ruby-paseto 0.1.0

data/sorbet/rbi/gems/openssl@3.0.1.rbi

@@ -0,0 +1,1735 @@
+# typed: false
+
+# DO NOT EDIT MANUALLY
+# This is an autogenerated file for types exported from the `openssl` gem.
+# Please instead update this file by running `bin/tapioca gem openssl`.
+
+# --
+# Add double dispatch to Integer
+# ++
+class Integer < ::Numeric
+  # Casts an Integer as an OpenSSL::BN
+  #
+  # See `man bn` for more info.
+  #
+  # source://openssl//openssl/bn.rb#37
+  def to_bn; end
+end
+
+Integer::GMP_VERSION = T.let(T.unsafe(nil), String)
+
+module OpenSSL
+  private
+
+  # Returns a Digest subclass by _name_
+  #
+  #   require 'openssl'
+  #
+  #   OpenSSL::Digest("MD5")
+  #   # => OpenSSL::Digest::MD5
+  #
+  #   Digest("Foo")
+  #   # => NameError: wrong constant name Foo
+  #
+  # source://openssl//openssl/digest.rb#67
+  def Digest(name); end
+
+  class << self
+    # Returns a Digest subclass by _name_
+    #
+    #   require 'openssl'
+    #
+    #   OpenSSL::Digest("MD5")
+    #   # => OpenSSL::Digest::MD5
+    #
+    #   Digest("Foo")
+    #   # => NameError: wrong constant name Foo
+    #
+    # source://openssl//openssl/digest.rb#67
+    def Digest(name); end
+
+    # call-seq:
+    #   OpenSSL.secure_compare(string, string) -> boolean
+    #
+    # Constant time memory comparison. Inputs are hashed using SHA-256 to mask
+    # the length of the secret. Returns +true+ if the strings are identical,
+    # +false+ otherwise.
+    #
+    # source://openssl//openssl.rb#32
+    def secure_compare(a, b); end
+  end
+end
+
+class OpenSSL::BN
+  include ::Comparable
+
+  # source://openssl//openssl/bn.rb#20
+  def pretty_print(q); end
+end
+
+OpenSSL::BN::CONSTTIME = T.let(T.unsafe(nil), Integer)
+
+# OpenSSL IO buffering mix-in module.
+#
+# This module allows an OpenSSL::SSL::SSLSocket to behave like an IO.
+#
+# You typically won't use this module directly, you can see it implemented in
+# OpenSSL::SSL::SSLSocket.
+module OpenSSL::Buffering
+  include ::Enumerable
+
+  # Creates an instance of OpenSSL's buffering IO module.
+  #
+  # source://openssl//openssl/buffering.rb#63
+  def initialize(*_arg0); end
+
+  # Writes _s_ to the stream.  _s_ will be converted to a String using
+  # +.to_s+ method.
+  #
+  # source://openssl//openssl/buffering.rb#422
+  def <<(s); end
+
+  # Closes the SSLSocket and flushes any unwritten data.
+  #
+  # source://openssl//openssl/buffering.rb#483
+  def close; end
+
+  # Executes the block for every line in the stream where lines are separated
+  # by _eol_.
+  #
+  # See also #gets
+  #
+  # source://openssl//openssl/buffering.rb#259
+  def each(eol = T.unsafe(nil)); end
+
+  # Calls the given block once for each byte in the stream.
+  #
+  # source://openssl//openssl/buffering.rb#300
+  def each_byte; end
+
+  # Executes the block for every line in the stream where lines are separated
+  # by _eol_.
+  #
+  # See also #gets
+  #
+  # source://openssl//openssl/buffering.rb#259
+  def each_line(eol = T.unsafe(nil)); end
+
+  # Returns true if the stream is at file which means there is no more data to
+  # be read.
+  #
+  # @return [Boolean]
+  #
+  # source://openssl//openssl/buffering.rb#331
+  def eof; end
+
+  # Returns true if the stream is at file which means there is no more data to
+  # be read.
+  #
+  # @return [Boolean]
+  #
+  # source://openssl//openssl/buffering.rb#331
+  def eof?; end
+
+  # Flushes buffered data to the SSLSocket.
+  #
+  # source://openssl//openssl/buffering.rb#471
+  def flush; end
+
+  # call-seq:
+  #   ssl.getbyte => 81
+  #
+  # Get the next 8bit byte from `ssl`.  Returns `nil` on EOF
+  #
+  # source://openssl//openssl/buffering.rb#108
+  def getbyte; end
+
+  # Reads one character from the stream.  Returns nil if called at end of
+  # file.
+  #
+  # source://openssl//openssl/buffering.rb#293
+  def getc; end
+
+  # Reads the next "line" from the stream.  Lines are separated by _eol_.  If
+  # _limit_ is provided the result will not be longer than the given number of
+  # bytes.
+  #
+  # _eol_ may be a String or Regexp.
+  #
+  # Unlike IO#gets the line read will not be assigned to +$_+.
+  #
+  # Unlike IO#gets the separator must be provided if a limit is provided.
+  #
+  # source://openssl//openssl/buffering.rb#235
+  def gets(eol = T.unsafe(nil), limit = T.unsafe(nil)); end
+
+  # Writes _args_ to the stream.
+  #
+  # See IO#print for full details.
+  #
+  # source://openssl//openssl/buffering.rb#450
+  def print(*args); end
+
+  # Formats and writes to the stream converting parameters under control of
+  # the format string.
+  #
+  # See Kernel#sprintf for format string details.
+  #
+  # source://openssl//openssl/buffering.rb#463
+  def printf(s, *args); end
+
+  # Writes _args_ to the stream along with a record separator.
+  #
+  # See IO#puts for full details.
+  #
+  # source://openssl//openssl/buffering.rb#432
+  def puts(*args); end
+
+  # Reads _size_ bytes from the stream.  If _buf_ is provided it must
+  # reference a string which will receive the data.
+  #
+  # See IO#read for full details.
+  #
+  # source://openssl//openssl/buffering.rb#119
+  def read(size = T.unsafe(nil), buf = T.unsafe(nil)); end
+
+  # Reads at most _maxlen_ bytes in the non-blocking manner.
+  #
+  # When no data can be read without blocking it raises
+  # OpenSSL::SSL::SSLError extended by IO::WaitReadable or IO::WaitWritable.
+  #
+  # IO::WaitReadable means SSL needs to read internally so read_nonblock
+  # should be called again when the underlying IO is readable.
+  #
+  # IO::WaitWritable means SSL needs to write internally so read_nonblock
+  # should be called again after the underlying IO is writable.
+  #
+  # OpenSSL::Buffering#read_nonblock needs two rescue clause as follows:
+  #
+  #   # emulates blocking read (readpartial).
+  #   begin
+  #     result = ssl.read_nonblock(maxlen)
+  #   rescue IO::WaitReadable
+  #     IO.select([io])
+  #     retry
+  #   rescue IO::WaitWritable
+  #     IO.select(nil, [io])
+  #     retry
+  #   end
+  #
+  # Note that one reason that read_nonblock writes to the underlying IO is
+  # when the peer requests a new TLS/SSL handshake.  See openssl the FAQ for
+  # more details.  http://www.openssl.org/support/faq.html
+  #
+  # By specifying a keyword argument _exception_ to +false+, you can indicate
+  # that read_nonblock should not raise an IO::Wait*able exception, but
+  # return the symbol +:wait_writable+ or +:wait_readable+ instead. At EOF,
+  # it will return +nil+ instead of raising EOFError.
