rbs 1.3.3 → 1.6.0

data/stdlib/objspace/0/objspace.rbs

@@ -0,0 +1,406 @@
+# The objspace library extends the ObjectSpace module and adds several methods
+# to get internal statistic information about object/memory management.
+#
+# You need to `require 'objspace'` to use this extension module.
+#
+# Generally, you *SHOULD NOT* use this library if you do not know about the MRI
+# implementation.  Mainly, this library is for (memory) profiler developers and
+# MRI developers who need to know about MRI memory usage.
+# The ObjectSpace module contains a number of routines that interact with the
+# garbage collection facility and allow you to traverse all living objects with
+# an iterator.
+#
+# ObjectSpace also provides support for object finalizers, procs that will be
+# called when a specific object is about to be destroyed by garbage collection.
+# See the documentation for `ObjectSpace.define_finalizer` for important
+# information on how to use this method correctly.
+#
+#     a = "A"
+#     b = "B"
+#
+#     ObjectSpace.define_finalizer(a, proc {|id| puts "Finalizer one on #{id}" })
+#     ObjectSpace.define_finalizer(b, proc {|id| puts "Finalizer two on #{id}" })
+#
+#     a = nil
+#     b = nil
+#
+# *produces:*
+#
+#     Finalizer two on 537763470
+#     Finalizer one on 537763480
+module ObjectSpace
+  # Returns the class for the given `object`.
+  #
+  #     class A
+  #       def foo
+  #         ObjectSpace::trace_object_allocations do
+  #           obj = Object.new
+  #           p "#{ObjectSpace::allocation_class_path(obj)}"
+  #         end
+  #       end
+  #     end
+  #
+  #     A.new.foo #=> "Class"
+  #
+  # See ::trace_object_allocations for more information and examples.
+  #
+  def self.allocation_class_path: (untyped) -> String
+
+  # Returns garbage collector generation for the given `object`.
+  #
+  #     class B
+  #       include ObjectSpace
+  #
+  #       def foo
+  #         trace_object_allocations do
+  #           obj = Object.new
+  #           p "Generation is #{allocation_generation(obj)}"
+  #         end
+  #       end
+  #     end
+  #
+  #     B.new.foo #=> "Generation is 3"
+  #
+  # See ::trace_object_allocations for more information and examples.
+  #
+  def self.allocation_generation: (untyped) -> (Integer | nil)
+
+  # Returns the method identifier for the given `object`.
+  #
+  #     class A
+  #       include ObjectSpace
+  #
+  #       def foo
+  #         trace_object_allocations do
+  #           obj = Object.new
+  #           p "#{allocation_class_path(obj)}##{allocation_method_id(obj)}"
+  #         end
+  #       end
+  #     end
+  #
+  #     A.new.foo #=> "Class#new"
+  #
+  # See ::trace_object_allocations for more information and examples.
+  #
+  def self.allocation_method_id: (untyped) -> Symbol
+
+  # Returns the source file origin from the given `object`.
+  #
+  # See ::trace_object_allocations for more information and examples.
+  #
+  def self.allocation_sourcefile: (untyped) -> String
+
+  # Returns the original line from source for from the given `object`.
+  #
+  # See ::trace_object_allocations for more information and examples.
+  #
+  def self.allocation_sourceline: (untyped) -> Integer
+
+  # Counts objects for each `T_IMEMO` type.
+  #
+  # This method is only for MRI developers interested in performance and memory
+  # usage of Ruby programs.
+  #
+  # It returns a hash as:
+  #
+  #     {:imemo_ifunc=>8,
+  #      :imemo_svar=>7,
+  #      :imemo_cref=>509,
+  #      :imemo_memo=>1,
+  #      :imemo_throw_data=>1}
+  #
+  # If the optional argument, result_hash, is given, it is overwritten and
+  # returned. This is intended to avoid probe effect.
+  #
+  # The contents of the returned hash is implementation specific and may change in
+  # the future.
+  #
+  # In this version, keys are symbol objects.
+  #
+  # This method is only expected to work with C Ruby.
+  #
+  def self.count_imemo_objects: (?Hash[Symbol, Integer] result_hash) -> Hash[Symbol, Integer]
+
+  # Counts nodes for each node type.
+  #
+  # This method is only for MRI developers interested in performance and memory
+  # usage of Ruby programs.
+  #
+  # It returns a hash as:
+  #
+  #     {:NODE_METHOD=>2027, :NODE_FBODY=>1927, :NODE_CFUNC=>1798, ...}
+  #
+  # If the optional argument, result_hash, is given, it is overwritten and
+  # returned. This is intended to avoid probe effect.
+  #
+  # Note: The contents of the returned hash is implementation defined. It may be
+  # changed in future.
+  #
+  # This method is only expected to work with C Ruby.
+  #
+  def self.count_nodes: (?Hash[Symbol, Integer] result_hash) -> Hash[Symbol, Integer]
+
+  # Counts objects size (in bytes) for each type.
+  #
+  # Note that this information is incomplete.  You need to deal with this
+  # information as only a **HINT**.  Especially, total size of T_DATA may be
+  # wrong.
+  #
+  # It returns a hash as:
+  #     {:TOTAL=>1461154, :T_CLASS=>158280, :T_MODULE=>20672, :T_STRING=>527249, ...}
+  #
+  # If the optional argument, result_hash, is given, it is overwritten and
+  # returned. This is intended to avoid probe effect.
+  #
+  # The contents of the returned hash is implementation defined. It may be changed
+  # in future.
+  #
+  # This method is only expected to work with C Ruby.
+  #
+  def self.count_objects_size: (?Hash[Symbol, Integer] result_hash) -> Hash[Symbol, Integer]
+
+  # Counts symbols for each Symbol type.
+  #
+  # This method is only for MRI developers interested in performance and memory
+  # usage of Ruby programs.
+  #
+  # If the optional argument, result_hash, is given, it is overwritten and
+  # returned. This is intended to avoid probe effect.
+  #
+  # Note: The contents of the returned hash is implementation defined. It may be
+  # changed in future.
+  #
+  # This method is only expected to work with C Ruby.
+  #
+  # On this version of MRI, they have 3 types of Symbols (and 1 total counts).
+  #
+  #     * mortal_dynamic_symbol: GC target symbols (collected by GC)
+  #     * immortal_dynamic_symbol: Immortal symbols promoted from dynamic symbols (do not collected by GC)
+  #     * immortal_static_symbol: Immortal symbols (do not collected by GC)
+  #     * immortal_symbol: total immortal symbols (immortal_dynamic_symbol+immortal_static_symbol)
+  #
+  def self.count_symbols: (?Hash[Symbol, Integer] result_hash) -> Hash[Symbol, Integer]
+
+  # Counts objects for each `T_DATA` type.
+  #
+  # This method is only for MRI developers interested in performance and memory
+  # usage of Ruby programs.
+  #
+  # It returns a hash as:
+  #
+  #     {RubyVM::InstructionSequence=>504, :parser=>5, :barrier=>6,
+  #      :mutex=>6, Proc=>60, RubyVM::Env=>57, Mutex=>1, Encoding=>99,
+  #      ThreadGroup=>1, Binding=>1, Thread=>1, RubyVM=>1, :iseq=>1,
+  #      Random=>1, ARGF.class=>1, Data=>1, :autoload=>3, Time=>2}
+  #     # T_DATA objects existing at startup on r32276.
+  #
+  # If the optional argument, result_hash, is given, it is overwritten and
+  # returned. This is intended to avoid probe effect.
+  #
+  # The contents of the returned hash is implementation specific and may change in
+  # the future.
+  #
+  # In this version, keys are Class object or Symbol object.
+  #
+  # If object is kind of normal (accessible) object, the key is Class object. If
+  # object is not a kind of normal (internal) object, the key is symbol name,
+  # registered by rb_data_type_struct.
+  #
+  # This method is only expected to work with C Ruby.
+  #
+  def self.count_tdata_objects: (?Hash[untyped, Integer] result_hash) -> Hash[untyped, Integer]
+
+  def self.dump: (untyped obj, ?output: Symbol) -> (String | File | nil)
+
+  def self.dump_all: (?since: (Integer|nil), ?full: boolish, ?output: Symbol) -> (String | File | nil)
+
+  # MRI specific feature
+  # :   Return internal class of obj.
+  #
+  # obj can be an instance of InternalObjectWrapper.
+  #
+  # Note that you should not use this method in your application.
+  #
+  def self.internal_class_of: (untyped) -> Class
+
+  # MRI specific feature
+  # :   Return internal super class of cls (Class or Module).
+  #
+  # obj can be an instance of InternalObjectWrapper.
+  #
+  # Note that you should not use this method in your application.
+  #
+  def self.internal_super_of: (untyped) -> untyped
+
+  # Return consuming memory size of obj in bytes.
+  #
+  # Note that the return size is incomplete.  You need to deal with this
+  # information as only a **HINT**. Especially, the size of `T_DATA` may not be
+  # correct.
+  #
+  # This method is only expected to work with C Ruby.
+  #
+  # From Ruby 2.2, memsize_of(obj) returns a memory size includes sizeof(RVALUE).
+  #
+  def self.memsize_of: (untyped) -> Integer
+
+  # Return consuming memory size of all living objects in bytes.
+  #
+  # If `klass` (should be Class object) is given, return the total memory size of
+  # instances of the given class.
+  #
+  # Note that the returned size is incomplete. You need to deal with this
+  # information as only a **HINT**. Especially, the size of `T_DATA` may not be
+  # correct.
+  #
+  # Note that this method does **NOT** return total malloc'ed memory size.
+  #
+  # This method can be defined by the following Ruby code:
+  #
+  #     def memsize_of_all klass = false
+  #       total = 0
+  #       ObjectSpace.each_object{|e|
+  #         total += ObjectSpace.memsize_of(e) if klass == false || e.kind_of?(klass)
+  #       }
+  #       total
+  #     end
+  #
+  # This method is only expected to work with C Ruby.
+  #
+  def self.memsize_of_all: (?Class) -> Integer
+
+  # MRI specific feature
+  # :   Return all reachable objects from `obj'.
+  #
+  #
+  # This method returns all reachable objects from `obj'.
+  #
+  # If `obj' has two or more references to the same object `x', then returned
+  # array only includes one `x' object.
+  #
+  # If `obj' is a non-markable (non-heap management) object such as true, false,
+  # nil, symbols and Fixnums (and Flonum) then it simply returns nil.
+  #
+  # If `obj' has references to an internal object, then it returns instances of
+  # ObjectSpace::InternalObjectWrapper class. This object contains a reference to
+  # an internal object and you can check the type of internal object with `type'
+  # method.
+  #
+  # If `obj' is instance of ObjectSpace::InternalObjectWrapper class, then this
+  # method returns all reachable object from an internal object, which is pointed
+  # by `obj'.
+  #
+  # With this method, you can find memory leaks.
+  #
+  # This method is only expected to work except with C Ruby.
+  #
+  # Example:
+  #     ObjectSpace.reachable_objects_from(['a', 'b', 'c'])
+  #     #=> [Array, 'a', 'b', 'c']
+  #
+  #     ObjectSpace.reachable_objects_from(['a', 'a', 'a'])
+  #     #=> [Array, 'a', 'a', 'a'] # all 'a' strings have different object id
+  #
+  #     ObjectSpace.reachable_objects_from([v = 'a', v, v])
+  #     #=> [Array, 'a']
+  #
+  #     ObjectSpace.reachable_objects_from(1)
+  #     #=> nil # 1 is not markable (heap managed) object
+  #
+  def self.reachable_objects_from: (untyped) -> ([ untyped ] | nil)
+
+  # MRI specific feature
+  # :   Return all reachable objects from root.
+  #
+  #
+  def self.reachable_objects_from_root: () -> Hash[String, untyped]
+
+  # Starts tracing object allocations from the ObjectSpace extension module.
+  #
+  # For example:
+  #
+  #     require 'objspace'
+  #
+  #     class C
+  #       include ObjectSpace
+  #
+  #       def foo
+  #         trace_object_allocations do
+  #           obj = Object.new
+  #           p "#{allocation_sourcefile(obj)}:#{allocation_sourceline(obj)}"
+  #         end
+  #       end
+  #     end
+  #
+  #     C.new.foo #=> "objtrace.rb:8"
+  #
+  # This example has included the ObjectSpace module to make it easier to read,
+  # but you can also use the ::trace_object_allocations notation (recommended).
+  #
+  # Note that this feature introduces a huge performance decrease and huge memory
+  # consumption.
+  #
+  def self.trace_object_allocations: () { (untyped) -> untyped } -> untyped
+
+  # Clear recorded tracing information.
+  #
+  def self.trace_object_allocations_clear: () -> void
+
+  def self.trace_object_allocations_debug_start: () -> void
+
+  # Starts tracing object allocations.
+  #
+  def self.trace_object_allocations_start: () -> void
+
+  # Stop tracing object allocations.
+  #
+  # Note that if ::trace_object_allocations_start is called n-times, then tracing
+  # will stop after calling ::trace_object_allocations_stop n-times.
+  #
+  def self.trace_object_allocations_stop: () -> void
+
+  private
+
+  # Dump the contents of a ruby object as JSON.
+  #
+  # This method is only expected to work with C Ruby. This is an experimental
+  # method and is subject to change. In particular, the function signature and
+  # output format are not guaranteed to be compatible in future versions of ruby.
+  #
+  def dump: (untyped obj, ?output: Symbol) -> (String|File|nil)
+
+  # Dump the contents of the ruby heap as JSON.
+  #
+  # *since* must be a non-negative integer or `nil`.
+  #
+  # If *since* is a positive integer, only objects of that generation and newer
+  # generations are dumped. The current generation can be accessed using
+  # GC::count.
+  #
+  # Objects that were allocated without object allocation tracing enabled are
+  # ignored. See ::trace_object_allocations for more information and examples.
+  #
+  # If *since* is omitted or is `nil`, all objects are dumped.
+  #
+  # This method is only expected to work with C Ruby. This is an experimental
+  # method and is subject to change. In particular, the function signature and
+  # output format are not guaranteed to be compatible in future versions of ruby.
