () -> Array[String]?
+
+        def ocsp_uris: () -> Array[String]?
+
+        private
+
+        def parse_aia_asn1: () -> untyped
+      end
+
+      module AuthorityKeyIdentifier
+        include OpenSSL::X509::Extension::Helpers
+
+        public
+
+        def authority_key_identifier: () -> String?
+      end
+
+      module CRLDistributionPoints
+        include OpenSSL::X509::Extension::Helpers
+
+        public
+
+        def crl_uris: () -> Array[String]?
+      end
+
+      module Helpers
+        public
+
+        def find_extension: (String oid) -> Extension?
+      end
+
+      module SubjectKeyIdentifier
+        include OpenSSL::X509::Extension::Helpers
+
+        public
+
+        def subject_key_identifier: () -> String?
+      end
+    end
+
+    class ExtensionError < OpenSSL::OpenSSLError
+    end
+
+    class ExtensionFactory
+      public
+
+      def config: () -> Config?
+
+      def config=: (Config config) -> Config
+
+      def create_ext: (String oid, String value, ?boolish critical) -> Extension
+
+      def create_ext_from_array: ([String, String] | [String, String, boolish] ary) -> Extension
+
+      def create_ext_from_hash: (Hash[String, String | boolish] hash) -> Extension
+
+      def create_ext_from_string: (String str) -> Extension
+
+      def create_extension: (String oid, String value, ?boolish critical) -> Extension
+
+      def crl: () -> CRL?
+
+      def crl=: (CRL crl) -> CRL
+
+      def issuer_certificate: () -> Certificate?
+
+      def issuer_certificate=: (Certificate cert) -> Certificate
+
+      def subject_certificate: () -> Certificate?
+
+      def subject_certificate=: (Certificate cert) -> Certificate
+
+      def subject_request: () -> Request?
+
+      def subject_request=: (Request request) -> Request
+
+      private
+
+      def initialize: (?Certificate? issuer_cert, ?Certificate? subject_cert, ?Request? request, ?CRL? crl) -> void
+    end
+
+    class Name
+      type distinguished_name = [String, String]
+
+      type template = Hash[String, Integer]
+
+      include OpenSSL::Marshal
+
+      include Comparable
+
+      extend OpenSSL::Marshal::ClassMethods
+
+      alias self.parse self.parse_openssl
+
+      def self.parse_openssl: (String str, ?template template) -> instance
+
+      def self.parse_rfc2253: (String str, ?template template) -> instance
+
+      public
+
+      alias <=> cmp
+
+      def add_entry: (String oid, String value, ?loc: Integer, ?set: Integer) -> self
+
+      def cmp: (untyped other) -> Integer?
+
+      def eql?: (instance other) -> bool
+
+      def hash: () -> Integer
+
+      def hash_old: () -> Integer
+
+      def inspect: () -> String
+
+      def pretty_print: (untyped q) -> untyped
+
+      def to_a: () -> Array[[String, String, Integer]]
+
+      def to_der: () -> String
+
+      def to_s: (?format format) -> String
+
+      def to_utf8: () -> String
+
+      private
+
+      def initialize: (distinguished_name name, template template) -> void
+                    | (Array[distinguished_name] names) -> void
+                    | (?String der) -> void
+
+      def initialize_copy: (instance) -> void
+
+      COMPAT: Integer
+
+      DEFAULT_OBJECT_TYPE: Integer
+
+      MULTILINE: Integer
+
+      OBJECT_TYPE_TEMPLATE: template
+
+      ONELINE: Integer
+
+      RFC2253: Integer
+
+      type format = Integer
+
+      module RFC2253DN
+        def self.expand_hexstring: (untyped str) -> untyped
+
+        def self.expand_pair: (untyped str) -> untyped
+
+        def self.expand_value: (untyped str1, untyped str2, untyped str3) -> untyped
+
+        def self.scan: (untyped dn) -> untyped
+
+        private
+
+        def expand_hexstring: (untyped str) -> untyped
+
+        def expand_pair: (untyped str) -> untyped
+
+        def expand_value: (untyped str1, untyped str2, untyped str3) -> untyped
+