+  #
+  # source://openssl//openssl/buffering.rb#204
+  def read_nonblock(maxlen, buf = T.unsafe(nil), exception: T.unsafe(nil)); end
+
+  # Reads a one-character string from the stream.  Raises an EOFError at end
+  # of file.
+  #
+  # @raise [EOFError]
+  #
+  # source://openssl//openssl/buffering.rb#310
+  def readchar; end
+
+  # Reads a line from the stream which is separated by _eol_.
+  #
+  # Raises EOFError if at end of file.
+  #
+  # @raise [EOFError]
+  #
+  # source://openssl//openssl/buffering.rb#284
+  def readline(eol = T.unsafe(nil)); end
+
+  # Reads lines from the stream which are separated by _eol_.
+  #
+  # See also #gets
+  #
+  # source://openssl//openssl/buffering.rb#271
+  def readlines(eol = T.unsafe(nil)); end
+
+  # Reads at most _maxlen_ bytes from the stream.  If _buf_ is provided it
+  # must reference a string which will receive the data.
+  #
+  # See IO#readpartial for full details.
+  #
+  # source://openssl//openssl/buffering.rb#146
+  def readpartial(maxlen, buf = T.unsafe(nil)); end
+
+  # The "sync mode" of the SSLSocket.
+  #
+  # See IO#sync for full details.
+  #
+  # source://openssl//openssl/buffering.rb#53
+  def sync; end
+
+  # The "sync mode" of the SSLSocket.
+  #
+  # See IO#sync for full details.
+  #
+  # source://openssl//openssl/buffering.rb#53
+  def sync=(_arg0); end
+
+  # Pushes character _c_ back onto the stream such that a subsequent buffered
+  # character read will return it.
+  #
+  # Unlike IO#getc multiple bytes may be pushed back onto the stream.
+  #
+  # Has no effect on unbuffered reads (such as #sysread).
+  #
+  # source://openssl//openssl/buffering.rb#323
+  def ungetc(c); end
+
+  # Writes _s_ to the stream.  If the argument is not a String it will be
+  # converted using +.to_s+ method.  Returns the number of bytes written.
+  #
+  # source://openssl//openssl/buffering.rb#369
+  def write(*s); end
+
+  # Writes _s_ in the non-blocking manner.
+  #
+  # If there is buffered data, it is flushed first.  This may block.
+  #
+  # write_nonblock returns number of bytes written to the SSL connection.
+  #
+  # When no data can be written without blocking it raises
+  # OpenSSL::SSL::SSLError extended by IO::WaitReadable or IO::WaitWritable.
+  #
+  # IO::WaitReadable means SSL needs to read internally so write_nonblock
+  # should be called again after the underlying IO is readable.
+  #
+  # IO::WaitWritable means SSL needs to write internally so write_nonblock
+  # should be called again after underlying IO is writable.
+  #
+  # So OpenSSL::Buffering#write_nonblock needs two rescue clause as follows.
+  #
+  #   # emulates blocking write.
+  #   begin
+  #     result = ssl.write_nonblock(str)
+  #   rescue IO::WaitReadable
+  #     IO.select([io])
+  #     retry
+  #   rescue IO::WaitWritable
+  #     IO.select(nil, [io])
+  #     retry
+  #   end
+  #
+  # Note that one reason that write_nonblock reads from the underlying IO
+  # is when the peer requests a new TLS/SSL handshake.  See the openssl FAQ
+  # for more details.  http://www.openssl.org/support/faq.html
+  #
+  # By specifying a keyword argument _exception_ to +false+, you can indicate
+  # that write_nonblock should not raise an IO::Wait*able exception, but
+  # return the symbol +:wait_writable+ or +:wait_readable+ instead.
+  #
+  # source://openssl//openssl/buffering.rb#413
+  def write_nonblock(s, exception: T.unsafe(nil)); end
+
+  private
+
+  # Consumes _size_ bytes from the buffer
+  #
+  # source://openssl//openssl/buffering.rb#91
+  def consume_rbuff(size = T.unsafe(nil)); end
+
+  # Writes _s_ to the buffer.  When the buffer is full or #sync is true the
+  # buffer is flushed to the underlying socket.
+  #
+  # source://openssl//openssl/buffering.rb#346
+  def do_write(s); end
+
+  # Fills the buffer from the underlying SSLSocket
+  #
+  # source://openssl//openssl/buffering.rb#78
+  def fill_rbuff; end
+end
+
+# A buffer which will retain binary encoding.
+class OpenSSL::Buffering::Buffer < ::String
+  # @return [Buffer] a new instance of Buffer
+  #
+  # source://openssl//openssl/buffering.rb#29
+  def initialize; end
+
+  # source://openssl//openssl/buffering.rb#35
+  def <<(string); end
+
+  # source://openssl//openssl/buffering.rb#35
+  def concat(string); end
+end
+
+# source://openssl//openssl/buffering.rb#27
+OpenSSL::Buffering::Buffer::BINARY = T.let(T.unsafe(nil), Encoding)
+
+class OpenSSL::Cipher
+  # call-seq:
+  #   cipher.random_iv -> iv
+  #
+  # Generate a random IV with OpenSSL::Random.random_bytes and sets it to the
+  # cipher, and returns it.
+  #
+  # You must call #encrypt or #decrypt before calling this method.
+  #
+  # source://openssl//openssl/cipher.rb#55
+  def random_iv; end
+
+  # call-seq:
+  #   cipher.random_key -> key
+  #
+  # Generate a random key with OpenSSL::Random.random_bytes and sets it to
+  # the cipher, and returns it.
+  #
+  # You must call #encrypt or #decrypt before calling this method.
+  #
+  # source://openssl//openssl/cipher.rb#43
+  def random_key; end
+end
+
+class OpenSSL::Cipher::AES < ::OpenSSL::Cipher
+  # source://openssl//openssl/cipher.rb#19
+  def initialize(*args); end
+end
+
+class OpenSSL::Cipher::AES128 < ::OpenSSL::Cipher
+  # source://openssl//openssl/cipher.rb#29
+  def initialize(mode = T.unsafe(nil)); end
+end
+
+class OpenSSL::Cipher::AES192 < ::OpenSSL::Cipher
+  # source://openssl//openssl/cipher.rb#29
+  def initialize(mode = T.unsafe(nil)); end
+end
+
+class OpenSSL::Cipher::AES256 < ::OpenSSL::Cipher
+  # source://openssl//openssl/cipher.rb#29
+  def initialize(mode = T.unsafe(nil)); end
+end
+
+class OpenSSL::Cipher::BF < ::OpenSSL::Cipher
+  # source://openssl//openssl/cipher.rb#19
+  def initialize(*args); end
+end
+
+class OpenSSL::Cipher::CAST5 < ::OpenSSL::Cipher
+  # source://openssl//openssl/cipher.rb#19
+  def initialize(*args); end
+end
+
+# Deprecated.
+#
+# This class is only provided for backwards compatibility.
+# Use OpenSSL::Cipher.
+class OpenSSL::Cipher::Cipher < ::OpenSSL::Cipher; end
+
+class OpenSSL::Cipher::DES < ::OpenSSL::Cipher
+  # source://openssl//openssl/cipher.rb#19
+  def initialize(*args); end
+end
+
+class OpenSSL::Cipher::IDEA < ::OpenSSL::Cipher
+  # source://openssl//openssl/cipher.rb#19
+  def initialize(*args); end
+end
+
+class OpenSSL::Cipher::RC2 < ::OpenSSL::Cipher
+  # source://openssl//openssl/cipher.rb#19
+  def initialize(*args); end
+end
+
+class OpenSSL::Cipher::RC4 < ::OpenSSL::Cipher
+  # source://openssl//openssl/cipher.rb#19
+  def initialize(*args); end
+end
+
+class OpenSSL::Cipher::RC5 < ::OpenSSL::Cipher
+  # source://openssl//openssl/cipher.rb#19
+  def initialize(*args); end
+end
+
+class OpenSSL::Config
+  include ::Enumerable
+end
+
+class OpenSSL::Digest < ::Digest::Class
+  class << self
+    # Return the hash value computed with _name_ Digest. _name_ is either the
+    # long name or short name of a supported digest algorithm.