+  #
+  def dump_all: (?since: (Integer|nil), ?full: boolish, ?output: Symbol) -> (String|File|nil)
+
+  def memsize_of: (untyped) -> Integer
+
+  def memsize_of_all: (?class) -> Integer
+
+  def reachable_objects_from: (untyped) -> ([ untyped ] | nil)
+
+  def reachable_objects_from_root: () -> Hash[String, untyped]
+
+  def trace_object_allocations_clear: () -> void
+
+  def trace_object_allocations_debug_start: () -> void
+
+  def trace_object_allocations_start: () -> void
+
+  def trace_object_allocations_stop: () -> void
+end

data/stdlib/openssl/0/openssl.rbs

@@ -0,0 +1,3711 @@
+# OpenSSL provides SSL, TLS and general purpose cryptography.  It wraps the
+# [OpenSSL](https://www.openssl.org/) library.
+#
+# # Examples
+#
+# All examples assume you have loaded OpenSSL with:
+#
+#     require 'openssl'
+#
+# These examples build atop each other.  For example the key created in the next
+# is used in throughout these examples.
+#
+# ## Keys
+#
+# ### Creating a Key
+#
+# This example creates a 2048 bit RSA keypair and writes it to the current
+# directory.
+#
+#     key = OpenSSL::PKey::RSA.new 2048
+#
+#     open 'private_key.pem', 'w' do |io| io.write key.to_pem end
+#     open 'public_key.pem', 'w' do |io| io.write key.public_key.to_pem end
+#
+# ### Exporting a Key
+#
+# Keys saved to disk without encryption are not secure as anyone who gets ahold
+# of the key may use it unless it is encrypted.  In order to securely export a
+# key you may export it with a pass phrase.
+#
+#     cipher = OpenSSL::Cipher.new 'AES-256-CBC'
+#     pass_phrase = 'my secure pass phrase goes here'
+#
+#     key_secure = key.export cipher, pass_phrase
+#
+#     open 'private.secure.pem', 'w' do |io|
+#       io.write key_secure
+#     end
+#
+# OpenSSL::Cipher.ciphers returns a list of available ciphers.
+#
+# ### Loading a Key
+#
+# A key can also be loaded from a file.
+#
+#     key2 = OpenSSL::PKey::RSA.new File.read 'private_key.pem'
+#     key2.public? # => true
+#     key2.private? # => true
+#
+# or
+#
+#     key3 = OpenSSL::PKey::RSA.new File.read 'public_key.pem'
+#     key3.public? # => true
+#     key3.private? # => false
+#
+# ### Loading an Encrypted Key
+#
+# OpenSSL will prompt you for your pass phrase when loading an encrypted key. If
+# you will not be able to type in the pass phrase you may provide it when
+# loading the key:
+#
+#     key4_pem = File.read 'private.secure.pem'
+#     pass_phrase = 'my secure pass phrase goes here'
+#     key4 = OpenSSL::PKey::RSA.new key4_pem, pass_phrase
+#
+# ## RSA Encryption
+#
+# RSA provides encryption and decryption using the public and private keys. You
+# can use a variety of padding methods depending upon the intended use of
+# encrypted data.
+#
+# ### Encryption & Decryption
+#
+# Asymmetric public/private key encryption is slow and victim to attack in cases
+# where it is used without padding or directly to encrypt larger chunks of data.
+# Typical use cases for RSA encryption involve "wrapping" a symmetric key with
+# the public key of the recipient who would "unwrap" that symmetric key again
+# using their private key. The following illustrates a simplified example of
+# such a key transport scheme. It shouldn't be used in practice, though,
+# standardized protocols should always be preferred.
+#
+#     wrapped_key = key.public_encrypt key
+#
+# A symmetric key encrypted with the public key can only be decrypted with the
+# corresponding private key of the recipient.
+#
+#     original_key = key.private_decrypt wrapped_key
+#
+# By default PKCS#1 padding will be used, but it is also possible to use other
+# forms of padding, see PKey::RSA for further details.
+#
+# ### Signatures
+#
+# Using "private_encrypt" to encrypt some data with the private key is
+# equivalent to applying a digital signature to the data. A verifying party may
+# validate the signature by comparing the result of decrypting the signature
+# with "public_decrypt" to the original data. However, OpenSSL::PKey already has
+# methods "sign" and "verify" that handle digital signatures in a standardized
+# way - "private_encrypt" and "public_decrypt" shouldn't be used in practice.
+#
+# To sign a document, a cryptographically secure hash of the document is
+# computed first, which is then signed using the private key.
+#
+#     signature = key.sign 'SHA256', document
+#
+# To validate the signature, again a hash of the document is computed and the
+# signature is decrypted using the public key. The result is then compared to
+# the hash just computed, if they are equal the signature was valid.
+#
+#     if key.verify 'SHA256', signature, document
+#       puts 'Valid'
+#     else
+#       puts 'Invalid'
+#     end
+#
+# ## PBKDF2 Password-based Encryption
+#
+# If supported by the underlying OpenSSL version used, Password-based Encryption
+# should use the features of PKCS5. If not supported or if required by legacy
+# applications, the older, less secure methods specified in RFC 2898 are also
+# supported (see below).
+#
+# PKCS5 supports PBKDF2 as it was specified in PKCS#5
+# [v2.0](http://www.rsa.com/rsalabs/node.asp?id=2127). It still uses a password,
+# a salt, and additionally a number of iterations that will slow the key
+# derivation process down. The slower this is, the more work it requires being
+# able to brute-force the resulting key.
+#
+# ### Encryption
+#
+# The strategy is to first instantiate a Cipher for encryption, and then to
+# generate a random IV plus a key derived from the password using PBKDF2. PKCS
+# #5 v2.0 recommends at least 8 bytes for the salt, the number of iterations
+# largely depends on the hardware being used.
+#
+#     cipher = OpenSSL::Cipher.new 'AES-256-CBC'
+#     cipher.encrypt
+#     iv = cipher.random_iv
+#
+#     pwd = 'some hopefully not to easily guessable password'
+#     salt = OpenSSL::Random.random_bytes 16
+#     iter = 20000
+#     key_len = cipher.key_len
+#     digest = OpenSSL::Digest.new('SHA256')
+#
+#     key = OpenSSL::PKCS5.pbkdf2_hmac(pwd, salt, iter, key_len, digest)
+#     cipher.key = key
+#
+#     Now encrypt the data:
+#
+#     encrypted = cipher.update document
+#     encrypted << cipher.final
+#
+# ### Decryption
+#
+# Use the same steps as before to derive the symmetric AES key, this time
+# setting the Cipher up for decryption.
+#
+#     cipher = OpenSSL::Cipher.new 'AES-256-CBC'
+#     cipher.decrypt
+#     cipher.iv = iv # the one generated with #random_iv
+#
+#     pwd = 'some hopefully not to easily guessable password'
+#     salt = ... # the one generated above
+#     iter = 20000
+#     key_len = cipher.key_len
+#     digest = OpenSSL::Digest.new('SHA256')
+#
+#     key = OpenSSL::PKCS5.pbkdf2_hmac(pwd, salt, iter, key_len, digest)
+#     cipher.key = key
+#
+#     Now decrypt the data:
+#
+#     decrypted = cipher.update encrypted
+#     decrypted << cipher.final
+#
+# ## PKCS #5 Password-based Encryption
+#
+# PKCS #5 is a password-based encryption standard documented at
+# [RFC2898](http://www.ietf.org/rfc/rfc2898.txt).  It allows a short password or
+# passphrase to be used to create a secure encryption key. If possible, PBKDF2
+# as described above should be used if the circumstances allow it.
+#
+# PKCS #5 uses a Cipher, a pass phrase and a salt to generate an encryption key.
+#
+#     pass_phrase = 'my secure pass phrase goes here'
+#     salt = '8 octets'
+#
+# ### Encryption
+#
+# First set up the cipher for encryption
+#
+#     encryptor = OpenSSL::Cipher.new 'AES-256-CBC'
+#     encryptor.encrypt
+#     encryptor.pkcs5_keyivgen pass_phrase, salt
+#
+# Then pass the data you want to encrypt through
+#
+#     encrypted = encryptor.update 'top secret document'
+#     encrypted << encryptor.final
+#
+# ### Decryption
+#
+# Use a new Cipher instance set up for decryption
+#
+#     decryptor = OpenSSL::Cipher.new 'AES-256-CBC'
+#     decryptor.decrypt
+#     decryptor.pkcs5_keyivgen pass_phrase, salt
+#
+# Then pass the data you want to decrypt through
+#
+#     plain = decryptor.update encrypted
+#     plain << decryptor.final
+#
+# ## X509 Certificates
+#
+# ### Creating a Certificate
+#
+# This example creates a self-signed certificate using an RSA key and a SHA1
+# signature.
+#
+#     key = OpenSSL::PKey::RSA.new 2048
+#     name = OpenSSL::X509::Name.parse '/CN=nobody/DC=example'
+#
+#     cert = OpenSSL::X509::Certificate.new
+#     cert.version = 2
+#     cert.serial = 0
+#     cert.not_before = Time.now
+#     cert.not_after = Time.now + 3600
+#
+#     cert.public_key = key.public_key
+#     cert.subject = name
+#
+# ### Certificate Extensions
+#
+# You can add extensions to the certificate with OpenSSL::SSL::ExtensionFactory
+# to indicate the purpose of the certificate.
+#
+#     extension_factory = OpenSSL::X509::ExtensionFactory.new nil, cert
+#
+#     cert.add_extension \
+#       extension_factory.create_extension('basicConstraints', 'CA:FALSE', true)
+#
+#     cert.add_extension \
+#       extension_factory.create_extension(
+#         'keyUsage', 'keyEncipherment,dataEncipherment,digitalSignature')
+#
+#     cert.add_extension \
+#       extension_factory.create_extension('subjectKeyIdentifier', 'hash')
+#
+# The list of supported extensions (and in some cases their possible values) can
+# be derived from the "objects.h" file in the OpenSSL source code.
+#
+# ### Signing a Certificate
+#
+# To sign a certificate set the issuer and use OpenSSL::X509::Certificate#sign
+# with a digest algorithm.  This creates a self-signed cert because we're using
+# the same name and key to sign the certificate as was used to create the
+# certificate.
+#
+#     cert.issuer = name
+#     cert.sign key, OpenSSL::Digest.new('SHA1')
+#
+#     open 'certificate.pem', 'w' do |io| io.write cert.to_pem end
+#
+# ### Loading a Certificate
+#
+# Like a key, a cert can also be loaded from a file.
+#
+#     cert2 = OpenSSL::X509::Certificate.new File.read 'certificate.pem'
+#
+# ### Verifying a Certificate
+#
+# Certificate#verify will return true when a certificate was signed with the
+# given public key.
+#
+#     raise 'certificate can not be verified' unless cert2.verify key
+#
+# ## Certificate Authority
+#
+# A certificate authority (CA) is a trusted third party that allows you to
+# verify the ownership of unknown certificates.  The CA issues key signatures
+# that indicate it trusts the user of that key.  A user encountering the key can
+# verify the signature by using the CA's public key.
+#
+# ### CA Key
+#
+# CA keys are valuable, so we encrypt and save it to disk and make sure it is
+# not readable by other users.
+#
+#     ca_key = OpenSSL::PKey::RSA.new 2048
+#     pass_phrase = 'my secure pass phrase goes here'
+#
+#     cipher = OpenSSL::Cipher.new 'AES-256-CBC'
+#
+#     open 'ca_key.pem', 'w', 0400 do |io|
+#       io.write ca_key.export(cipher, pass_phrase)
+#     end
+#
+# ### CA Certificate
+#
+# A CA certificate is created the same way we created a certificate above, but
+# with different extensions.
+#
+#     ca_name = OpenSSL::X509::Name.parse '/CN=ca/DC=example'
+#
+#     ca_cert = OpenSSL::X509::Certificate.new
+#     ca_cert.serial = 0
+#     ca_cert.version = 2
+#     ca_cert.not_before = Time.now
+#     ca_cert.not_after = Time.now + 86400
+#
+#     ca_cert.public_key = ca_key.public_key
+#     ca_cert.subject = ca_name
+#     ca_cert.issuer = ca_name
+#
+#     extension_factory = OpenSSL::X509::ExtensionFactory.new
+#     extension_factory.subject_certificate = ca_cert
+#     extension_factory.issuer_certificate = ca_cert
+#
+#     ca_cert.add_extension \
+#       extension_factory.create_extension('subjectKeyIdentifier', 'hash')
+#
+# This extension indicates the CA's key may be used as a CA.
+#
+#     ca_cert.add_extension \
+#       extension_factory.create_extension('basicConstraints', 'CA:TRUE', true)
+#
+# This extension indicates the CA's key may be used to verify signatures on both
+# certificates and certificate revocations.
+#
+#     ca_cert.add_extension \
+#       extension_factory.create_extension(
+#         'keyUsage', 'cRLSign,keyCertSign', true)
+#
+# Root CA certificates are self-signed.
+#
+#     ca_cert.sign ca_key, OpenSSL::Digest.new('SHA1')
+#
+# The CA certificate is saved to disk so it may be distributed to all the users
+# of the keys this CA will sign.
+#
+#     open 'ca_cert.pem', 'w' do |io|
+#       io.write ca_cert.to_pem
+#     end
+#
+# ### Certificate Signing Request
+#
+# The CA signs keys through a Certificate Signing Request (CSR).  The CSR
+# contains the information necessary to identify the key.
+#
+#     csr = OpenSSL::X509::Request.new
+#     csr.version = 0
+#     csr.subject = name
+#     csr.public_key = key.public_key
+#     csr.sign key, OpenSSL::Digest.new('SHA1')
+#
+# A CSR is saved to disk and sent to the CA for signing.
+#
+#     open 'csr.pem', 'w' do |io|
+#       io.write csr.to_pem
+#     end
+#
+# ### Creating a Certificate from a CSR
+#
+# Upon receiving a CSR the CA will verify it before signing it.  A minimal
+# verification would be to check the CSR's signature.
+#
+#     csr = OpenSSL::X509::Request.new File.read 'csr.pem'
+#
+#     raise 'CSR can not be verified' unless csr.verify csr.public_key
+#
+# After verification a certificate is created, marked for various usages, signed
+# with the CA key and returned to the requester.