+        def scan: (String dn) -> Array[distinguished_name]
+
+        AttributeType: Regexp
+
+        AttributeValue: Regexp
+
+        HexChar: Regexp
+
+        HexPair: Regexp
+
+        HexString: Regexp
+
+        Pair: Regexp
+
+        QuoteChar: Regexp
+
+        Special: String
+
+        StringChar: Regexp
+
+        TypeAndValue: Regexp
+      end
+    end
+
+    class NameError < OpenSSL::OpenSSLError
+    end
+
+    class Request
+      include OpenSSL::Marshal
+
+      extend OpenSSL::Marshal::ClassMethods
+
+      public
+
+      def ==: (untyped other) -> bool
+
+      def add_attribute: (Attribute attribute) -> Attribute
+
+      def attributes: () -> Array[Attribute]
+
+      def attributes=: (Array[Attribute] attributes) -> Array[Attribute]
+
+      def public_key: () -> PKey::PKey
+
+      def public_key=: (PKey::PKey public_key) -> PKey::PKey
+
+      def sign: (PKey::PKey key, Digest | String digest) -> String
+
+      def signature_algorithm: () -> String
+
+      def subject: () -> Name
+
+      def subject=: (Name subject) -> Name
+
+      def to_der: () -> String
+
+      def to_pem: () -> String
+
+      alias to_s to_pem
+
+      def to_text: () -> String
+
+      def verify: (PKey::PKey key) -> bool
+
+      def version: () -> Integer
+
+      def version=: (Integer version) -> Integer
+
+      private
+
+      def initialize: (?String der) -> void
+
+      def initialize_copy: (instance) -> void
+    end
+
+    class RequestError < OpenSSL::OpenSSLError
+    end
+
+    class Revoked
+      public
+
+      def ==: (untyped other) -> bool
+
+      def add_extension: (Extension ext) -> Extension
+
+      def extensions: () -> Array[Extension]
+
+      def extensions=: (Array[Extension] extensions) -> Array[Extension]
+
+      def serial: () -> Integer
+
+      def serial=: (Integer integer) -> Integer
+
+      def time: () -> Time?
+
+      def time=: (Time time) -> Time
+
+      def to_der: () -> String
+
+      private
+
+      def initialize: (*untyped) -> void
+
+      def initialize_copy: (instance) -> void
+    end
+
+    class RevokedError < OpenSSL::OpenSSLError
+    end
+
+    class Store
+      public
+
+      def add_cert: (Certificate certificate) -> self
+
+      def add_crl: (CRL crl) -> self
+
+      def add_file: (String file) -> self
+
+      def add_path: (String path) -> self
+
+      def chain: () -> Array[Certificate]?
+
+      def error: () -> Integer?
+
+      def error_string: () -> String?
+
+      def flags=: (Integer flags) -> Integer
+
+      def purpose=: (Integer purpose) -> Integer
+
+      def set_default_paths: () -> nil
+
+      def time=: (Time time) -> Time
+
+      def trust=: (Integer trust) -> Integer
+
+      def verify: (Certificate certificate, ?Array[Certificate] chain) ?{ (bool preverify_ok, StoreContext store_ctx) -> boolish } -> boolish
+
+      def verify_callback: () -> (^(bool preverify_ok, StoreContext store_ctx) -> boolish | nil)
+
+      def verify_callback=: [U] (^(bool preverify_ok, StoreContext store_ctx) -> boolish) -> U
+
+      private
+
+      def initialize: () -> void
+    end
+
+    class StoreContext
+      public
+
+      def chain: () -> Array[Certificate]?
+
+      def cleanup: () -> void
+
+      def current_cert: () -> Certificate
+
+      def current_crl: () -> CRL
+
+      def error: () -> Integer?
+
+      def error=: (Integer error) -> Integer
+
+      def error_depth: () -> Integer
+
+      def error_string: () -> String?
+
+      def flags=: (Integer flags) -> Integer
+
+      def purpose=: (Integer purpose) -> Integer
+
+      def time=: (Time time) -> Time
+
+      def trust=: (Integer trust) -> Integer
+
+      def verify: () -> bool
+
+      private
+
+      def initialize: (Store store, ?Certificate cert, ?Array[Certificate] chain) -> void
+    end
+
+    class StoreError < OpenSSL::OpenSSLError
+    end
+  end
+end