+    #
+    # === Examples
+    #
+    #   OpenSSL::Digest.digest("SHA256", "abc")
+    #
+    # which is equivalent to:
+    #
+    #   OpenSSL::Digest.digest('SHA256', "abc")
+    #
+    # source://openssl//openssl/digest.rb#29
+    def digest(name, data); end
+  end
+end
+
+# Deprecated.
+#
+# This class is only provided for backwards compatibility.
+# Use OpenSSL::Digest instead.
+class OpenSSL::Digest::Digest < ::OpenSSL::Digest; end
+
+class OpenSSL::Digest::MD4 < ::OpenSSL::Digest
+  # source://openssl//openssl/digest.rb#35
+  def initialize(data = T.unsafe(nil)); end
+
+  class << self
+    # source://openssl//openssl/digest.rb#41
+    def digest(data); end
+
+    # source://openssl//openssl/digest.rb#42
+    def hexdigest(data); end
+  end
+end
+
+class OpenSSL::Digest::MD5 < ::OpenSSL::Digest
+  # source://openssl//openssl/digest.rb#35
+  def initialize(data = T.unsafe(nil)); end
+
+  class << self
+    # source://openssl//openssl/digest.rb#41
+    def digest(data); end
+
+    # source://openssl//openssl/digest.rb#42
+    def hexdigest(data); end
+  end
+end
+
+class OpenSSL::Digest::RIPEMD160 < ::OpenSSL::Digest
+  # source://openssl//openssl/digest.rb#35
+  def initialize(data = T.unsafe(nil)); end
+
+  class << self
+    # source://openssl//openssl/digest.rb#41
+    def digest(data); end
+
+    # source://openssl//openssl/digest.rb#42
+    def hexdigest(data); end
+  end
+end
+
+class OpenSSL::Digest::SHA1 < ::OpenSSL::Digest
+  # source://openssl//openssl/digest.rb#35
+  def initialize(data = T.unsafe(nil)); end
+
+  class << self
+    # source://openssl//openssl/digest.rb#41
+    def digest(data); end
+
+    # source://openssl//openssl/digest.rb#42
+    def hexdigest(data); end
+  end
+end
+
+class OpenSSL::Digest::SHA224 < ::OpenSSL::Digest
+  # source://openssl//openssl/digest.rb#35
+  def initialize(data = T.unsafe(nil)); end
+
+  class << self
+    # source://openssl//openssl/digest.rb#41
+    def digest(data); end
+
+    # source://openssl//openssl/digest.rb#42
+    def hexdigest(data); end
+  end
+end
+
+class OpenSSL::Digest::SHA256 < ::OpenSSL::Digest
+  # source://openssl//openssl/digest.rb#35
+  def initialize(data = T.unsafe(nil)); end
+
+  class << self
+    # source://openssl//openssl/digest.rb#41
+    def digest(data); end
+
+    # source://openssl//openssl/digest.rb#42
+    def hexdigest(data); end
+  end
+end
+
+class OpenSSL::Digest::SHA384 < ::OpenSSL::Digest
+  # source://openssl//openssl/digest.rb#35
+  def initialize(data = T.unsafe(nil)); end
+
+  class << self
+    # source://openssl//openssl/digest.rb#41
+    def digest(data); end
+
+    # source://openssl//openssl/digest.rb#42
+    def hexdigest(data); end
+  end
+end
+
+class OpenSSL::Digest::SHA512 < ::OpenSSL::Digest
+  # source://openssl//openssl/digest.rb#35
+  def initialize(data = T.unsafe(nil)); end
+
+  class << self
+    # source://openssl//openssl/digest.rb#41
+    def digest(data); end
+
+    # source://openssl//openssl/digest.rb#42
+    def hexdigest(data); end
+  end
+end
+
+class OpenSSL::HMAC
+  # Securely compare with another HMAC instance in constant time.
+  #
+  # source://openssl//openssl/hmac.rb#6
+  def ==(other); end
+
+  # :call-seq:
+  #    hmac.base64digest -> string
+  #
+  # Returns the authentication code an a Base64-encoded string.
+  #
+  # source://openssl//openssl/hmac.rb#17
+  def base64digest; end
+
+  class << self
+    # :call-seq:
+    #    HMAC.base64digest(digest, key, data) -> aString
+    #
+    # Returns the authentication code as a Base64-encoded string. The _digest_
+    # parameter specifies the digest algorithm to use. This may be a String
+    # representing the algorithm name or an instance of OpenSSL::Digest.
+    #
+    # === Example
+    #  key = 'key'
+    #  data = 'The quick brown fox jumps over the lazy dog'
+    #
+    #  hmac = OpenSSL::HMAC.base64digest('SHA1', key, data)
+    #  #=> "3nybhbi3iqa8ino29wqQcBydtNk="
+    #
+    # source://openssl//openssl/hmac.rb#73
+    def base64digest(digest, key, data); end
+
+    # :call-seq:
+    #    HMAC.digest(digest, key, data) -> aString
+    #
+    # Returns the authentication code as a binary string. The _digest_ parameter
+    # specifies the digest algorithm to use. This may be a String representing
+    # the algorithm name or an instance of OpenSSL::Digest.
+    #
+    # === Example
+    #  key = 'key'
+    #  data = 'The quick brown fox jumps over the lazy dog'
+    #
+    #  hmac = OpenSSL::HMAC.digest('SHA1', key, data)
+    #  #=> "\xDE|\x9B\x85\xB8\xB7\x8A\xA6\xBC\x8Az6\xF7\n\x90p\x1C\x9D\xB4\xD9"
+    #
+    # source://openssl//openssl/hmac.rb#35
+    def digest(digest, key, data); end
+
+    # :call-seq:
+    #    HMAC.hexdigest(digest, key, data) -> aString
+    #
+    # Returns the authentication code as a hex-encoded string. The _digest_
+    # parameter specifies the digest algorithm to use. This may be a String
+    # representing the algorithm name or an instance of OpenSSL::Digest.
+    #
+    # === Example
+    #  key = 'key'
+    #  data = 'The quick brown fox jumps over the lazy dog'
+    #
+    #  hmac = OpenSSL::HMAC.hexdigest('SHA1', key, data)
+    #  #=> "de7c9b85b8b78aa6bc8a7a36f70a90701c9db4d9"
+    #
+    # source://openssl//openssl/hmac.rb#54
+    def hexdigest(digest, key, data); end
+  end
+end
+
+module OpenSSL::Marshal
+  mixes_in_class_methods ::OpenSSL::Marshal::ClassMethods
+
+  # source://openssl//openssl/marshal.rb#26
+  def _dump(_level); end
+
+  class << self
+    # @private
+    #
+    # source://openssl//openssl/marshal.rb#16
+    def included(base); end
+  end
+end
+
+module OpenSSL::Marshal::ClassMethods
+  # source://openssl//openssl/marshal.rb#21
+  def _load(string); end
+end
+
+module OpenSSL::PKCS5
+  private
+
+  # OpenSSL::PKCS5.pbkdf2_hmac has been renamed to OpenSSL::KDF.pbkdf2_hmac.
+  # This method is provided for backwards compatibility.