+#
+#     csr_cert = OpenSSL::X509::Certificate.new
+#     csr_cert.serial = 0
+#     csr_cert.version = 2
+#     csr_cert.not_before = Time.now
+#     csr_cert.not_after = Time.now + 600
+#
+#     csr_cert.subject = csr.subject
+#     csr_cert.public_key = csr.public_key
+#     csr_cert.issuer = ca_cert.subject
+#
+#     extension_factory = OpenSSL::X509::ExtensionFactory.new
+#     extension_factory.subject_certificate = csr_cert
+#     extension_factory.issuer_certificate = ca_cert
+#
+#     csr_cert.add_extension \
+#       extension_factory.create_extension('basicConstraints', 'CA:FALSE')
+#
+#     csr_cert.add_extension \
+#       extension_factory.create_extension(
+#         'keyUsage', 'keyEncipherment,dataEncipherment,digitalSignature')
+#
+#     csr_cert.add_extension \
+#       extension_factory.create_extension('subjectKeyIdentifier', 'hash')
+#
+#     csr_cert.sign ca_key, OpenSSL::Digest.new('SHA1')
+#
+#     open 'csr_cert.pem', 'w' do |io|
+#       io.write csr_cert.to_pem
+#     end
+#
+# ## SSL and TLS Connections
+#
+# Using our created key and certificate we can create an SSL or TLS connection.
+# An SSLContext is used to set up an SSL session.
+#
+#     context = OpenSSL::SSL::SSLContext.new
+#
+# ### SSL Server
+#
+# An SSL server requires the certificate and private key to communicate securely
+# with its clients:
+#
+#     context.cert = cert
+#     context.key = key
+#
+# Then create an SSLServer with a TCP server socket and the context.  Use the
+# SSLServer like an ordinary TCP server.
+#
+#     require 'socket'
+#
+#     tcp_server = TCPServer.new 5000
+#     ssl_server = OpenSSL::SSL::SSLServer.new tcp_server, context
+#
+#     loop do
+#       ssl_connection = ssl_server.accept
+#
+#       data = connection.gets
+#
+#       response = "I got #{data.dump}"
+#       puts response
+#
+#       connection.puts "I got #{data.dump}"
+#       connection.close
+#     end
+#
+# ### SSL client
+#
+# An SSL client is created with a TCP socket and the context. SSLSocket#connect
+# must be called to initiate the SSL handshake and start encryption.  A key and
+# certificate are not required for the client socket.
+#
+# Note that SSLSocket#close doesn't close the underlying socket by default. Set
+# SSLSocket#sync_close to true if you want.
+#
+#     require 'socket'
+#
+#     tcp_socket = TCPSocket.new 'localhost', 5000
+#     ssl_client = OpenSSL::SSL::SSLSocket.new tcp_socket, context
+#     ssl_client.sync_close = true
+#     ssl_client.connect
+#
+#     ssl_client.puts "hello server!"
+#     puts ssl_client.gets
+#
+#     ssl_client.close # shutdown the TLS connection and close tcp_socket
+#
+# ### Peer Verification
+#
+# An unverified SSL connection does not provide much security.  For enhanced
+# security the client or server can verify the certificate of its peer.
+#
+# The client can be modified to verify the server's certificate against the
+# certificate authority's certificate:
+#
+#     context.ca_file = 'ca_cert.pem'
+#     context.verify_mode = OpenSSL::SSL::VERIFY_PEER
+#
+#     require 'socket'
+#
+#     tcp_socket = TCPSocket.new 'localhost', 5000
+#     ssl_client = OpenSSL::SSL::SSLSocket.new tcp_socket, context
+#     ssl_client.connect
+#
+#     ssl_client.puts "hello server!"
+#     puts ssl_client.gets
+#
+# If the server certificate is invalid or `context.ca_file` is not set when
+# verifying peers an OpenSSL::SSL::SSLError will be raised.
+module OpenSSL
+  # Returns a Digest subclass by *name*
+  #
+  #     require 'openssl'
+  #
+  #     OpenSSL::Digest("MD5")
+  #     # => OpenSSL::Digest::MD5
+  #
+  #     Digest("Foo")
+  #     # => NameError: wrong constant name Foo
+  #
+  def self.Digest: (String name) -> singleton(Digest)
+
+  def self.debug: () -> bool
+
+  # Turns on or off debug mode. With debug mode, all erros added to the OpenSSL
+  # error queue will be printed to stderr.
+  #
+  def self.debug=: [U] (boolish) -> U
+
+  # See any remaining errors held in queue.
+  #
+  # Any errors you see here are probably due to a bug in Ruby's OpenSSL
+  # implementation.
+  #
+  def self.errors: () -> Array[String]
+
+  def self.fips_mode: () -> bool
+
+  # Turns FIPS mode on or off. Turning on FIPS mode will obviously only have an
+  # effect for FIPS-capable installations of the OpenSSL library. Trying to do so
+  # otherwise will result in an error.
+  #
+  # ### Examples
+  #     OpenSSL.fips_mode = true   # turn FIPS mode on
+  #     OpenSSL.fips_mode = false  # and off again
+  #
+  def self.fips_mode=: [U] (boolish) -> U
+
+  # Constant time memory comparison for fixed length strings, such as results of
+  # HMAC calculations.
+  #
+  # Returns `true` if the strings are identical, `false` if they are of the same
+  # length but not identical. If the length is different, `ArgumentError` is
+  # raised.
+  #
+  def self.fixed_length_secure_compare: (String, String) -> bool
+
+  # Constant time memory comparison. Inputs are hashed using SHA-256 to mask the
+  # length of the secret. Returns `true` if the strings are identical, `false`
+  # otherwise.
+  #
+  #
+  def self.secure_compare: (String a, String b) -> bool
+
+  OPENSSL_FIPS: bool
+
+  OPENSSL_LIBRARY_VERSION: String
+
+  OPENSSL_VERSION: String
+
+  OPENSSL_VERSION_NUMBER: Integer
+
+  VERSION: String
+
+  module ASN1
+    type tagging = :IMPLICIT | :EXPLICIT
+
+    type tag_class = :UNIVERSAL | :CONTEXT_SPECIFIC | :APPLICATION | :PRIVATE
+
+    def self.BMPString: (String value, ?bn tag, ?tagging tagging) -> BMPString
+
+    def self.BitString: (String value, ?bn tag, ?tagging tagging) -> BitString
+
+    def self.Boolean: (boolish value, ?bn tag, ?tagging tagging) -> Boolean
+
+    def self.EndOfContent: () -> EndOfContent
+
+    def self.Enumerated: (bn value, ?bn tag, ?tagging tagging) -> Enumerated
+
+    def self.GeneralString: (String value, ?bn tag, ?tagging tagging) -> GeneralString
+
+    def self.GeneralizedTime: (::Time value, ?bn tag, ?tagging tagging) -> GeneralizedTime
+
+    def self.GraphicString: (String value, ?bn tag, ?tagging tagging) -> GraphicString
+
+    def self.IA5String: (String value, ?bn tag, ?tagging tagging) -> IA5String
+
+    def self.ISO64String: (String value, ?bn tag, ?tagging tagging) -> ISO64String
+
+    def self.Integer: (bn value, ?bn tag, ?tagging tagging) -> Integer
+
+    def self.Null: (nil) -> Null
+
+    def self.NumericString: (String value, ?bn tag, ?tagging tagging) -> NumericString
+
+    def self.ObjectId: (String value, ?bn tag, ?tagging tagging) -> ObjectId
+
+    def self.OctetString: (String value, ?bn tag, ?tagging tagging) -> OctetString
+
+    def self.PrintableString: (String value, ?bn tag, ?tagging tagging) -> PrintableString
+
+    def self.Sequence: (Array[ASN1Data] value, ?bn tag, ?tagging tagging) -> Sequence
+
+    def self.Set: (Array[ASN1Data] value, ?bn tag, ?tagging tagging) -> Set
+
+    def self.T61String: (String value, ?bn tag, ?tagging tagging) -> T61String
+
+    def self.UTCTime: (::Time value, ?bn tag, ?tagging tagging) -> UTCTime
+
+    def self.UTF8String: (String value, ?bn tag, ?tagging tagging) -> UTF8String
+
+    def self.UniversalString: (String value, ?bn tag, ?tagging tagging) -> UniversalString
+
+    def self.VideotexString: (String value, ?bn tag, ?tagging tagging) -> VideotexString
+
+    def self.decode: (String | _ToDer der) -> ASN1Data
+
+    def self.decode_all: (String | _ToDer der) -> Array[ASN1Data]
+
+    def self.traverse: (String | _ToDer der) { (::Integer, ::Integer, ::Integer, ::Integer, bool, tag_class, ::Integer) -> void } -> void
+
+    BIT_STRING: Integer
+
+    BMPSTRING: Integer
+
+    BOOLEAN: Integer
+
+    CHARACTER_STRING: Integer
+
+    EMBEDDED_PDV: Integer
+
+    ENUMERATED: Integer
+
+    EOC: Integer
+
+    EXTERNAL: Integer
+
+    GENERALIZEDTIME: Integer
+
+    GENERALSTRING: Integer
+
+    GRAPHICSTRING: Integer
+
+    IA5STRING: Integer
+
+    INTEGER: Integer
+
+    ISO64STRING: Integer
+
+    NULL: Integer
+
+    NUMERICSTRING: Integer
+
+    OBJECT: Integer
+
+    OBJECT_DESCRIPTOR: Integer
+
+    OCTET_STRING: Integer
+
+    PRINTABLESTRING: Integer
+
+    REAL: Integer
+
+    RELATIVE_OID: Integer
+
+    SEQUENCE: Integer
+
+    SET: Integer
+
+    T61STRING: Integer
+
+    UNIVERSALSTRING: Integer
+
+    UNIVERSAL_TAG_NAME: Array[untyped]
+
+    UTCTIME: Integer
+
+    UTF8STRING: Integer
+
+    VIDEOTEXSTRING: Integer
+
+    interface _ToDer
+      def to_der: () -> String
+    end
+
+    class ASN1Data
+      public
+
+      def indefinite_length: () -> bool
+
+      def indefinite_length=: [U] (boolish) -> U
+
+      alias infinite_length indefinite_length
+
+      alias infinite_length= indefinite_length=
+
+      def tag: () -> bn
+
+      def tag=: (::Integer) -> ::Integer
+              | (BN) -> BN
+
+      def tag_class: () -> tag_class
+
+      def tag_class=: (tag_class) -> tag_class
+
+      def to_der: () -> String
+
+      def value: () -> untyped
+
+      def value=: (untyped) -> untyped
+
+      private
+
+      def initialize: (untyped value, ::Integer tag, tag_class tag_class) -> void
+    end
+
+    class ASN1Error < OpenSSL::OpenSSLError
+    end
+
+    class BMPString < OpenSSL::ASN1::Primitive
+    end
+
+    class BitString < OpenSSL::ASN1::Primitive
+      public
+
+      def unused_bits: () -> ::Integer
+
+      def unused_bits=: (::Integer) -> ::Integer
+
+      def value: () -> String
+
+      def value=: (String) -> String
+    end
+
+    class Boolean < OpenSSL::ASN1::Primitive
+      def value: () -> bool
+
+      def value=: [U] (boolish) -> U
+    end
+
+    class Constructive < OpenSSL::ASN1::ASN1Data
+      include Enumerable[ASN1Data]
+
+      public
+
+      def each: () ?{ (ASN1Data) -> void }-> self
+
+      def tagging: () -> tagging?
+
+      def tagging=: (tagging) -> tagging
+
+      def to_der: () -> String
+
+      private
+
+      def initialize: (Array[ASN1Data]) -> void
+    end
+
+    class EndOfContent < OpenSSL::ASN1::ASN1Data
+      public
+
+      def to_der: () -> String
+
+      private
+
+      def initialize: () -> void
+    end
+
+    class Enumerated < OpenSSL::ASN1::Primitive
+      def value: () -> ::Integer
+
+      def value=: (::Integer) -> ::Integer
+    end
+
+    class GeneralString < OpenSSL::ASN1::Primitive
+      def value: () -> String
+
+      def value=: (String) -> String
+    end
+
+    class GeneralizedTime < OpenSSL::ASN1::Primitive
+      def value: () -> Time
+
+      def value=: (Time) -> Time
+    end
+
+    class GraphicString < OpenSSL::ASN1::Primitive
+      def value: () -> String
+
+      def value=: (String) -> String
+    end
+
+    class IA5String < OpenSSL::ASN1::Primitive
+      def value: () -> String
+
+      def value=: (String) -> String
+    end
+
+    class ISO64String < OpenSSL::ASN1::Primitive
+      def value: () -> String
+
+      def value=: (String) -> String
+    end
+
+    class Integer < OpenSSL::ASN1::Primitive
+      def value: () -> ::Integer
+
+      def value=: (::Integer) -> ::Integer
+    end
+
+    class Null < OpenSSL::ASN1::Primitive
+      def value: () -> nil
+
+      def value=: (nil) -> nil
+    end
+
+    class NumericString < OpenSSL::ASN1::Primitive
+      def value: () -> String
+
+      def value=: (String) -> String
+    end
+
+    class ObjectId < OpenSSL::ASN1::Primitive
+      def self.register: (String object_id, String short_name, String ong_name) -> bool
+
+      def value: () -> String
+
+      def value=: (String) -> String
+
+      public
+
+      def ==: (ObjectId other) -> bool
+
+      def ln: () -> String?
+
+      alias long_name ln
+
+      def oid: () -> String
+
+      alias short_name sn
+
+      def sn: () -> String?
+    end
+
+    class OctetString < OpenSSL::ASN1::Primitive
+      def value: () -> String
+
+      def value=: (String) -> String
+    end
+
+    class Primitive < OpenSSL::ASN1::ASN1Data
+      public
+
+      def tagging: () -> tagging?
+
+      def tagging=: (tagging) -> tagging
+
+      def to_der: () -> String
+
+      private
+
+      def initialize: (untyped value, ?Integer tag, ?tagging tagging) -> void
+    end
+
+    class PrintableString < OpenSSL::ASN1::Primitive
+      def value: () -> String
+
+      def value=: (String) -> String
+    end
+
+    class Sequence < OpenSSL::ASN1::Constructive
+      def value: () -> Array[ASN1Data]
+
+      def value=: (Array[ASN1Data]) -> Array[ASN1Data]
+    end
+
+    class Set < OpenSSL::ASN1::Constructive
+    end
+
+    class T61String < OpenSSL::ASN1::Primitive
+      def value: () -> String
+
+      def value=: (String) -> String
+    end
+
+    class UTCTime < OpenSSL::ASN1::Primitive
+      def value: () -> Time
+
+      def value=: (Time) -> Time
+    end
+
+    class UTF8String < OpenSSL::ASN1::Primitive
+      def value: () -> String
+
+      def value=: (String) -> String
+    end
+
+    class UniversalString < OpenSSL::ASN1::Primitive
+      def value: () -> String
+
+      def value=: (String) -> String
+    end
+
+    class VideotexString < OpenSSL::ASN1::Primitive
+      def value: () -> String
+
+      def value=: (String) -> String
+    end
+  end
+
+  type bn = BN | ::Integer
+
+  class BN
+    include Comparable
+
+    def self.generate_prime: (::Integer bits, ?boolish safe, ?bn add, ?bn rem) -> instance
+
+    def self.pseudo_rand: (*untyped) -> untyped
+
+    def self.pseudo_rand_range: (untyped) -> untyped
+
+    def self.rand: (*untyped) -> untyped
+
+    def self.rand_range: (untyped) -> untyped
+
+    public
+
+    def %: (int) -> instance
+
+    def *: (int) -> instance
+
+    def **: (int) -> instance
+
+    def +: (int) -> instance
+
+    def +@: () -> instance
+
+    def -: (int) -> instance
+
+    def -@: () -> instance
+
+    def /: (int) -> [instance, instance]
+
+    def <<: (int) -> instance
+
+    alias <=> cmp
+
+    def ==: (untyped) -> bool
+
+    alias === ==
+
+    def >>: (int) -> int
+
+    def bit_set?: (int) -> bool
+
+    def clear_bit!: (int) -> void
+
+    def cmp: (Integer) -> Integer
+
+    def coerce: (::Integer) -> Array[Integer]
+              | (BN) -> Array[BN]
+
+    def copy: (int) -> instance
+
+    def eql?: (untyped other) -> bool
+
+    def gcd: (int) -> instance
+
+    def hash: () -> Integer
+
+    def lshift!: (int bits) -> self
+
+    def mask_bits!: (int) -> void
+
+    def mod_add: (int, int) -> instance
+
+    def mod_exp: (int, int) -> instance
+
+    def mod_inverse: (int) -> instance
+
+    def mod_mul: (int, int) -> instance
+
+    def mod_sqr: (int) -> instance
+
+    def mod_sub: (int, int) -> instance
+
+    def negative?: () -> bool
+
+    def num_bits: () -> ::Integer
+
+    def num_bytes: () -> ::Integer
+
+    def odd?: () -> bool
+
+    def one?: () -> bool
+
+    def pretty_print: (untyped q) -> untyped
+
+    def prime?: (?int checks) -> bool
+
+    def prime_fasttest?: (?int checks, ?int trial_div) -> bool
+
+    def rshift!: (int bits) -> self
+
+    def set_bit!: (int bit) -> self
+
+    def sqr: () -> instance
+
+    def to_bn: () -> self
+
+    def to_i: () -> ::Integer
+
+    alias to_int to_i
+
+    def to_s: () -> String
+            | (0) -> String
+            | (2) -> String
+            | (10) -> String
+            | (16) -> String
+            | (int base) -> String
+
+    def ucmp: (int bn2) -> ::Integer
+
+    def zero?: () -> bool
+
+    private
+
+    def initialize: (instance) -> void
+                  | (int) -> void
+                  | (String) -> void
+                  | (String, 0 | 2 | 10 | 16) -> void
+
+    def initialize_copy: (instance other) -> instance
+  end
+
+  class BNError < OpenSSL::OpenSSLError
+  end
+
+  module Buffering
+    include Enumerable[untyped]
+
+    public
+
+    def <<: (String s) -> self
+
+    def close: () -> void
+
+    def each: (?String eol) ?{ (String) -> void } -> void
+
+    def each_byte: () ?{ (Integer) -> void } -> void
+
+    alias each_line each
+
+    alias eof eof?
+
+    def eof?: () -> bool
+
+    def flush: () -> self
+
+    def getc: () -> String?
+
+    def gets: (?(String | Regexp) eol, ?Integer limit) -> String?
+
+    def print: (*untyped args) -> nil
+
+    def printf: (String format_string, *untyped args) -> nil
+
+    def puts: (*untyped args) -> nil
+
+    def read: (?Integer? size, ?String buf) -> String?
+
+    def read_nonblock: (Integer maxlen, ?String buf, ?exception: true) -> String
+                     | (Integer maxlen, ?String buf, exception: false) -> (String | :wait_writable | :wait_readable | nil)
+
+    def readchar: () -> String
+
+    def readline: (?String eol) -> String
+
+    def readlines: (?String eol) -> ::Array[String]
+
+    def readpartial: (Integer maxlen, ?String buf) -> String
+
+    def sync: () -> bool
+
+    def sync=: (boolish) -> void
+
+    def ungetc: (String c) -> String
+
+    def write: (*_ToS s) -> Integer
+
+    def write_nonblock: (_ToS s, ?exception: true) -> Integer
+                      | (_ToS s, exception: false) -> (Integer | :wait_writable | :wait_readable | nil)
+
+    private
+
+    def consume_rbuff: (?untyped size) -> untyped
+
+    def do_write: (untyped s) -> untyped
+
+    def fill_rbuff: () -> untyped
+
+    BLOCK_SIZE: Integer
+
+    class Buffer < String
+      BINARY: Encoding
+
+      def <<: (String string) -> self
+
+      alias concat <<
+    end
+  end
+
+  class Cipher
+    def self.ciphers: () -> Array[String]
+
+    public
+
+    def auth_data=: (String) -> String
+
+    def auth_tag: (?Integer tag_len) -> String
+
+    def auth_tag=: (String) -> String
+
+    def auth_tag_len=: (Integer) -> Integer
+
+    def authenticated?: () -> bool
+
+    def block_size: () -> Integer
+
+    def decrypt: () -> self
+
+    def encrypt: () -> self
+
+    def final: () -> String
+
+    def iv=: (String iv) -> String
+
+    def iv_len: () -> Integer
+
+    def iv_len=: (Integer) -> Integer
+
+    def key=: (String key) -> String
+
+    def key_len: () -> Integer
+
+    def key_len=: (Integer) -> Integer
+
+    def name: () -> String
+
+    def padding=: (Integer) -> Integer
+
+    def pkcs5_keyivgen: (String pass, ?String salt, ?Integer iterations, ?String digest) -> void
+
+    def random_iv: () -> String
+
+    def random_key: () -> String
+
+    def reset: () -> self
+
+    def update: (String data, ?String buffer) -> String
+
+    private
+
+    def ciphers: () -> Array[String]
+
+    def initialize: (String cipher_name) -> void
+
+    def initialize_copy: (untyped) -> untyped
+
+    class AES < OpenSSL::Cipher
+      private
+
+      def initialize: (*_ToS args) -> void
+    end
+
+    class AES128 < OpenSSL::Cipher
+      private
+
+      def initialize: (?_ToS mode) -> void
+    end
+
+    class AES192 < OpenSSL::Cipher
+      private
+
+      def initialize: (?_ToS mode) -> void
+    end
+
+    class AES256 < OpenSSL::Cipher
+      private
+
+      def initialize: (?_ToS mode) -> void
+    end
+
+    class BF < OpenSSL::Cipher
+      private
+
+      def initialize: (*_ToS args) -> void
+    end
+
+    class CAST5 < OpenSSL::Cipher
+      private
+
+      def initialize: (*_ToS args) -> void
+    end
+
+    class Cipher < OpenSSL::Cipher
+    end
+
+    class CipherError < OpenSSL::OpenSSLError
+    end
+
+    class DES < OpenSSL::Cipher
+      private
+
+      def initialize: (*_ToS args) -> void
+    end
+
+    class IDEA < OpenSSL::Cipher
+      private
+
+      def initialize: (*_ToS args) -> void
+    end
+
+    class RC2 < OpenSSL::Cipher
+      private
+
+      def initialize: (*_ToS args) -> void
+    end
+
+    class RC4 < OpenSSL::Cipher
+      private
+
+      def initialize: (*_ToS args) -> void
+    end
+
+    class RC5 < OpenSSL::Cipher
+      private
+
+      def initialize: (*_ToS args) -> void
+    end
+  end
+
+  class Config
+    include Enumerable[[String, String, String]]
+
+    def self.load: (?_ToS filename) -> instance
+
+    def self.parse: (String string) -> instance
+
+    def self.parse_config: (IO io) -> Hash[String, Hash[String, String]]
+
+    public
+
+    def []: (String section) -> Hash[String, String]
+
+    def []=: (String section, _Each[[String, String]] pairs) -> _Each[[String, String]]
+
+    def add_value: (String section, untyped key, untyped value) -> untyped
+
+    def each: () { ([String, String, String] args0) -> void } -> self
+
+    def get_value: (String section, String key) -> String?
+
+    def inspect: () -> String
+
+    def section: (String name) -> Hash[String, String]
+
+    def sections: () -> Array[String]
+
+    def to_s: () -> String
+
+    private
+
+    def initialize: (?_ToS filename) -> void
+
+    def initialize_copy: (instance other) -> void
+
+    DEFAULT_CONFIG_FILE: String
+  end
+
+  class ConfigError < OpenSSL::OpenSSLError
+  end
+
+  class Digest
+    def self.digest: (String name, String data) -> String
+
+    public
+
+    alias << update
+
+    def block_length: () -> Integer
+
+    def digest: () -> String
+
+    def digest_length: () -> Integer
+
+    def hexdigest: () -> String
+
+    def name: () -> String
+
+    def reset: () -> self
+
+    def update: (String data) -> self
+
+    private
+
+    def finish: (*untyped) -> untyped
+
+    def initialize: (String name, ?String data) -> void
+
+    def initialize_copy: (instance) -> void
+
+    class Digest < OpenSSL::Digest
+    end
+
+    class DigestError < OpenSSL::OpenSSLError
+    end
+
+    class MD4 < OpenSSL::Digest
+      def self.digest: (String data) -> String
+
+      def self.hexdigest: (String data) -> String
+
+      private
+
+      def initialize: (?String data) -> void
+    end
+
+    class MD5 < OpenSSL::Digest
+      def self.digest: (String data) -> String
+
+      def self.hexdigest: (String data) -> String
+
+      private
+
+      def initialize: (?String data) -> void
+    end
+
+    class RIPEMD160 < OpenSSL::Digest
+      def self.digest: (String data) -> String
+
+      def self.hexdigest: (String data) -> String
+
+      private
+
+      def initialize: (?String data) -> void
+    end
+
+    class SHA1 < OpenSSL::Digest
+      def self.digest: (String data) -> String
+
+      def self.hexdigest: (String data) -> String
+
+      private
+
+      def initialize: (?String data) -> void
+    end
+
+    class SHA224 < OpenSSL::Digest
+      def self.digest: (String data) -> String
+
+      def self.hexdigest: (String data) -> String
+
+      private
+
+      def initialize: (?String data) -> void
+    end
+
+    class SHA256 < OpenSSL::Digest
+      def self.digest: (String data) -> String
+
+      def self.hexdigest: (String data) -> String
+
+      private
+
+      def initialize: (?String data) -> void
+    end
+
+    class SHA384 < OpenSSL::Digest
+      def self.digest: (String data) -> String
+
+      def self.hexdigest: (String data) -> String
+
+      private
+
+      def initialize: (?String data) -> void
+    end
+
+    class SHA512 < OpenSSL::Digest
+      def self.digest: (String data) -> String
+
+      def self.hexdigest: (String data) -> String
+
+      private
+
+      def initialize: (?String data) -> void
+    end
+  end
+
+  class Engine
+    def self.by_id: (String name) -> instance
+
+    def self.cleanup: () -> void
+
+    def self.engines: () -> Array[instance]
+
+    def self.load: (?String name) -> (true | nil)
+
+    public
+
+    def cipher: (String cipher) -> Cipher
+
+    def cmds: () -> Array[[String, String, String]]
+
+    def ctrl_cmd: (String cmd, ?String value) -> self
+
+    def digest: (String digest) -> Digest
+
+    def finish: () -> nil
+
+    def id: () -> String
+
+    def inspect: () -> String
+
+    def load_private_key: (?String id, ?String data) -> PKey::PKey
+
+    def load_public_key: (?String id, ?String data) -> PKey::PKey
+
+    def name: () -> String
+
+    def set_default: (Integer flag) -> bool
+
+    METHOD_ALL: Integer
+
+    METHOD_CIPHERS: Integer
+
+    METHOD_DH: Integer
+
+    METHOD_DIGESTS: Integer
+
+    METHOD_DSA: Integer
+
+    METHOD_NONE: Integer
+
+    METHOD_RAND: Integer
+
+    METHOD_RSA: Integer
+
+    class EngineError < OpenSSL::OpenSSLError
+    end
+  end
+
+  module ExtConfig
+    HAVE_TLSEXT_HOST_NAME: bool
+
+    OPENSSL_NO_SOCK: bool
+  end
+
+  class HMAC
+    def self.digest: (String algo, String key, String data) -> String
+
+    def self.hexdigest: (String algo, String key, String data) -> String
+
+    public
+
+    alias << update
+
+    def ==: (instance other) -> bool
+
+    def digest: () -> String
+
+    def hexdigest: () -> String
+
+    alias inspect hexdigest
+
+    def reset: () -> self
+
+    alias to_s hexdigest
+
+    def update: (String data) -> self
+
+    private
+
+    def initialize: (String key, Digest digest) -> void
+
+    def initialize_copy: (instance) -> void
+  end
+
+  class HMACError < OpenSSL::OpenSSLError
+  end
+
+  module KDF
+    def self.hkdf: (String ikm, salt: String, info: String, length: Integer, hash: String) -> String
+
+    def self.pbkdf2_hmac: (String pass, salt: String, iterations: Integer, length: Integer, hash: String | Digest) -> String
+
+    def self.scrypt: (String pass, salt: String, N: Integer, r: Integer, p: Integer, length: Integer) -> String
+
+    private
+
+    def hkdf: (*untyped) -> untyped
+
+    def pbkdf2_hmac: (*untyped) -> untyped
+
+    def scrypt: (*untyped) -> untyped
+
+    class KDFError < OpenSSL::OpenSSLError
+    end
+  end
+
+  module Marshal
+    def self.included: (untyped base) -> untyped
+
+    public
+
+    def _dump: (untyped _level) -> untyped
+
+    module ClassMethods
+      public
+
+      def _load: (untyped string) -> untyped
+    end
+  end
+
+  module Netscape
+    class SPKI
+      public
+
+      def challenge: () -> String
+
+      def challenge=: (String) -> String
+
+      def public_key: () -> PKey::PKey
+
+      def public_key=: (PKey::PKey) -> PKey::PKey
+
+      def sign: (PKey::PKey key, Digest digest) -> instance
+
+      def to_der: () -> String
+
+      def to_pem: () -> String
+
+      alias to_s to_pem
+
+      def to_text: () -> String
+
+      def verify: (PKey::PKey key) -> bool
+
+      private
+
+      def initialize: (?String request) -> void
+    end
+
+    class SPKIError < OpenSSL::OpenSSLError
+    end
+  end
+
+  module OCSP
+    NOCASIGN: Integer
+
+    NOCERTS: Integer
+
+    NOCHAIN: Integer
+
+    NOCHECKS: Integer
+
+    NODELEGATED: Integer
+
+    NOEXPLICIT: Integer
+
+    NOINTERN: Integer
+
+    NOSIGS: Integer
+
+    NOTIME: Integer
+
+    NOVERIFY: Integer
+
+    RESPID_KEY: Integer
+
+    RESPONSE_STATUS_INTERNALERROR: Integer
+
+    RESPONSE_STATUS_MALFORMEDREQUEST: Integer
+
+    RESPONSE_STATUS_SIGREQUIRED: Integer
+
+    RESPONSE_STATUS_SUCCESSFUL: Integer
+
+    RESPONSE_STATUS_TRYLATER: Integer
+
+    RESPONSE_STATUS_UNAUTHORIZED: Integer
+
+    REVOKED_STATUS_AFFILIATIONCHANGED: Integer
+
+    REVOKED_STATUS_CACOMPROMISE: Integer
+
+    REVOKED_STATUS_CERTIFICATEHOLD: Integer
+
+    REVOKED_STATUS_CESSATIONOFOPERATION: Integer
+
+    REVOKED_STATUS_KEYCOMPROMISE: Integer
+
+    REVOKED_STATUS_NOSTATUS: Integer
+
+    REVOKED_STATUS_REMOVEFROMCRL: Integer
+
+    REVOKED_STATUS_SUPERSEDED: Integer
+
+    REVOKED_STATUS_UNSPECIFIED: Integer
+
+    TRUSTOTHER: Integer
+
+    V_CERTSTATUS_GOOD: Integer
+
+    V_CERTSTATUS_REVOKED: Integer
+
+    V_CERTSTATUS_UNKNOWN: Integer
+
+    V_RESPID_KEY: Integer
+
+    V_RESPID_NAME: Integer
+
+    type ocsp_status = Integer
+
+    class BasicResponse
+      public
+
+      def add_nonce: (?String nonce) -> self
+
+      def add_status: (CertificateId certificate_id, ocsp_status status, Integer? reason, Integer? revocation_time, ?(Integer | Time) this_update, ?(Integer | Time) next_update, ?Array[X509::Extension] extensions) -> self
+
+      def copy_nonce: (Request request) -> Integer
+
+      def find_response: (CertificateId certificate_id) -> SingleResponse?