+  #
+  # source://openssl//openssl/pkcs5.rb#13
+  def pbkdf2_hmac(pass, salt, iter, keylen, digest); end
+
+  # source://openssl//openssl/pkcs5.rb#18
+  def pbkdf2_hmac_sha1(pass, salt, iter, keylen); end
+
+  class << self
+    # OpenSSL::PKCS5.pbkdf2_hmac has been renamed to OpenSSL::KDF.pbkdf2_hmac.
+    # This method is provided for backwards compatibility.
+    #
+    # source://openssl//openssl/pkcs5.rb#13
+    def pbkdf2_hmac(pass, salt, iter, keylen, digest); end
+
+    # source://openssl//openssl/pkcs5.rb#18
+    def pbkdf2_hmac_sha1(pass, salt, iter, keylen); end
+  end
+end
+
+class OpenSSL::PKey::DH < ::OpenSSL::PKey::PKey
+  include ::OpenSSL::Marshal
+  extend ::OpenSSL::Marshal::ClassMethods
+
+  # :call-seq:
+  #    dh.compute_key(pub_bn) -> string
+  #
+  # Returns a String containing a shared secret computed from the other
+  # party's public value.
+  #
+  # This method is provided for backwards compatibility, and calls #derive
+  # internally.
+  #
+  # === Parameters
+  # * _pub_bn_ is a OpenSSL::BN, *not* the DH instance returned by
+  #   DH#public_key as that contains the DH parameters only.
+  #
+  # source://openssl//openssl/pkey.rb#49
+  def compute_key(pub_bn); end
+
+  # :call-seq:
+  #    dh.generate_key! -> self
+  #
+  # Generates a private and public key unless a private key already exists.
+  # If this DH instance was generated from public \DH parameters (e.g. by
+  # encoding the result of DH#public_key), then this method needs to be
+  # called first in order to generate the per-session keys before performing
+  # the actual key exchange.
+  #
+  # <b>Deprecated in version 3.0</b>. This method is incompatible with
+  # OpenSSL 3.0.0 or later.
+  #
+  # See also OpenSSL::PKey.generate_key.
+  #
+  # Example:
+  #   # DEPRECATED USAGE: This will not work on OpenSSL 3.0 or later
+  #   dh0 = OpenSSL::PKey::DH.new(2048)
+  #   dh = dh0.public_key # #public_key only copies the DH parameters (contrary to the name)
+  #   dh.generate_key!
+  #   puts dh.private? # => true
+  #   puts dh0.pub_key == dh.pub_key #=> false
+  #
+  #   # With OpenSSL::PKey.generate_key
+  #   dh0 = OpenSSL::PKey::DH.new(2048)
+  #   dh = OpenSSL::PKey.generate_key(dh0)
+  #   puts dh0.pub_key == dh.pub_key #=> false
+  #
+  # source://openssl//openssl/pkey.rb#91
+  def generate_key!; end
+
+  # :call-seq:
+  #    dh.public_key -> dhnew
+  #
+  # Returns a new DH instance that carries just the \DH parameters.
+  #
+  # Contrary to the method name, the returned DH object contains only
+  # parameters and not the public key.
+  #
+  # This method is provided for backwards compatibility. In most cases, there
+  # is no need to call this method.
+  #
+  # For the purpose of re-generating the key pair while keeping the
+  # parameters, check OpenSSL::PKey.generate_key.
+  #
+  # Example:
+  #   # OpenSSL::PKey::DH.generate by default generates a random key pair
+  #   dh1 = OpenSSL::PKey::DH.generate(2048)
+  #   p dh1.priv_key #=> #<OpenSSL::BN 1288347...>
+  #   dhcopy = dh1.public_key
+  #   p dhcopy.priv_key #=> nil
+  #
+  # source://openssl//openssl/pkey.rb#33
+  def public_key; end
+
+  class << self
+    # :call-seq:
+    #    DH.generate(size, generator = 2) -> dh
+    #
+    # Creates a new DH instance from scratch by generating random parameters
+    # and a key pair.
+    #
+    # See also OpenSSL::PKey.generate_parameters and
+    # OpenSSL::PKey.generate_key.
+    #
+    # +size+::
+    #   The desired key size in bits.
+    # +generator+::
+    #   The generator.
+    #
+    # source://openssl//openssl/pkey.rb#118
+    def generate(size, generator = T.unsafe(nil), &blk); end
+
+    # Handle DH.new(size, generator) form here; new(str) and new() forms
+    # are handled by #initialize
+    #
+    # source://openssl//openssl/pkey.rb#128
+    def new(*args, &blk); end
+  end
+end
+
+class OpenSSL::PKey::DSA < ::OpenSSL::PKey::PKey
+  include ::OpenSSL::Marshal
+  extend ::OpenSSL::Marshal::ClassMethods
+
+  # :call-seq:
+  #    dsa.public_key -> dsanew
+  #
+  # Returns a new DSA instance that carries just the \DSA parameters and the
+  # public key.
+  #
+  # This method is provided for backwards compatibility. In most cases, there
+  # is no need to call this method.
+  #
+  # For the purpose of serializing the public key, to PEM or DER encoding of
+  # X.509 SubjectPublicKeyInfo format, check PKey#public_to_pem and
+  # PKey#public_to_der.
+  #
+  # source://openssl//openssl/pkey.rb#153
+  def public_key; end
+
+  # :call-seq:
+  #    dsa.syssign(string) -> string
+  #
+  # Computes and returns the \DSA signature of +string+, where +string+ is
+  # expected to be an already-computed message digest of the original input
+  # data. The signature is issued using the private key of this DSA instance.
+  #
+  # <b>Deprecated in version 3.0</b>.
+  # Consider using PKey::PKey#sign_raw and PKey::PKey#verify_raw instead.
+  #
+  # +string+::
+  #   A message digest of the original input data to be signed.
+  #
+  # Example:
+  #   dsa = OpenSSL::PKey::DSA.new(2048)
+  #   doc = "Sign me"
+  #   digest = OpenSSL::Digest.digest('SHA1', doc)
+  #
+  #   # With legacy #syssign and #sysverify:
+  #   sig = dsa.syssign(digest)
+  #   p dsa.sysverify(digest, sig) #=> true
+  #
+  #   # With #sign_raw and #verify_raw:
+  #   sig = dsa.sign_raw(nil, digest)
+  #   p dsa.verify_raw(nil, sig, digest) #=> true
+  #
+  # source://openssl//openssl/pkey.rb#220
+  def syssign(string); end
+
+  # :call-seq:
+  #    dsa.sysverify(digest, sig) -> true | false
+  #
+  # Verifies whether the signature is valid given the message digest input.
+  # It does so by validating +sig+ using the public key of this DSA instance.
+  #
+  # <b>Deprecated in version 3.0</b>.
+  # Consider using PKey::PKey#sign_raw and PKey::PKey#verify_raw instead.
+  #
+  # +digest+::
+  #   A message digest of the original input data to be signed.
+  # +sig+::
+  #   A \DSA signature value.
+  #
+  # source://openssl//openssl/pkey.rb#243
+  def sysverify(digest, sig); end
+
+  class << self
+    # :call-seq:
+    #    DSA.generate(size) -> dsa
+    #
+    # Creates a new DSA instance by generating a private/public key pair
+    # from scratch.
+    #
+    # See also OpenSSL::PKey.generate_parameters and
+    # OpenSSL::PKey.generate_key.
+    #
+    # +size+::
+    #   The desired key size in bits.