+
+      def responses: () -> Array[SingleResponse]
+
+      def sign: (X509::Certificate cert, PKey::PKey key, ?Array[X509::Certificate] certs, ?Integer flags, ?Digest digest) -> self
+
+      def status: () -> Integer
+
+      def to_der: () -> String
+
+      def verify: (Array[X509::Certificate] certs, X509::Store store, ?Integer flags) -> bool
+
+      private
+
+      def initialize: (?String der) -> void
+
+      def initialize_copy: (instance) -> void
+    end
+
+    class CertificateId
+      public
+
+      def cmp: (instance other) -> bool
+
+      def cmp_issuer: (instance other) -> bool
+
+      def hash_algorithm: () -> String
+
+      def issuer_key_hash: () -> String
+
+      def issuer_name_hash: () -> String
+
+      def serial: () -> Integer
+
+      def to_der: () -> String
+
+      private
+
+      def initialize: (String | ASN1::_ToDer der) -> void
+                    | (X509::Certificate subject, X509::Certificate issuer, ?Digest digest) -> void
+
+      def initialize_copy: (instance) -> void
+    end
+
+    class OCSPError < OpenSSL::OpenSSLError
+    end
+
+    class Request
+      public
+
+      def add_certid: (CertificateId certificate_id) -> self
+
+      def add_nonce: (?String nonce) -> self
+
+      def certid: () -> Array[CertificateId]
+
+      def check_nonce: (Response response) -> (-1 | 0 | 1 | 2 | 3)
+
+      def sign: (X509::Certificate cert, PKey::PKey key, ?Array[X509::Certificate] certs, ?Integer flags, ?Digest digest) -> self
+
+      def signed?: () -> bool
+
+      def to_der: () -> String
+
+      def verify: (Array[X509::Certificate] certs, X509::Store store, ?Integer flags) -> bool
+
+      private
+
+      def initialize: (?String der) -> void
+
+      def initialize_copy: (instance) -> void
+    end
+
+    class Response
+      def self.create: (Integer status, ?BasicResponse response) -> instance
+
+      public
+
+      def basic: () -> BasicResponse?
+
+      def status: () -> Integer
+
+      def status_string: () -> String
+
+      def to_der: () -> String
+
+      private
+
+      def initialize: (?String der) -> void
+
+      def initialize_copy: (instance) -> void
+    end
+
+    class SingleResponse
+      public
+
+      def cert_status: () -> ocsp_status
+
+      def certid: () -> CertificateId
+
+      def check_validity: (?Integer nsec, ?Integer maxsec) -> bool
+
+      def extensions: () -> Array[X509::Certificate]
+
+      def next_update: () -> Time?
+
+      def revocation_reason: () -> Integer?
+
+      def revocation_time: () -> Time?
+
+      def this_update: () -> Time
+
+      def to_der: () -> String
+
+      private
+
+      def initialize: (String der) -> void
+
+      def initialize_copy: (instance) -> void
+    end
+  end
+
+  class OpenSSLError < StandardError
+  end
+
+  class PKCS12
+    def self.create: (String pass, String name, PKey::PKey key, X509::Certificate cert, ?Array[X509::Certificate]? ca, ?String? key_pbe, ?String? cert_pbe, ?Integer? key_iter, ?Integer? mac_iter, ?Integer? keytype) -> instance
+
+    public
+
+    def ca_certs: () -> Array[X509::Certificate]?
+
+    def certificate: () -> X509::Certificate
+
+    def key: () -> PKey::PKey
+
+    def to_der: () -> String
+
+    private
+
+    def initialize: (?String der, ?String pass) -> void
+
+    def initialize_copy: (instance) -> void
+
+    class PKCS12Error < OpenSSL::OpenSSLError
+    end
+  end
+
+  module PKCS5
+    def self.pbkdf2_hmac: (String pass, String salt, Integer iter, Integer keylen, String | Digest digest) -> String
+
+    def self.pbkdf2_hmac_sha1: (String pass, String salt, Integer iter, Integer keylen) -> String
+
+    private
+
+    def pbkdf2_hmac: (untyped pass, untyped salt, untyped iter, untyped keylen, untyped digest) -> untyped
+
+    def pbkdf2_hmac_sha1: (untyped pass, untyped salt, untyped iter, untyped keylen) -> untyped
+  end
+
+  class PKCS7
+    def self.encrypt: (X509::Certificate certs, String data, ?Cipher cipher, ?Integer flags) -> instance
+
+    def self.read_smime: (String ) -> instance
+
+    def self.sign: (X509::Certificate certs,PKey::PKey key, String data, ?OpenSSL::Cipher cipher, ?Integer flags) -> instance
+
+    def self.write_smime: (instance pkcs7, ?String data, ?Integer flags) -> String
+
+    public
+
+    def add_certificate: (X509::Certificate cert) -> self
+
+    def add_crl: (X509::CRL crl) -> self
+
+    def add_data: (String data) -> self
+
+    def add_recipient: (RecipientInfo recipient) -> self
+
+    def add_signer: (SignerInfo signer) -> self
+
+    def certificates: () -> Array[X509::Certificate]?
+
+    def certificates=: (Array[X509::Certificate]) -> self
+
+    def cipher=: (Cipher cipher) -> self
+
+    def crls: () -> Array[X509::CRL]?
+
+    def crls=: (Array[X509::CRL]) -> self
+
+    def data: () -> String?
+
+    alias data= add_data
+
+    def decrypt: (PKey::PKey p1, ?PKey::PKey p2, ?PKey::PKey p3) -> String
+
+    def detached: () -> bool
+
+    def detached=: [U] (boolish) -> U
+
+    def detached?: () -> bool
+
+    def error_string: () -> String?
+
+    def error_string=: (String) -> String
+
+    def recipients: () -> Array[RecipientInfo]
+
+    def signers: () -> Array[SignerInfo]
+
+    def to_der: () -> String
+
+    def to_pem: () -> String
+
+    alias to_s to_pem
+
+    def type: () -> String?
+
+    def type=: (String) -> String
+
+    def verify: (PKey::PKey p1, PKey::PKey p2, ?PKey::PKey p3, ?PKey::PKey p4) -> bool
+
+    private
+
+    def initialize: (?String der) -> void
+
+    def initialize_copy: (instance) -> untyped
+
+    BINARY: Integer
+
+    DETACHED: Integer
+
+    NOATTR: Integer
+
+    NOCERTS: Integer
+
+    NOCHAIN: Integer
+
+    NOINTERN: Integer
+
+    NOSIGS: Integer
+
+    NOSMIMECAP: Integer
+
+    NOVERIFY: Integer
+
+    TEXT: Integer
+
+    class PKCS7Error < OpenSSL::OpenSSLError
+    end
+
+    class RecipientInfo
+      public
+
+      def enc_key: () -> PKey::PKey
+
+      def issuer: () -> X509::Name
+
+      def serial: () -> Integer
+
+      private
+
+      def initialize: (X509::Certificate certificate) -> void
+    end
+
+    class SignerInfo
+      public
+
+      def issuer: () -> X509::Name
+
+      def serial: () -> Integer
+
+      def signed_time: () -> Time?
+
+      private
+
+      def initialize: (X509::Certificate certificate, PKey::PKey key, Digest digest) -> void
+    end
+  end
+
+  module PKey
+    def self?.read: (String | IO pem, ?String password) -> PKey
+
+    class DH < OpenSSL::PKey::PKey
+      include OpenSSL::Marshal
+
+      extend OpenSSL::Marshal::ClassMethods
+
+      def self.generate: (Integer size, ?Integer generator) -> instance
+
+      public
+
+      def compute_key: (bn pub_bn) -> String
+
+      def export: () -> String
+
+      def g: () -> BN?
+
+      def generate_key!: () -> self
+
+      def p: () -> BN
+
+      def params: () -> Hash[String, BN]
+
+      def params_ok?: () -> bool
+
+      def priv_key: () -> BN
+
+      def private?: () -> bool
+
+      def pub_key: () -> BN
+
+      def public?: () -> bool
+
+      def public_key: () -> instance
+
+      def q: () -> BN
+
+      def set_key: (bn pub_key, bn? priv_key) -> self
+
+      def set_pqg: (bn p, bn q, bn g) -> self
+
+      def to_der: () -> String
+
+      alias to_pem export
+
+      alias to_s export
+
+      def to_text: () -> String
+
+      private
+
+      def initialize: (Integer size, ?Integer generator) -> void
+                    | (String pem) -> void
+                    | () -> void
+
+      def initialize_copy: (instance) -> void
+    end
+
+    class DHError < OpenSSL::PKey::PKeyError
+    end
+
+    class DSA < OpenSSL::PKey::PKey
+      include OpenSSL::Marshal
+
+      extend OpenSSL::Marshal::ClassMethods
+
+      def self.generate: (Integer size) -> instance
+
+      public
+
+      def export: (String cipher, String password) -> String
+                | () -> String
+
+      def g: () -> BN
+
+      def p: () -> BN
+
+      def params: () -> Hash[String, BN]
+
+      def priv_key: () -> BN
+
+      def private?: () -> bool
+
+      def pub_key: () -> BN
+
+      def public?: () -> bool
+
+      def public_key: () -> instance
+
+      def q: () -> BN
+
+      def set_key: (bn pub_key, bn? priv_key) -> self
+
+      def set_pqg: (bn p, bn q, bn g) -> self
+
+      def syssign: (String digest) -> String
+
+      def sysverify: (String digest, String data) -> bool
+
+      def to_der: () -> String
+
+      alias to_pem export
+
+      alias to_s export
+
+      def to_text: () -> String
+
+      private
+
+      def initialize: (String pem, ?String pass) -> void
+                    | (?Integer size) -> void
+
+      def initialize_copy: (instance) -> void
+    end
+
+    class DSAError < OpenSSL::PKey::PKeyError
+    end
+
+    class EC < OpenSSL::PKey::PKey
+      include OpenSSL::Marshal
+
+      extend OpenSSL::Marshal::ClassMethods
+
+      def self.builtin_curves: () -> Array[[String, String]]
+
+      def self.generate: (String | Group pem_or_der_or_group_or_curve_name) -> instance
+
+      public
+
+      def check_key: () -> true
+
+      def dh_compute_key: (Point public_key) -> String
+
+      def dsa_sign_asn1: (String digest) -> String
+
+      def dsa_verify_asn1: (String digest, String signature) -> bool
+
+      def export: (String cipher, String password) -> String
+                | () -> String
+
+      alias generate_key generate_key!
+
+      def generate_key!: () -> self
+
+      def group: () -> Group?
+
+      def group=: (Group) -> Group
+
+      def private?: () -> bool
+
+      def private_key: () -> BN?
+
+      def private_key=: (bn priv_key) -> self
+
+      alias private_key? private?
+
+      def public?: () -> bool
+
+      def public_key: () -> Point?
+
+      def public_key=: (bn priv_key) -> self
+
+      alias public_key? public?
+
+      def to_der: () -> String
+
+      alias to_pem export
+
+      def to_text: () -> String
+
+      private
+
+      def initialize: (instance ec_key) -> void
+                    | (Group group) -> void
+                    | (String pem_or_der_or_curve, ?String pass) -> void
+
+      def initialize_copy: (instance) -> void
+
+      EXPLICIT_CURVE: Integer
+
+      NAMED_CURVE: Integer
+
+      type ec_method = :GFp_simple | :GFp_mont | :GFp_nist | :GF2m_simple
+
+      type point_conversion_format = :compressed | :uncompressed | :hybrid
+
+      class Group
+        public
+
+        alias == eql?
+
+        def asn1_flag: () -> Integer
+
+        def asn1_flag=: (Integer) -> Integer
+
+        def cofactor: () -> BN
+
+        def curve_name: () -> String
+
+        def degree: () -> Integer
+
+        def eql?: (instance other) -> bool
+
+        def generator: () -> Point?
+
+        def order: () -> BN
+
+        def point_conversion_form: () -> point_conversion_format
+
+        def point_conversion_form=: (point_conversion_format format) -> point_conversion_format
+
+        def seed: () -> String?
+
+        def seed=: (String seed) -> String
+
+        def set_generator: ( Point generator, Integer order, Integer cofactor) -> self
+
+        def to_der: () -> String
+
+        def to_pem: () -> String
+
+        def to_text: () -> String
+
+        private
+
+        def initialize: (instance group) -> void
+                      | (String pem_or_der_encoded) -> void
+                      | (ec_method ec_method) -> void
+                      | (:GFp | :GF2m ec_method, Integer bignum_p, Integer bignum_a, Integer bignum_b) -> void
+
+        def initialize_copy: (instance) -> void
+
+        class Error < OpenSSL::OpenSSLError
+        end
+      end
+
+      class Point
+        public
+
+        alias == eql?
+
+        def add: (instance point) -> instance
+
+        def eql?: (instance other) -> bool
+
+        def group: () -> Group
+
+        def infinity?: () -> bool
+
+        def invert!: () -> self
+
+        def make_affine!: () -> self
+
+        def mul: (bn bn1, ?bn bn2) -> instance
+               | (Array[bn] bns, Array[instance], ?bn bn2) -> instance
+
+        def on_curve?: () -> bool
+
+        def set_to_infinity!: () -> self
+
+        def to_bn: (?point_conversion_format conversion_form) -> BN
+
+        def to_octet_string: (point_conversion_format) -> String
+
+        private
+
+        def initialize: (instance point) -> void
+                      | (Group group, ?(String | BN) encoded_point) -> void
+
+        def initialize_copy: (instance) -> void
+
+        class Error < OpenSSL::OpenSSLError
+        end
+      end
+    end
+
+    class ECError < OpenSSL::PKey::PKeyError
+    end
+
+    class PKey
+      public
+
+      def inspect: () -> String
+
+      def oid: () -> String
+
+      def private_to_der: (String cipher, String password) -> String
+                        | () -> String
+
+      def private_to_pem: (String cipher, String password) -> String
+                        | () -> String
+
+      def public_to_der: () -> String
+
+      def public_to_pem: () -> String
+
+      def sign: (Digest digest, String data) -> String
+
+      def verify: (Digest digest, String signature, String data) -> bool
+
+      private
+
+      def initialize: () -> void
+    end
+
+    class PKeyError < OpenSSL::OpenSSLError
+    end
+
+    class RSA < OpenSSL::PKey::PKey
+      include OpenSSL::Marshal
+
+      extend OpenSSL::Marshal::ClassMethods
+
+      def self.generate: (Integer size, ?Integer exponent) -> instance
+
+      public
+
+      def d: () -> BN?
+
+      def dmp1: () -> BN?
+
+      def dmq1: () -> BN?
+
+      def e: () -> BN?
+
+      def export: (String cipher, String password) -> String
+                | () -> String
+
+      def iqmp: () -> BN?
+
+      def n: () -> BN?
+
+      def p: () -> BN?
+
+      def params: () -> Hash[String, BN]
+
+      def private?: () -> bool
+
+      def private_decrypt: (String data, ?Integer padding) -> String
+
+      def private_encrypt: (String data, ?Integer padding) -> String
+
+      def public?: () -> bool
+
+      def public_decrypt: (String data, ?Integer padding) -> String
+
+      def public_encrypt: (String data, ?Integer padding) -> String
+
+      def public_key: () -> instance
+
+      def q: () -> BN?
+
+      def set_crt_params: (bn dmp1, bn dmq1, bn iqmp) -> self
+
+      def set_factors: (bn p, bn q) -> self
+
+      def set_key: (bn n, bn e, bn d) -> self
+
+      def sign_pss: (String digest, String data, salt_length: :digest | :max | Integer, mgf1_hash: String) -> String
+
+      def to_der: () -> String
+
+      alias to_pem export
+
+      alias to_s export
+
+      def to_text: () -> String
+
+      def verify_pss: (String digest, String signature, String data, salt_length: :auto | :digest | Integer, mgf1_hash: String) -> bool
+
+      private
+
+      def initialize: (Integer key_size) -> void
+                    | (String encoded_key, ?String pass_phrase) -> void
+
+      def initialize_copy: (instance) -> void
+
+      NO_PADDING: Integer
+
+      PKCS1_OAEP_PADDING: Integer
+
+      PKCS1_PADDING: Integer
+
+      SSLV23_PADDING: Integer
+    end
+
+    class RSAError < OpenSSL::PKey::PKeyError
+    end
+  end
+
+  module Random
+    def self.load_random_file: (String filename) -> true
+
+    def self.random_add: (String str, Numeric entropy) -> self
+
+    def self.random_bytes: (Integer length) -> String
+
+    def self.seed: (String seed) -> String
+
+    def self.status?: () -> bool
+
+    def self.write_random_file: (String filename) -> true
+
+    class RandomError < OpenSSL::OpenSSLError
+    end
+  end
+
+  module SSL
+    def self.verify_certificate_identity: (X509::Certificate cert, String hostname) -> bool
+
+    def self.verify_hostname: (String hostname, String san) -> bool
+
+    def self.verify_wildcard: (String domain_component, String san_component) -> bool
+
+    OP_ALL: Integer
+
+    OP_ALLOW_NO_DHE_KEX: Integer
+
+    OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION: Integer
+
+    OP_CIPHER_SERVER_PREFERENCE: Integer
+
+    OP_CRYPTOPRO_TLSEXT_BUG: Integer
+
+    OP_DONT_INSERT_EMPTY_FRAGMENTS: Integer
+
+    OP_EPHEMERAL_RSA: Integer
+
+    OP_LEGACY_SERVER_CONNECT: Integer
+
+    OP_MICROSOFT_BIG_SSLV3_BUFFER: Integer
+
+    OP_MICROSOFT_SESS_ID_BUG: Integer
+
+    OP_MSIE_SSLV2_RSA_PADDING: Integer
+
+    OP_NETSCAPE_CA_DN_BUG: Integer
+
+    OP_NETSCAPE_CHALLENGE_BUG: Integer
+
+    OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG: Integer
+
+    OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG: Integer
+
+    OP_NO_COMPRESSION: Integer
+
+    OP_NO_ENCRYPT_THEN_MAC: Integer
+
+    OP_NO_RENEGOTIATION: Integer
+
+    OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION: Integer
+
+    OP_NO_SSLv2: Integer
+
+    OP_NO_SSLv3: Integer
+
+    OP_NO_TICKET: Integer
+
+    OP_NO_TLSv1: Integer
+
+    OP_NO_TLSv1_1: Integer
+
+    OP_NO_TLSv1_2: Integer
+
+    OP_NO_TLSv1_3: Integer
+
+    OP_PKCS1_CHECK_1: Integer
+
+    OP_PKCS1_CHECK_2: Integer
+
+    OP_SAFARI_ECDHE_ECDSA_BUG: Integer
+
+    OP_SINGLE_DH_USE: Integer
+
+    OP_SINGLE_ECDH_USE: Integer
+
+    OP_SSLEAY_080_CLIENT_DH_BUG: Integer
+
+    OP_SSLREF2_REUSE_CERT_TYPE_BUG: Integer
+
+    OP_TLSEXT_PADDING: Integer
+
+    OP_TLS_BLOCK_PADDING_BUG: Integer
+
+    OP_TLS_D5_BUG: Integer
+
+    OP_TLS_ROLLBACK_BUG: Integer
+
+    SSL2_VERSION: Integer
+
+    SSL3_VERSION: Integer
+
+    TLS1_1_VERSION: Integer
+
+    TLS1_2_VERSION: Integer
+
+    TLS1_3_VERSION: Integer
+
+    TLS1_VERSION: Integer
+
+    VERIFY_CLIENT_ONCE: Integer
+
+    VERIFY_FAIL_IF_NO_PEER_CERT: Integer
+
+    VERIFY_NONE: Integer
+
+    VERIFY_PEER: Integer
+
+    type tls_version = Symbol | Integer
+
+    type verify_mode = Integer
+
+    class SSLContext
+      public
+
+      def add_certificate: (X509::Certificate certificate, PKey::PKey pkey, ?Array[X509::Certificate] extra_certs) -> self
+
+      def alpn_protocols: () -> Array[String]?
+
+      def alpn_protocols=: (Array[String]) -> Array[String]
+
+      def alpn_select_cb: () -> (^(Array[String]) -> String? | nil)
+
+      def alpn_select_cb=: (^(Array[String]) -> String? alpn_select_callback) -> void
+
+      def ca_file: () -> String
+
+      def ca_file=: (String ca_file) -> String
+
+      def ca_path: () -> String?
+
+      def ca_path=: (String ca_path) -> String
+
+      def cert: () -> X509::Certificate?
+
+      def cert=: ( X509::Certificate cert) ->  X509::Certificate
+
+      def cert_store: () -> X509::Store?
+
+      def cert_store=: (X509::Store store) -> X509::Store
+
+      def ciphers: () -> Array[[String, String, Integer, Integer]]
+
+      def ciphers=: (Array[[String, String, Integer, Integer]] ciphers) -> void
+                  | (Array[String] ciphers) -> void
+                  | (String colon_sep_ciphers) -> void
+
+      def client_ca: () -> (Array[X509::Certificate] | X509::Certificate)
+
+      def client_ca=: (Array[X509::Certificate] | X509::Certificate client_ca) -> void
+
+      def client_cert_cb: () -> (^(Session) -> [X509::Certificate, PKey::PKey]? | nil)
+
+      def client_cert_cb=: (^(Session) -> [X509::Certificate, PKey::PKey]? client_cert_cb) -> void
+
+      def ecdh_curves=: (String ecdh_curves) -> String
+
+      def enable_fallback_scsv: () -> nil
+
+      def extra_chain_cert: () -> Array[X509::Certificate]?
+
+      def extra_chain_cert=: (Array[X509::Certificate] extra_certs) -> Array[X509::Certificate]
+
+      def flush_sessions: (Time time) -> self
+
+      alias freeze setup
+
+      def key: () -> PKey::PKey?
+
+      def key=: (PKey::PKey) -> PKey::PKey
+
+      def max_version=: (tls_version version) -> tls_version
+
+      def min_version=: (tls_version version) -> tls_version
+
+      def npn_protocols: () -> untyped
+
+      def npn_protocols=: (untyped) -> untyped
+
+      def npn_select_cb: () -> untyped
+
+      def npn_select_cb=: (untyped) -> untyped
+
+      def options: () -> Integer
+
+      def options=: (Integer ssl_options) -> Integer
+
+      def renegotiation_cb: () -> (^(SSLSocket) -> void | nil)
+
+      def renegotiation_cb=: (^(SSLSocket) -> void) -> void
+
+      def security_level: () -> Integer
+
+      def security_level=: (Integer sec_level) -> Integer
+
+      def servername_cb: () -> (^(SSLSocket, String) -> SSLContext? | nil)
+
+      def servername_cb=: (^(SSLSocket, String) -> SSLContext?) -> ^(SSLSocket, String) -> SSLContext?
+
+      def session_add: (Session) -> bool
+
+      def session_cache_mode: () -> Integer
+
+      def session_cache_mode=: (Integer) -> Integer
+
+      def session_cache_size: () -> Integer
+
+      def session_cache_size=: (Integer) -> Integer
+
+      def session_cache_stats: () -> Hash[Symbol, Integer]
+
+      def session_get_cb: () -> (^(SSLSocket, Integer) -> Session? | nil)
+
+      def session_get_cb=: (^(SSLSocket, Integer) -> Session?) -> void
+
+      def session_id_context: () -> Integer?
+
+      def session_id_context=: (Integer) -> Integer
+
+      def session_new_cb: () -> (^(SSLSocket) -> untyped | nil)
+
+      def session_new_cb=: (^(SSLSocket) -> untyped) -> ^(SSLSocket) -> untyped
+
+      def session_remove: (Session session) -> bool
+
+      def session_remove_cb: () -> (^(SSLContext, Session) -> void | nil)
+
+      def session_remove_cb=: (^(SSLContext, Session) -> void ) -> void
+
+      def set_params: (?untyped params) -> untyped
+
+      def setup: () -> untyped
+
+      alias ssl_timeout timeout
+
+      alias ssl_timeout= timeout=
+
+      def ssl_version=: (tls_version meth) -> tls_version
+
+      def timeout: () -> Integer?
+
+      def timeout=: (Integer) -> Integer
+
+      def tmp_dh_callback: () -> (^(Session, Integer, Integer) -> PKey::DH | nil)
+
+      def tmp_dh_callback=: (^(Session, Integer, Integer) -> PKey::DH) -> void
+
+      def verify_callback: () -> (^(bool, X509::StoreContext) -> untyped | nil)
+
+      def verify_callback=: (^(bool, X509::StoreContext) -> untyped) -> void
+
+      def verify_depth: () -> Integer?
+
+      def verify_depth=: (Integer) -> Integer
+
+      def verify_hostname: () -> bool?
+
+      def verify_hostname=: [U] (boolish) -> U
+
+      def verify_mode: () -> verify_mode?