+    #
+    # source://openssl//openssl/pkey.rb#169
+    def generate(size, &blk); end
+
+    # Handle DSA.new(size) form here; new(str) and new() forms
+    # are handled by #initialize
+    #
+    # source://openssl//openssl/pkey.rb#186
+    def new(*args, &blk); end
+  end
+end
+
+class OpenSSL::PKey::EC < ::OpenSSL::PKey::PKey
+  include ::OpenSSL::Marshal
+  extend ::OpenSSL::Marshal::ClassMethods
+
+  # :call-seq:
+  #    ec.dh_compute_key(pubkey) -> string
+  #
+  # Derives a shared secret by ECDH. _pubkey_ must be an instance of
+  # OpenSSL::PKey::EC::Point and must belong to the same group.
+  #
+  # This method is provided for backwards compatibility, and calls #derive
+  # internally.
+  #
+  # source://openssl//openssl/pkey.rb#284
+  def dh_compute_key(pubkey); end
+
+  # :call-seq:
+  #    key.dsa_sign_asn1(data) -> String
+  #
+  # <b>Deprecated in version 3.0</b>.
+  # Consider using PKey::PKey#sign_raw and PKey::PKey#verify_raw instead.
+  #
+  # source://openssl//openssl/pkey.rb#259
+  def dsa_sign_asn1(data); end
+
+  # :call-seq:
+  #    key.dsa_verify_asn1(data, sig) -> true | false
+  #
+  # <b>Deprecated in version 3.0</b>.
+  # Consider using PKey::PKey#sign_raw and PKey::PKey#verify_raw instead.
+  #
+  # source://openssl//openssl/pkey.rb#270
+  def dsa_verify_asn1(data, sig); end
+end
+
+OpenSSL::PKey::EC::EXPLICIT_CURVE = T.let(T.unsafe(nil), Integer)
+
+class OpenSSL::PKey::EC::Point
+  # :call-seq:
+  #    point.to_bn([conversion_form]) -> OpenSSL::BN
+  #
+  # Returns the octet string representation of the EC point as an instance of
+  # OpenSSL::BN.
+  #
+  # If _conversion_form_ is not given, the _point_conversion_form_ attribute
+  # set to the group is used.
+  #
+  # See #to_octet_string for more information.
+  #
+  # source://openssl//openssl/pkey.rb#307
+  def to_bn(conversion_form = T.unsafe(nil)); end
+end
+
+class OpenSSL::PKey::RSA < ::OpenSSL::PKey::PKey
+  include ::OpenSSL::Marshal
+  extend ::OpenSSL::Marshal::ClassMethods
+
+  # :call-seq:
+  #    rsa.private_decrypt(string)          -> String
+  #    rsa.private_decrypt(string, padding) -> String
+  #
+  # Decrypt +string+, which has been encrypted with the public key, with the
+  # private key. +padding+ defaults to PKCS1_PADDING.
+  #
+  # <b>Deprecated in version 3.0</b>.
+  # Consider using PKey::PKey#encrypt and PKey::PKey#decrypt instead.
+  #
+  # source://openssl//openssl/pkey.rb#435
+  def private_decrypt(data, padding = T.unsafe(nil)); end
+
+  # :call-seq:
+  #    rsa.private_encrypt(string)          -> String
+  #    rsa.private_encrypt(string, padding) -> String
+  #
+  # Encrypt +string+ with the private key.  +padding+ defaults to
+  # PKCS1_PADDING. The encrypted string output can be decrypted using
+  # #public_decrypt.
+  #
+  # <b>Deprecated in version 3.0</b>.
+  # Consider using PKey::PKey#sign_raw and PKey::PKey#verify_raw, and
+  # PKey::PKey#verify_recover instead.
+  #
+  # source://openssl//openssl/pkey.rb#372
+  def private_encrypt(string, padding = T.unsafe(nil)); end
+
+  # :call-seq:
+  #    rsa.public_decrypt(string)          -> String
+  #    rsa.public_decrypt(string, padding) -> String
+  #
+  # Decrypt +string+, which has been encrypted with the private key, with the
+  # public key.  +padding+ defaults to PKCS1_PADDING.
+  #
+  # <b>Deprecated in version 3.0</b>.
+  # Consider using PKey::PKey#sign_raw and PKey::PKey#verify_raw, and
+  # PKey::PKey#verify_recover instead.
+  #
+  # source://openssl//openssl/pkey.rb#394
+  def public_decrypt(string, padding = T.unsafe(nil)); end
+
+  # :call-seq:
+  #    rsa.public_encrypt(string)          -> String
+  #    rsa.public_encrypt(string, padding) -> String
+  #
+  # Encrypt +string+ with the public key.  +padding+ defaults to
+  # PKCS1_PADDING. The encrypted string output can be decrypted using
+  # #private_decrypt.
+  #
+  # <b>Deprecated in version 3.0</b>.
+  # Consider using PKey::PKey#encrypt and PKey::PKey#decrypt instead.
+  #
+  # source://openssl//openssl/pkey.rb#415
+  def public_encrypt(data, padding = T.unsafe(nil)); end
+
+  # :call-seq:
+  #    rsa.public_key -> rsanew
+  #
+  # Returns a new RSA instance that carries just the public key components.
+  #
+  # This method is provided for backwards compatibility. In most cases, there
+  # is no need to call this method.
+  #
+  # For the purpose of serializing the public key, to PEM or DER encoding of
+  # X.509 SubjectPublicKeyInfo format, check PKey#public_to_pem and
+  # PKey#public_to_der.
+  #
+  # source://openssl//openssl/pkey.rb#327
+  def public_key; end
+
+  private
+
+  # source://openssl//openssl/pkey.rb#452
+  def translate_padding_mode(num); end
+
+  class << self
+    # :call-seq:
+    #    RSA.generate(size, exponent = 65537) -> RSA
+    #
+    # Generates an \RSA keypair.
+    #
+    # See also OpenSSL::PKey.generate_key.
+    #
+    # +size+::
+    #   The desired key size in bits.
+    # +exponent+::
+    #   An odd Integer, normally 3, 17, or 65537.
+    #
+    # source://openssl//openssl/pkey.rb#343
+    def generate(size, exp = T.unsafe(nil), &blk); end
+
+    # Handle RSA.new(size, exponent) form here; new(str) and new() forms
+    # are handled by #initialize
+    #
+    # source://openssl//openssl/pkey.rb#352
+    def new(*args, &blk); end
+  end
+end
+
+module OpenSSL::SSL
+  private
+
+  # source://openssl//openssl/ssl.rb#273
+  def verify_certificate_identity(cert, hostname); end
+
+  # source://openssl//openssl/ssl.rb#306
+  def verify_hostname(hostname, san); end
+
+  # source://openssl//openssl/ssl.rb#339
+  def verify_wildcard(domain_component, san_component); end
+
+  class << self
+    # source://openssl//openssl/ssl.rb#273
+    def verify_certificate_identity(cert, hostname); end
+
+    # source://openssl//openssl/ssl.rb#306
+    def verify_hostname(hostname, san); end
+
+    # source://openssl//openssl/ssl.rb#339
+    def verify_wildcard(domain_component, san_component); end
+  end
+end
+
+OpenSSL::SSL::OP_ALLOW_CLIENT_RENEGOTIATION = T.let(T.unsafe(nil), Integer)
+OpenSSL::SSL::OP_ALLOW_NO_DHE_KEX = T.let(T.unsafe(nil), Integer)
+OpenSSL::SSL::OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION = T.let(T.unsafe(nil), Integer)
+OpenSSL::SSL::OP_CLEANSE_PLAINTEXT = T.let(T.unsafe(nil), Integer)
+OpenSSL::SSL::OP_CRYPTOPRO_TLSEXT_BUG = T.let(T.unsafe(nil), Integer)
+OpenSSL::SSL::OP_DISABLE_TLSEXT_CA_NAMES = T.let(T.unsafe(nil), Integer)
+OpenSSL::SSL::OP_ENABLE_KTLS = T.let(T.unsafe(nil), Integer)
+OpenSSL::SSL::OP_ENABLE_MIDDLEBOX_COMPAT = T.let(T.unsafe(nil), Integer)
+OpenSSL::SSL::OP_IGNORE_UNEXPECTED_EOF = T.let(T.unsafe(nil), Integer)
+OpenSSL::SSL::OP_LEGACY_SERVER_CONNECT = T.let(T.unsafe(nil), Integer)
+OpenSSL::SSL::OP_NO_ANTI_REPLAY = T.let(T.unsafe(nil), Integer)
+OpenSSL::SSL::OP_NO_ENCRYPT_THEN_MAC = T.let(T.unsafe(nil), Integer)
+OpenSSL::SSL::OP_NO_RENEGOTIATION = T.let(T.unsafe(nil), Integer)
+OpenSSL::SSL::OP_NO_TLSv1_3 = T.let(T.unsafe(nil), Integer)
+OpenSSL::SSL::OP_PRIORITIZE_CHACHA = T.let(T.unsafe(nil), Integer)
+OpenSSL::SSL::OP_SAFARI_ECDHE_ECDSA_BUG = T.let(T.unsafe(nil), Integer)
+OpenSSL::SSL::OP_TLSEXT_PADDING = T.let(T.unsafe(nil), Integer)
+OpenSSL::SSL::SSL2_VERSION = T.let(T.unsafe(nil), Integer)
+OpenSSL::SSL::SSL3_VERSION = T.let(T.unsafe(nil), Integer)
+
+class OpenSSL::SSL::SSLContext
+  # call-seq:
+  #    SSLContext.new           -> ctx
+  #    SSLContext.new(:TLSv1)   -> ctx
+  #    SSLContext.new("SSLv23") -> ctx
+  #
+  # Creates a new SSL context.
+  #
+  # If an argument is given, #ssl_version= is called with the value. Note
+  # that this form is deprecated. New applications should use #min_version=
+  # and #max_version= as necessary.
+  #
+  # @return [SSLContext] a new instance of SSLContext
+  #
+  # source://openssl//openssl/ssl.rb#124
+  def initialize(version = T.unsafe(nil)); end
+
+  # call-seq:
+  #    ctx.max_version = OpenSSL::SSL::TLS1_2_VERSION
+  #    ctx.max_version = :TLS1_2
+  #    ctx.max_version = nil
+  #
+  # Sets the upper bound of the supported SSL/TLS protocol version. See
+  # #min_version= for the possible values.
+  #
+  # source://openssl//openssl/ssl.rb#187
+  def max_version=(version); end
+
+  # call-seq:
+  #    ctx.min_version = OpenSSL::SSL::TLS1_2_VERSION
+  #    ctx.min_version = :TLS1_2
+  #    ctx.min_version = nil
+  #
+  # Sets the lower bound on the supported SSL/TLS protocol version. The
+  # version may be specified by an integer constant named
+  # OpenSSL::SSL::*_VERSION, a Symbol, or +nil+ which means "any version".
+  #
+  # Be careful that you don't overwrite OpenSSL::SSL::OP_NO_{SSL,TLS}v*
+  # options by #options= once you have called #min_version= or
+  # #max_version=.
+  #
+  # === Example
+  #   ctx = OpenSSL::SSL::SSLContext.new
+  #   ctx.min_version = OpenSSL::SSL::TLS1_1_VERSION
+  #   ctx.max_version = OpenSSL::SSL::TLS1_2_VERSION
+  #
+  #   sock = OpenSSL::SSL::SSLSocket.new(tcp_sock, ctx)
+  #   sock.connect # Initiates a connection using either TLS 1.1 or TLS 1.2
+  #
+  # source://openssl//openssl/ssl.rb#175
+  def min_version=(version); end
+
+  # A callback invoked at connect time to distinguish between multiple
+  # server names.
+  #
+  # The callback is invoked with an SSLSocket and a server name.  The
+  # callback must return an SSLContext for the server name or nil.
+  #
+  # source://openssl//openssl/ssl.rb#112
+  def servername_cb; end
+
+  # A callback invoked at connect time to distinguish between multiple
+  # server names.
+  #
+  # The callback is invoked with an SSLSocket and a server name.  The
+  # callback must return an SSLContext for the server name or nil.
+  #
+  # source://openssl//openssl/ssl.rb#112
+  def servername_cb=(_arg0); end
+
+  # call-seq:
+  #   ctx.set_params(params = {}) -> params
+  #
+  # Sets saner defaults optimized for the use with HTTP-like protocols.
+  #
+  # If a Hash _params_ is given, the parameters are overridden with it.
+  # The keys in _params_ must be assignment methods on SSLContext.
+  #
+  # If the verify_mode is not VERIFY_NONE and ca_file, ca_path and
+  # cert_store are not set then the system default certificate store is
+  # used.
+  #
+  # source://openssl//openssl/ssl.rb#143
+  def set_params(params = T.unsafe(nil)); end
+
+  # call-seq:
+  #    ctx.ssl_version = :TLSv1
+  #    ctx.ssl_version = "SSLv23"
+  #
+  # Sets the SSL/TLS protocol version for the context. This forces
+  # connections to use only the specified protocol version. This is
+  # deprecated and only provided for backwards compatibility. Use
+  # #min_version= and #max_version= instead.
+  #
+  # === History
+  # As the name hints, this used to call the SSL_CTX_set_ssl_version()
+  # function which sets the SSL method used for connections created from
+  # the context. As of Ruby/OpenSSL 2.1, this accessor method is
+  # implemented to call #min_version= and #max_version= instead.
+  #
+  # source://openssl//openssl/ssl.rb#206
+  def ssl_version=(meth); end
+
+  # A callback invoked when DH parameters are required for ephemeral DH key
+  # exchange.
+  #
+  # The callback is invoked with the SSLSocket, a
+  # flag indicating the use of an export cipher and the keylength
+  # required.
+  #
+  # The callback must return an OpenSSL::PKey::DH instance of the correct
+  # key length.
+  #
+  # <b>Deprecated in version 3.0.</b> Use #tmp_dh= instead.
+  #
+  # source://openssl//openssl/ssl.rb#105
+  def tmp_dh_callback; end
+
+  # A callback invoked when DH parameters are required for ephemeral DH key
+  # exchange.
+  #
+  # The callback is invoked with the SSLSocket, a
+  # flag indicating the use of an export cipher and the keylength
+  # required.
+  #
+  # The callback must return an OpenSSL::PKey::DH instance of the correct
+  # key length.
+  #
+  # <b>Deprecated in version 3.0.</b> Use #tmp_dh= instead.
+  #
+  # source://openssl//openssl/ssl.rb#105
+  def tmp_dh_callback=(_arg0); end
+end
+
+# source://openssl//openssl/ssl.rb#34
+OpenSSL::SSL::SSLContext::DEFAULT_2048 = T.let(T.unsafe(nil), OpenSSL::PKey::DH)
+
+# source://openssl//openssl/ssl.rb#46
+OpenSSL::SSL::SSLContext::DEFAULT_TMP_DH_CALLBACK = T.let(T.unsafe(nil), Proc)
+
+# The list of available SSL/TLS methods. This constant is only provided
+# for backwards compatibility.