+
+      def verify_mode=: (verify_mode) -> verify_mode
+
+      private
+
+      def initialize: (?tls_version version) -> void
+
+      def set_minmax_proto_version: (untyped, untyped) -> untyped
+
+      DEFAULT_CERT_STORE: X509::Store
+
+      DEFAULT_PARAMS: Hash[Symbol, untyped]
+
+      DEFAULT_TMP_DH_CALLBACK: Proc
+
+      METHODS: Array[Symbol]
+
+      SESSION_CACHE_BOTH: Integer
+
+      SESSION_CACHE_CLIENT: Integer
+
+      SESSION_CACHE_NO_AUTO_CLEAR: Integer
+
+      SESSION_CACHE_NO_INTERNAL: Integer
+
+      SESSION_CACHE_NO_INTERNAL_LOOKUP: Integer
+
+      SESSION_CACHE_NO_INTERNAL_STORE: Integer
+
+      SESSION_CACHE_OFF: Integer
+
+      SESSION_CACHE_SERVER: Integer
+    end
+
+    class SSLError < OpenSSL::OpenSSLError
+    end
+
+    class SSLErrorWaitReadable < OpenSSL::SSL::SSLError
+      include IO::WaitReadable
+    end
+
+    class SSLErrorWaitWritable < OpenSSL::SSL::SSLError
+      include IO::WaitWritable
+    end
+
+    class SSLServer
+      include OpenSSL::SSL::SocketForwarder
+
+      public
+
+      def accept: () -> SSLSocket
+
+      def close: () -> nil
+
+      def listen: (Integer backlog) -> void
+
+      def shutdown: (Symbol | String | Integer how) -> void
+
+      def start_immediately: () -> bool
+
+      def start_immediately=: [U] (boolish) -> U
+
+      def to_io: () -> (TCPServer | UNIXServer)
+
+      private
+
+      def initialize: (TCPServer | UNIXServer svr, untyped ctx) -> void
+    end
+
+    class SSLSocket
+      include OpenSSL::SSL::SocketForwarder
+
+      include OpenSSL::Buffering
+
+      def self.open: (untyped remote_host, untyped remote_port, ?untyped local_host, ?untyped local_port, ?context: untyped) -> untyped
+
+      public
+
+      def accept: () -> self
+
+      def accept_nonblock: (?exception: true) -> self
+                         | (exception: false) -> (self | :wait_readable | :wait_writable)
+
+      def alpn_protocol: () -> String?
+
+      def cert: () -> X509::Certificate?
+
+      def cipher: () -> [String, String, Integer, Integer]?
+
+      def client_ca: () -> (Array[X509::Name] | Array[X509::Certificate] | X509::Certificate)
+
+      def connect: () -> self
+
+      def connect_nonblock: (?exception: true) -> self
+                          | (exception: false) -> (self | :wait_readable | :wait_writable)
+
+      def context: () -> SSLContext
+
+      def finished_message: () -> String?
+
+      def hostname: () -> String?
+
+      def hostname=: (String) -> String
+
+      def io: () -> BasicSocket
+
+      def npn_protocol: () -> String?
+
+      def peer_cert: () -> X509::Certificate?
+
+      def peer_cert_chain: () -> Array[X509::Certificate]?
+
+      def peer_finished_message: () -> String?
+
+      def pending: () -> Integer
+
+      def post_connection_check: (String hostname) -> true
+
+      def session: () -> Session?
+
+      def session=: (Session) -> Session
+
+      def session_reused?: () -> bool
+
+      def ssl_version: () -> tls_version
+
+      def state: () -> String
+
+      def sync_close: () -> bool
+
+      def sync_close=: [U] (boolish) -> U
+
+      def sysclose: () -> nil
+
+      def sysread: (Integer length, ?String buffer) -> String
+
+      def syswrite: (String data) -> Integer
+
+      def tmp_key: () -> PKey::PKey?
+
+      alias to_io io
+
+      def verify_result: () -> Integer
+
+      private
+
+      def client_cert_cb: () -> untyped
+
+      def initialize: (*untyped) -> void
+
+      def session_get_cb: () -> untyped
+
+      def session_new_cb: () -> untyped
+
+      def stop: () -> untyped
+
+      def sysread_nonblock: (*untyped) -> untyped
+
+      def syswrite_nonblock: (*untyped) -> untyped
+
+      def tmp_dh_callback: () -> untyped
+
+      def tmp_ecdh_callback: () -> untyped
+
+      def using_anon_cipher?: () -> untyped
+    end
+
+    class Session
+      public
+
+      def ==: (instance other) -> bool
+
+      def id: () -> String
+
+      def time: () -> Time
+
+      def time=: (Time | Integer start_time) -> Time
+
+      def timeout: () -> Integer
+
+      def timeout=: (Integer timeout) -> Integer
+
+      def to_der: () -> String
+
+      def to_pem: () -> String
+
+      def to_text: () -> String
+
+      private
+
+      def initialize: (SSLSocket | String sock_or_str) -> void
+
+      def initialize_copy: (instance) -> void
+
+      class SessionError < OpenSSL::OpenSSLError
+      end
+    end
+
+    module SocketForwarder
+      public
+
+      def addr: () -> Addrinfo?
+
+      def closed?: () -> untyped
+
+      def do_not_reverse_lookup=: (boolish flag) -> boolish
+
+      def fcntl: (*untyped args) -> untyped
+
+      def fileno: () -> Integer
+
+      def getsockopt: (Symbol | Integer level, Symbol | Integer optname) -> (Integer | boolish | String)
+
+      def peeraddr: () -> untyped
+
+      def setsockopt: (untyped level, untyped optname, untyped optval) -> untyped
+    end
+  end
+
+  module Timestamp
+    class Factory
+      public
+
+      def additional_certs: () -> Array[X509::Certificate]?
+
+      def additional_certs=: (Array[X509::Certificate]? certs) -> Array[X509::Certificate]?
+
+      def allowed_digests: () -> Array[String | Digest]?
+
+      def allowed_digests=: (Array[String | Digest]) -> Array[String | Digest]
+
+      def create_timestamp: (PKey::PKey key, X509::Certificate cert, Request request) -> Response
+
+      def default_policy_id: () -> String?
+
+      def default_policy_id=: (String) -> String
+
+      def gen_time: () -> Time?
+
+      def gen_time=: (Time) -> Time
+
+      def serial_number: () -> Integer?
+
+      def serial_number=: (Integer) -> Integer
+    end
+
+    class Request
+      public
+
+      def algorithm: () -> String
+
+      def algorithm=: (String) -> String
+
+      def cert_requested=: [U] (boolish) -> U
+
+      def cert_requested?: () -> bool
+
+      def message_imprint: () -> String?
+
+      def message_imprint=: (String) -> String
+
+      def nonce: () -> BN?
+
+      def nonce=: (bn nonce) -> BN
+
+      def policy_id: () -> String?
+
+      def policy_id=: (String policy_id) -> String
+
+      def to_der: () -> String
+
+      def version: () -> Integer
+
+      def version=: (Integer) -> Integer
+
+      private
+
+      def initialize: (?(File | String) request_der) -> void
+    end
+
+    class Response
+      public
+
+      def failure_info: () -> Symbol?
+
+      def status: () -> BN
+
+      def status_text: () -> Array[String]?
+
+      def to_der: () -> String
+
+      def token: () -> PKCS7?
+
+      def token_info: () -> TokenInfo?
+
+      def tsa_certificate: () -> X509::Certificate?
+
+      def verify: (Request request, X509::Store store, ?X509::Certificate intermediate_cert) -> instance
+
+      private
+
+      def initialize: (File | String response_der) -> void
+
+      GRANTED: Integer
+
+      GRANTED_WITH_MODS: Integer
+
+      REJECTION: Integer
+
+      REVOCATION_NOTIFICATION: Integer
+
+      REVOCATION_WARNING: Integer
+
+      WAITING: Integer
+    end
+
+    class TimestampError < OpenSSL::OpenSSLError
+    end
+
+    class TokenInfo
+      public
+
+      def algorithm: () -> String?
+
+      def gen_time: () -> Time
+
+      def message_imprint: () -> String
+
+      def nonce: () -> BN?
+
+      def ordering: () -> bool?
+
+      def policy_id: () -> String?
+
+      def serial_number: () -> BN?
+
+      def to_der: () -> String
+
+      def version: () -> Integer
+
+      private
+
+      def initialize: (File | String token_der) -> void
+    end
+  end
+
+  module X509
+    DEFAULT_CERT_AREA: String
+
+    DEFAULT_CERT_DIR: String
+
+    DEFAULT_CERT_DIR_ENV: String
+
+    DEFAULT_CERT_FILE: String
+
+    DEFAULT_CERT_FILE_ENV: String
+
+    DEFAULT_PRIVATE_DIR: String
+
+    PURPOSE_ANY: Integer
+
+    PURPOSE_CRL_SIGN: Integer
+
+    PURPOSE_NS_SSL_SERVER: Integer
+
+    PURPOSE_OCSP_HELPER: Integer
+
+    PURPOSE_SMIME_ENCRYPT: Integer
+
+    PURPOSE_SMIME_SIGN: Integer
+
+    PURPOSE_SSL_CLIENT: Integer
+
+    PURPOSE_SSL_SERVER: Integer
+
+    PURPOSE_TIMESTAMP_SIGN: Integer
+
+    TRUST_COMPAT: Integer
+
+    TRUST_EMAIL: Integer
+
+    TRUST_OBJECT_SIGN: Integer
+
+    TRUST_OCSP_REQUEST: Integer
+
+    TRUST_OCSP_SIGN: Integer
+
+    TRUST_SSL_CLIENT: Integer
+
+    TRUST_SSL_SERVER: Integer
+
+    TRUST_TSA: Integer
+
+    V_ERR_AKID_ISSUER_SERIAL_MISMATCH: Integer
+
+    V_ERR_AKID_SKID_MISMATCH: Integer
+
+    V_ERR_APPLICATION_VERIFICATION: Integer
+
+    V_ERR_CA_KEY_TOO_SMALL: Integer
+
+    V_ERR_CA_MD_TOO_WEAK: Integer
+
+    V_ERR_CERT_CHAIN_TOO_LONG: Integer
+
+    V_ERR_CERT_HAS_EXPIRED: Integer
+
+    V_ERR_CERT_NOT_YET_VALID: Integer
+
+    V_ERR_CERT_REJECTED: Integer
+
+    V_ERR_CERT_REVOKED: Integer
+
+    V_ERR_CERT_SIGNATURE_FAILURE: Integer
+
+    V_ERR_CERT_UNTRUSTED: Integer
+
+    V_ERR_CRL_HAS_EXPIRED: Integer
+
+    V_ERR_CRL_NOT_YET_VALID: Integer
+
+    V_ERR_CRL_PATH_VALIDATION_ERROR: Integer
+
+    V_ERR_CRL_SIGNATURE_FAILURE: Integer
+
+    V_ERR_DANE_NO_MATCH: Integer
+
+    V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT: Integer
+
+    V_ERR_DIFFERENT_CRL_SCOPE: Integer
+
+    V_ERR_EE_KEY_TOO_SMALL: Integer
+
+    V_ERR_EMAIL_MISMATCH: Integer
+
+    V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD: Integer
+
+    V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD: Integer
+
+    V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD: Integer
+
+    V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD: Integer
+
+    V_ERR_EXCLUDED_VIOLATION: Integer
+
+    V_ERR_HOSTNAME_MISMATCH: Integer
+
+    V_ERR_INVALID_CA: Integer
+
+    V_ERR_INVALID_CALL: Integer
+
+    V_ERR_INVALID_EXTENSION: Integer
+
+    V_ERR_INVALID_NON_CA: Integer
+
+    V_ERR_INVALID_POLICY_EXTENSION: Integer
+
+    V_ERR_INVALID_PURPOSE: Integer
+
+    V_ERR_IP_ADDRESS_MISMATCH: Integer
+
+    V_ERR_KEYUSAGE_NO_CERTSIGN: Integer
+
+    V_ERR_KEYUSAGE_NO_CRL_SIGN: Integer
+
+    V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE: Integer
+
+    V_ERR_NO_EXPLICIT_POLICY: Integer
+
+    V_ERR_NO_VALID_SCTS: Integer
+
+    V_ERR_OCSP_CERT_UNKNOWN: Integer
+
+    V_ERR_OCSP_VERIFY_FAILED: Integer
+
+    V_ERR_OCSP_VERIFY_NEEDED: Integer
+
+    V_ERR_OUT_OF_MEM: Integer
+
+    V_ERR_PATH_LENGTH_EXCEEDED: Integer
+
+    V_ERR_PATH_LOOP: Integer
+
+    V_ERR_PERMITTED_VIOLATION: Integer
+
+    V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED: Integer
+
+    V_ERR_PROXY_PATH_LENGTH_EXCEEDED: Integer
+
+    V_ERR_PROXY_SUBJECT_NAME_VIOLATION: Integer
+
+    V_ERR_SELF_SIGNED_CERT_IN_CHAIN: Integer
+
+    V_ERR_STORE_LOOKUP: Integer
+
+    V_ERR_SUBJECT_ISSUER_MISMATCH: Integer
+
+    V_ERR_SUBTREE_MINMAX: Integer
+
+    V_ERR_SUITE_B_CANNOT_SIGN_P_384_WITH_P_256: Integer
+
+    V_ERR_SUITE_B_INVALID_ALGORITHM: Integer
+
+    V_ERR_SUITE_B_INVALID_CURVE: Integer
+
+    V_ERR_SUITE_B_INVALID_SIGNATURE_ALGORITHM: Integer
+
+    V_ERR_SUITE_B_INVALID_VERSION: Integer
+
+    V_ERR_SUITE_B_LOS_NOT_ALLOWED: Integer
+
+    V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY: Integer
+
+    V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE: Integer
+
+    V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE: Integer
+
+    V_ERR_UNABLE_TO_GET_CRL: Integer
+
+    V_ERR_UNABLE_TO_GET_CRL_ISSUER: Integer
+
+    V_ERR_UNABLE_TO_GET_ISSUER_CERT: Integer
+
+    V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY: Integer
+
+    V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE: Integer
+
+    V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION: Integer
+
+    V_ERR_UNHANDLED_CRITICAL_EXTENSION: Integer
+
+    V_ERR_UNNESTED_RESOURCE: Integer
+
+    V_ERR_UNSPECIFIED: Integer
+
+    V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX: Integer
+
+    V_ERR_UNSUPPORTED_CONSTRAINT_TYPE: Integer
+
+    V_ERR_UNSUPPORTED_EXTENSION_FEATURE: Integer
+
+    V_ERR_UNSUPPORTED_NAME_SYNTAX: Integer
+
+    V_FLAG_ALLOW_PROXY_CERTS: Integer
+
+    V_FLAG_CHECK_SS_SIGNATURE: Integer
+
+    V_FLAG_CRL_CHECK: Integer
+
+    V_FLAG_CRL_CHECK_ALL: Integer
+
+    V_FLAG_EXPLICIT_POLICY: Integer
+
+    V_FLAG_EXTENDED_CRL_SUPPORT: Integer
+
+    V_FLAG_IGNORE_CRITICAL: Integer
+
+    V_FLAG_INHIBIT_ANY: Integer
+
+    V_FLAG_INHIBIT_MAP: Integer
+
+    V_FLAG_NOTIFY_POLICY: Integer
+
+    V_FLAG_NO_ALT_CHAINS: Integer
+
+    V_FLAG_NO_CHECK_TIME: Integer
+
+    V_FLAG_PARTIAL_CHAIN: Integer
+
+    V_FLAG_POLICY_CHECK: Integer
+
+    V_FLAG_SUITEB_128_LOS: Integer
+
+    V_FLAG_SUITEB_128_LOS_ONLY: Integer
+
+    V_FLAG_SUITEB_192_LOS: Integer
+
+    V_FLAG_TRUSTED_FIRST: Integer
+
+    V_FLAG_USE_CHECK_TIME: Integer
+
+    V_FLAG_USE_DELTAS: Integer
+
+    V_FLAG_X509_STRICT: Integer
+
+    V_OK: Integer
+
+    class Attribute
+      include OpenSSL::Marshal
+
+      extend OpenSSL::Marshal::ClassMethods
+
+      public
+
+      def ==: (instance other) -> bool
+
+      def oid: () -> String
+
+      def oid=: (String) -> String
+
+      def to_der: () -> String
+
+      def value: () -> ASN1::Set
+
+      def value=: (ASN1::ASN1Data) -> ASN1::Set
+
+      private
+
+      def initialize: (String der) -> void
+                    | (String oid, ASN1::ASN1Data value) -> void
+
+      def initialize_copy: (instance) -> void
+    end
+
+    class AttributeError < OpenSSL::OpenSSLError
+    end
+
+    class CRL
+      include OpenSSL::X509::Extension::AuthorityKeyIdentifier
+
+      include OpenSSL::Marshal
+
+      extend OpenSSL::Marshal::ClassMethods
+
+      public
+
+      def ==: (instance other) -> bool
+
+      def add_extension: (Extension ext) -> Extension
+
+      def add_revoked: (Revoked revoked) -> Revoked
+
+      def extensions: () -> Array[Extension]
+
+      def extensions=: (Array[Extension] extensions) -> Array[Extension]
+
+      def issuer: () -> X509::Name
+
+      def issuer=: (X509::Name issuer) -> X509::Name
+
+      def last_update: () -> Time?