+#
+# source://openssl//openssl/ssl.rb#232
+OpenSSL::SSL::SSLContext::METHODS = T.let(T.unsafe(nil), Array)
+
+# source://openssl//openssl/ssl.rb#220
+OpenSSL::SSL::SSLContext::METHODS_MAP = T.let(T.unsafe(nil), Hash)
+
+class OpenSSL::SSL::SSLErrorWaitReadable < ::OpenSSL::SSL::SSLError
+  include ::IO::WaitReadable
+end
+
+class OpenSSL::SSL::SSLErrorWaitWritable < ::OpenSSL::SSL::SSLError
+  include ::IO::WaitWritable
+end
+
+# SSLServer represents a TCP/IP server socket with Secure Sockets Layer.
+class OpenSSL::SSL::SSLServer
+  include ::OpenSSL::SSL::SocketForwarder
+
+  # Creates a new instance of SSLServer.
+  # * _srv_ is an instance of TCPServer.
+  # * _ctx_ is an instance of OpenSSL::SSL::SSLContext.
+  #
+  # @return [SSLServer] a new instance of SSLServer
+  #
+  # source://openssl//openssl/ssl.rb#488
+  def initialize(svr, ctx); end
+
+  # Works similar to TCPServer#accept.
+  #
+  # source://openssl//openssl/ssl.rb#516
+  def accept; end
+
+  # See IO#close for details.
+  #
+  # source://openssl//openssl/ssl.rb#537
+  def close; end
+
+  # See TCPServer#listen for details.
+  #
+  # source://openssl//openssl/ssl.rb#506
+  def listen(backlog = T.unsafe(nil)); end
+
+  # See BasicSocket#shutdown for details.
+  #
+  # source://openssl//openssl/ssl.rb#511
+  def shutdown(how = T.unsafe(nil)); end
+
+  # When true then #accept works exactly the same as TCPServer#accept
+  #
+  # source://openssl//openssl/ssl.rb#483
+  def start_immediately; end
+
+  # When true then #accept works exactly the same as TCPServer#accept
+  #
+  # source://openssl//openssl/ssl.rb#483
+  def start_immediately=(_arg0); end
+
+  # Returns the TCPServer passed to the SSLServer when initialized.
+  #
+  # source://openssl//openssl/ssl.rb#501
+  def to_io; end
+end
+
+class OpenSSL::SSL::SSLSocket
+  include ::Enumerable
+  include ::OpenSSL::Buffering
+  include ::OpenSSL::SSL::SocketForwarder
+
+  # The SSLContext object used in this connection.
+  #
+  # source://openssl//openssl/ssl.rb#368
+  def context; end
+
+  # Returns the value of attribute hostname.
+  #
+  # source://openssl//openssl/ssl.rb#361
+  def hostname; end
+
+  # The underlying IO object.
+  #
+  # source://openssl//openssl/ssl.rb#364
+  def io; end
+
+  # call-seq:
+  #   ssl.post_connection_check(hostname) -> true
+  #
+  # Perform hostname verification following RFC 6125.
+  #
+  # This method MUST be called after calling #connect to ensure that the
+  # hostname of a remote peer has been verified.
+  #
+  # source://openssl//openssl/ssl.rb#394
+  def post_connection_check(hostname); end
+
+  # call-seq:
+  #   ssl.session -> aSession
+  #
+  # Returns the SSLSession object currently used, or nil if the session is
+  # not established.
+  #
+  # source://openssl//openssl/ssl.rb#415
+  def session; end
+
+  # Whether to close the underlying socket as well, when the SSL/TLS
+  # connection is shut down. This defaults to +false+.
+  #
+  # source://openssl//openssl/ssl.rb#372
+  def sync_close; end
+
+  # Whether to close the underlying socket as well, when the SSL/TLS
+  # connection is shut down. This defaults to +false+.
+  #
+  # source://openssl//openssl/ssl.rb#372
+  def sync_close=(_arg0); end
+
+  # call-seq:
+  #    ssl.sysclose => nil
+  #
+  # Sends "close notify" to the peer and tries to shut down the SSL
+  # connection gracefully.
+  #
+  # If sync_close is set to +true+, the underlying IO is also closed.
+  #
+  # source://openssl//openssl/ssl.rb#381
+  def sysclose; end
+
+  # The underlying IO object.
+  #
+  # source://openssl//openssl/ssl.rb#364
+  def to_io; end
+
+  private
+
+  # source://openssl//openssl/ssl.rb#429
+  def client_cert_cb; end
+
+  # source://openssl//openssl/ssl.rb#441
+  def session_get_cb; end
+
+  # source://openssl//openssl/ssl.rb#437
+  def session_new_cb; end
+
+  # source://openssl//openssl/ssl.rb#433
+  def tmp_dh_callback; end
+
+  # @return [Boolean]
+  #
+  # source://openssl//openssl/ssl.rb#423
+  def using_anon_cipher?; end
+
+  class << self
+    # call-seq:
+    #   open(remote_host, remote_port, local_host=nil, local_port=nil, context: nil)
+    #
+    # Creates a new instance of SSLSocket.
+    # _remote\_host_ and _remote\_port_ are used to open TCPSocket.
+    # If _local\_host_ and _local\_port_ are specified,
+    # then those parameters are used on the local end to establish the connection.
+    # If _context_ is provided,
+    # the SSL Sockets initial params will be taken from the context.
+    #
+    # === Examples
+    #
+    #   sock = OpenSSL::SSL::SSLSocket.open('localhost', 443)
+    #   sock.connect # Initiates a connection to localhost:443
+    #
+    # with SSLContext:
+    #
+    #   ctx = OpenSSL::SSL::SSLContext.new
+    #   sock = OpenSSL::SSL::SSLSocket.open('localhost', 443, context: ctx)
+    #   sock.connect # Initiates a connection to localhost:443 with SSLContext
+    #
+    # source://openssl//openssl/ssl.rb#467
+    def open(remote_host, remote_port, local_host = T.unsafe(nil), local_port = T.unsafe(nil), context: T.unsafe(nil)); end
+  end
+end
+
+module OpenSSL::SSL::SocketForwarder
+  # source://openssl//openssl/ssl.rb#244
+  def addr; end
+
+  # @return [Boolean]
+  #
+  # source://openssl//openssl/ssl.rb#264
+  def closed?; end
+
+  # source://openssl//openssl/ssl.rb#268
+  def do_not_reverse_lookup=(flag); end
+
+  # source://openssl//openssl/ssl.rb#260
+  def fcntl(*args); end
+
+  # The file descriptor for the socket.