+
+      def last_update=: (Time last_update) -> Time
+
+      def next_update: () -> Time?
+
+      def next_update=: (Time next_update) -> Time
+
+      def revoked: () -> Array[Revoked]
+
+      def revoked=: (Array[Revoked]) -> Array[Revoked]
+
+      def sign: (PKey::PKey key, Digest digest) -> String
+
+      def signature_algorithm: () -> String
+
+      def to_der: () -> String
+
+      def to_pem: () -> String
+
+      alias to_s to_pem
+
+      def to_text: () -> String
+
+      def verify: (PKey::PKey key) -> bool
+
+      def version: () -> Integer
+
+      def version=: (Integer) -> Integer
+
+      private
+
+      def initialize: (?String der) -> void
+
+      def initialize_copy: (instance) -> void
+    end
+
+    class CRLError < OpenSSL::OpenSSLError
+    end
+
+    class Certificate
+      include OpenSSL::X509::Extension::AuthorityInfoAccess
+
+      include OpenSSL::X509::Extension::CRLDistributionPoints
+
+      include OpenSSL::X509::Extension::AuthorityKeyIdentifier
+
+      include OpenSSL::X509::Extension::SubjectKeyIdentifier
+
+      include OpenSSL::Marshal
+
+      extend OpenSSL::Marshal::ClassMethods
+
+      public
+
+      def ==: (instance other) -> bool
+
+      def add_extension: (Extension ext) -> Extension
+
+      def check_private_key: (PKey::PKey key) -> bool
+
+      def extensions: () -> Array[Extension]
+
+      def extensions=: (Array[Extension]) -> Array[Extension]
+
+      def inspect: () -> String
+
+      def issuer: () -> Name
+
+      def issuer=: (Name) -> Name
+
+      def not_after: () -> Time?
+
+      def not_after=: (Time) -> Time
+
+      def not_before: () -> Time?
+
+      def not_before=: (Time) -> Time
+
+      def pretty_print: (untyped q) -> untyped
+
+      def public_key: () -> PKey::PKey
+
+      def public_key=: (PKey::PKey pkey) -> PKey::PKey
+
+      def serial: () -> BN
+
+      def serial=: (bn serial) -> bn
+
+      def sign: (PKey::PKey key, String digest) -> String
+
+      def signature_algorithm: () -> String
+
+      def subject: () -> Name
+
+      def subject=: (Name) -> Name
+
+      def to_der: () -> String
+
+      def to_pem: () -> String
+
+      alias to_s to_pem
+
+      def to_text: () -> String
+
+      def verify: (PKey::PKey key) -> bool
+
+      def version: () -> Integer
+
+      def version=: (Integer) -> Integer
+
+      private
+
+      def initialize: (?String pem) -> void
+
+      def initialize_copy: (instance) -> void
+    end
+
+    class CertificateError < OpenSSL::OpenSSLError
+    end
+
+    class Extension
+      include OpenSSL::Marshal
+
+      extend OpenSSL::Marshal::ClassMethods
+
+      public
+
+      def ==: (instance other) -> bool
+
+      def critical=: [U] (boolish) -> U
+
+      def critical?: () -> bool
+
+      def oid: () -> String
+
+      def oid=: (String oid) -> String
+
+      def to_a: () -> [String, String, bool]
+
+      def to_der: () -> String
+
+      def to_h: () -> Hash[String, untyped]
+
+      def to_s: () -> String
+
+      def value: () -> String
+
+      def value=: (String | ASN1::_ToDer data) -> String
+
+      def value_der: () -> String
+
+      private
+
+      def initialize: (String der) -> void
+                    | (String oid, String value, ?boolish critical) -> void
+
+      def initialize_copy: (instance) -> void
+
+      module AuthorityInfoAccess
+        include OpenSSL::X509::Extension::Helpers
+
+        public
+
+        def ca_issuer_uris: () -> Array[String]?
+
+        def ocsp_uris: () -> Array[String]?
+
+        private
+
+        def parse_aia_asn1: () -> untyped
+      end
+
+      module AuthorityKeyIdentifier
+        include OpenSSL::X509::Extension::Helpers
+
+        public
+
+        def authority_key_identifier: () -> String?
+      end
+
+      module CRLDistributionPoints
+        include OpenSSL::X509::Extension::Helpers
+
+        public
+
+        def crl_uris: () -> Array[String]?
+      end
+
+      module Helpers
+        public
+
+        def find_extension: (String oid) -> Extension?
+      end
+
+      module SubjectKeyIdentifier
+        include OpenSSL::X509::Extension::Helpers
+
+        public
+
+        def subject_key_identifier: () -> String?
+      end
+    end
+
+    class ExtensionError < OpenSSL::OpenSSLError
+    end
+
+    class ExtensionFactory
+      public
+
+      def config: () -> Config?
+
+      def config=: (Config config) -> Config
+
+      def create_ext: (String oid, String value, ?boolish critical) -> Extension
+
+      def create_ext_from_array: ([String, String] | [String, String, boolish] ary) -> Extension
+
+      def create_ext_from_hash: (Hash[String, String | boolish] hash) -> Extension
+
+      def create_ext_from_string: (String str) -> Extension
+
+      def create_extension: (String oid, String value, ?boolish critical) -> Extension
+
+      def crl: () -> CRL?
+
+      def crl=: (CRL crl) -> CRL
+
+      def issuer_certificate: () -> Certificate?
+
+      def issuer_certificate=: (Certificate cert) -> Certificate
+
+      def subject_certificate: () -> Certificate?
+
+      def subject_certificate=: (Certificate cert) -> Certificate
+
+      def subject_request: () -> Request?
+
+      def subject_request=: (Request request) -> Request
+
+      private
+
+      def initialize: (?Certificate? issuer_cert, ?Certificate? subject_cert, ?Request? request, ?CRL? crl) -> void
+    end
+
+    class Name
+      type distinguished_name = [String, String]
+
+      type template = Hash[String, Integer]
+
+      include OpenSSL::Marshal
+
+      include Comparable
+
+      extend OpenSSL::Marshal::ClassMethods
+
+      alias self.parse self.parse_openssl
+
+      def self.parse_openssl: (String str, ?template template) -> instance
+
+      def self.parse_rfc2253: (String str, ?template template) -> instance
+
+      public
+
+      alias <=> cmp
+
+      def add_entry: (String oid, String value, ?loc: Integer, ?set: Integer) -> self
+
+      def cmp: (untyped other) -> Integer?
+
+      def eql?: (instance other) -> bool
+
+      def hash: () -> Integer
+
+      def hash_old: () -> Integer
+
+      def inspect: () -> String
+
+      def pretty_print: (untyped q) -> untyped
+
+      def to_a: () -> Array[[String, String, Integer]]
+
+      def to_der: () -> String
+
+      def to_s: (?format format) -> String
+
+      def to_utf8: () -> String
+
+      private
+
+      def initialize: (distinguished_name name, template template) -> void
+                    | (Array[distinguished_name] names) -> void
+                    | (?String der) -> void
+
+      def initialize_copy: (instance) -> void
+
+      COMPAT: Integer
+
+      DEFAULT_OBJECT_TYPE: Integer
+
+      MULTILINE: Integer
+
+      OBJECT_TYPE_TEMPLATE: template
+
+      ONELINE: Integer
+
+      RFC2253: Integer
+
+      type format = Integer
+
+      module RFC2253DN
+        def self.expand_hexstring: (untyped str) -> untyped
+
+        def self.expand_pair: (untyped str) -> untyped
+
+        def self.expand_value: (untyped str1, untyped str2, untyped str3) -> untyped
+
+        def self.scan: (untyped dn) -> untyped
+
+        private
+
+        def expand_hexstring: (untyped str) -> untyped
+
+        def expand_pair: (untyped str) -> untyped
+
+        def expand_value: (untyped str1, untyped str2, untyped str3) -> untyped
+
+        def scan: (String dn) -> Array[distinguished_name]
+
+        AttributeType: Regexp
+
+        AttributeValue: Regexp
+
+        HexChar: Regexp
+
+        HexPair: Regexp
+
+        HexString: Regexp
+
+        Pair: Regexp
+
+        QuoteChar: Regexp
+
+        Special: String
+
+        StringChar: Regexp
+
+        TypeAndValue: Regexp
+      end
+    end
+
+    class NameError < OpenSSL::OpenSSLError
+    end
+
+    class Request
+      include OpenSSL::Marshal
+
+      extend OpenSSL::Marshal::ClassMethods
+
+      public
+
+      def ==: (untyped other) -> bool
+
+      def add_attribute: (Attribute attribute) -> Attribute
+
+      def attributes: () -> Array[Attribute]
+
+      def attributes=: (Array[Attribute] attributes) -> Array[Attribute]
+
+      def public_key: () -> PKey::PKey
+
+      def public_key=: (PKey::PKey public_key) -> PKey::PKey
+
+      def sign: (PKey::PKey key, Digest | String digest) -> String
+
+      def signature_algorithm: () -> String
+
+      def subject: () -> Name
+
+      def subject=: (Name subject) -> Name
+
+      def to_der: () -> String
+
+      def to_pem: () -> String
+
+      alias to_s to_pem
+
+      def to_text: () -> String
+
+      def verify: (PKey::PKey key) -> bool
+
+      def version: () -> Integer
+
+      def version=: (Integer version) -> Integer
+
+      private
+
+      def initialize: (?String der) -> void
+
+      def initialize_copy: (instance) -> void
+    end
+
+    class RequestError < OpenSSL::OpenSSLError
+    end
+
+    class Revoked
+      public
+
+      def ==: (untyped other) -> bool
+
+      def add_extension: (Extension ext) -> Extension
+
+      def extensions: () -> Array[Extension]
+
+      def extensions=: (Array[Extension] extensions) -> Array[Extension]
+
+      def serial: () -> Integer
+
+      def serial=: (Integer integer) -> Integer
+
+      def time: () -> Time?
+
+      def time=: (Time time) -> Time
+
+      def to_der: () -> String
+
+      private
+
+      def initialize: (*untyped) -> void
+
+      def initialize_copy: (instance) -> void
+    end
+
+    class RevokedError < OpenSSL::OpenSSLError
+    end
+
+    class Store
+      public
+
+      def add_cert: (Certificate certificate) -> self
+
+      def add_crl: (CRL crl) -> self
+
+      def add_file: (String file) -> self
+
+      def add_path: (String path) -> self
+
+      def chain: () -> Array[Certificate]?
+
+      def error: () -> Integer?
+
+      def error_string: () -> String?
+
+      def flags=: (Integer flags) -> Integer
+
+      def purpose=: (Integer purpose) -> Integer
+
+      def set_default_paths: () -> nil
+
+      def time=: (Time time) -> Time
+
+      def trust=: (Integer trust) -> Integer
+
+      def verify: (Certificate certificate, ?Array[Certificate] chain) ?{ (bool preverify_ok, StoreContext store_ctx) -> boolish } -> boolish
+
+      def verify_callback: () -> (^(bool preverify_ok, StoreContext store_ctx) -> boolish | nil)
+
+      def verify_callback=: [U] (^(bool preverify_ok, StoreContext store_ctx) -> boolish) -> U
+
+      private
+
+      def initialize: () -> void
+    end
+
+    class StoreContext
+      public
+
+      def chain: () -> Array[Certificate]?
+
+      def cleanup: () -> void
+
+      def current_cert: () -> Certificate
+
+      def current_crl: () -> CRL
+
+      def error: () -> Integer?
+
+      def error=: (Integer error) -> Integer
+
+      def error_depth: () -> Integer
+
+      def error_string: () -> String?
+
+      def flags=: (Integer flags) -> Integer
+
+      def purpose=: (Integer purpose) -> Integer
+
+      def time=: (Time time) -> Time
+
+      def trust=: (Integer trust) -> Integer
+
+      def verify: () -> bool
+
+      private
+
+      def initialize: (Store store, ?Certificate cert, ?Array[Certificate] chain) -> void
+    end
+
+    class StoreError < OpenSSL::OpenSSLError
+    end
+  end
+end