+  #
+  # source://openssl//openssl/ssl.rb#240
+  def fileno; end
+
+  # source://openssl//openssl/ssl.rb#256
+  def getsockopt(level, optname); end
+
+  # source://openssl//openssl/ssl.rb#248
+  def peeraddr; end
+
+  # source://openssl//openssl/ssl.rb#252
+  def setsockopt(level, optname, optval); end
+end
+
+OpenSSL::SSL::TLS1_1_VERSION = T.let(T.unsafe(nil), Integer)
+OpenSSL::SSL::TLS1_2_VERSION = T.let(T.unsafe(nil), Integer)
+OpenSSL::SSL::TLS1_3_VERSION = T.let(T.unsafe(nil), Integer)
+OpenSSL::SSL::TLS1_VERSION = T.let(T.unsafe(nil), Integer)
+module OpenSSL::Timestamp; end
+
+class OpenSSL::Timestamp::Factory
+  def additional_certs; end
+  def additional_certs=(_arg0); end
+  def allowed_digests; end
+  def allowed_digests=(_arg0); end
+  def create_timestamp(_arg0, _arg1, _arg2); end
+  def default_policy_id; end
+  def default_policy_id=(_arg0); end
+  def gen_time; end
+  def gen_time=(_arg0); end
+  def serial_number; end
+  def serial_number=(_arg0); end
+end
+
+class OpenSSL::Timestamp::Request
+  def initialize(*_arg0); end
+
+  def algorithm; end
+  def algorithm=(_arg0); end
+  def cert_requested=(_arg0); end
+  def cert_requested?; end
+  def message_imprint; end
+  def message_imprint=(_arg0); end
+  def nonce; end
+  def nonce=(_arg0); end
+  def policy_id; end
+  def policy_id=(_arg0); end
+  def to_der; end
+  def version; end
+  def version=(_arg0); end
+end
+
+class OpenSSL::Timestamp::Response
+  def initialize(_arg0); end
+
+  def failure_info; end
+  def status; end
+  def status_text; end
+  def to_der; end
+  def token; end
+  def token_info; end
+  def tsa_certificate; end
+  def verify(*_arg0); end
+end
+
+OpenSSL::Timestamp::Response::GRANTED = T.let(T.unsafe(nil), Integer)
+OpenSSL::Timestamp::Response::GRANTED_WITH_MODS = T.let(T.unsafe(nil), Integer)
+OpenSSL::Timestamp::Response::REJECTION = T.let(T.unsafe(nil), Integer)
+OpenSSL::Timestamp::Response::REVOCATION_NOTIFICATION = T.let(T.unsafe(nil), Integer)
+OpenSSL::Timestamp::Response::REVOCATION_WARNING = T.let(T.unsafe(nil), Integer)
+OpenSSL::Timestamp::Response::WAITING = T.let(T.unsafe(nil), Integer)
+class OpenSSL::Timestamp::TimestampError < ::OpenSSL::OpenSSLError; end
+
+class OpenSSL::Timestamp::TokenInfo
+  def initialize(_arg0); end
+
+  def algorithm; end
+  def gen_time; end
+  def message_imprint; end
+  def nonce; end
+  def ordering; end
+  def policy_id; end
+  def serial_number; end
+  def to_der; end
+  def version; end
+end
+
+class OpenSSL::X509::Attribute
+  include ::OpenSSL::Marshal
+  extend ::OpenSSL::Marshal::ClassMethods
+
+  # source://openssl//openssl/x509.rb#330
+  def ==(other); end
+end
+
+class OpenSSL::X509::CRL
+  include ::OpenSSL::Marshal
+  include ::OpenSSL::X509::Extension::Helpers
+  include ::OpenSSL::X509::Extension::AuthorityKeyIdentifier
+  extend ::OpenSSL::Marshal::ClassMethods
+
+  # source://openssl//openssl/x509.rb#369
+  def ==(other); end
+end
+
+class OpenSSL::X509::Certificate
+  include ::OpenSSL::Marshal
+  include ::OpenSSL::X509::Extension::Helpers
+  include ::OpenSSL::X509::Extension::SubjectKeyIdentifier
+  include ::OpenSSL::X509::Extension::AuthorityKeyIdentifier
+  include ::OpenSSL::X509::Extension::CRLDistributionPoints
+  include ::OpenSSL::X509::Extension::AuthorityInfoAccess
+  extend ::OpenSSL::Marshal::ClassMethods
+
+  # source://openssl//openssl/x509.rb#349
+  def pretty_print(q); end
+
+  class << self
+    # source://openssl//openssl/x509.rb#360
+    def load_file(path); end
+  end
+end
+
+class OpenSSL::X509::Extension
+  include ::OpenSSL::Marshal
+  extend ::OpenSSL::Marshal::ClassMethods
+
+  # source://openssl//openssl/x509.rb#48
+  def ==(other); end
+
+  # source://openssl//openssl/x509.rb#64
+  def to_a; end
+
+  # {"oid"=>sn|ln, "value"=>value, "critical"=>true|false}
+  #
+  # source://openssl//openssl/x509.rb#60
+  def to_h; end
+
+  # "oid = critical, value"
+  #
+  # source://openssl//openssl/x509.rb#53
+  def to_s; end
+end
+
+module OpenSSL::X509::Extension::AuthorityInfoAccess
+  include ::OpenSSL::X509::Extension::Helpers
+
+  # Get the information and services for the issuer from the certificate's
+  # authority information access extension exteension, as described in RFC5280
+  # Section 4.2.2.1.
+  #
+  # Returns an array of strings or nil or raises ASN1::ASN1Error.
+  #
+  # source://openssl//openssl/x509.rb#162
+  def ca_issuer_uris; end
+
+  # Get the URIs for OCSP from the certificate's authority information access
+  # extension exteension, as described in RFC5280 Section 4.2.2.1.
+  #
+  # Returns an array of strings or nil or raises ASN1::ASN1Error.
+  #
+  # source://openssl//openssl/x509.rb#177
+  def ocsp_uris; end
+
+  private
+
+  # source://openssl//openssl/x509.rb#190
+  def parse_aia_asn1; end
+end
+
+module OpenSSL::X509::Extension::AuthorityKeyIdentifier
+  include ::OpenSSL::X509::Extension::Helpers
+
+  # Get the issuing certificate's key identifier from the
+  # authorityKeyIdentifier extension, as described in RFC5280
+  # Section 4.2.1.1
+  #
+  # Returns the binary String keyIdentifier or nil or raises
+  # ASN1::ASN1Error.
+  #
+  # source://openssl//openssl/x509.rb#104
+  def authority_key_identifier; end
+end
+
+module OpenSSL::X509::Extension::CRLDistributionPoints
+  include ::OpenSSL::X509::Extension::Helpers
+
+  # Get the distributionPoint fullName URI from the certificate's CRL
+  # distribution points extension, as described in RFC5280 Section
+  # 4.2.1.13
+  #
+  # Returns an array of strings or nil or raises ASN1::ASN1Error.
+  #
+  # source://openssl//openssl/x509.rb#129
+  def crl_uris; end
+end
+
+module OpenSSL::X509::Extension::Helpers
+  # source://openssl//openssl/x509.rb#69
+  def find_extension(oid); end
+end
+
+module OpenSSL::X509::Extension::SubjectKeyIdentifier
+  include ::OpenSSL::X509::Extension::Helpers
+
+  # Get the subject's key identifier from the subjectKeyIdentifier
+  # exteension, as described in RFC5280 Section 4.2.1.2.
+  #
+  # Returns the binary String key identifier or nil or raises
+  # ASN1::ASN1Error.
+  #
+  # source://openssl//openssl/x509.rb#82
+  def subject_key_identifier; end
+end
+
+class OpenSSL::X509::Name
+  include ::Comparable
+  include ::OpenSSL::Marshal
+  extend ::OpenSSL::Marshal::ClassMethods
+
+  # source://openssl//openssl/x509.rb#319
+  def pretty_print(q); end
+
+  class << self
+    # Parses the string representation of a distinguished name. Two
+    # different forms are supported:
+    #
+    # - \OpenSSL format (<tt>X509_NAME_oneline()</tt>) used by
+    #   <tt>#to_s</tt>. For example: <tt>/DC=com/DC=example/CN=nobody</tt>
+    # - \OpenSSL format (<tt>X509_NAME_print()</tt>)
+    #   used by <tt>#to_s(OpenSSL::X509::Name::COMPAT)</tt>. For example:
+    #   <tt>DC=com, DC=example, CN=nobody</tt>
+    #
+    # Neither of them is standardized and has quirks and inconsistencies
+    # in handling of escaped characters or multi-valued RDNs.
+    #
+    # Use of this method is discouraged in new applications. See
+    # Name.parse_rfc2253 and #to_utf8 for the alternative.
+    #
+    # source://openssl//openssl/x509.rb#305
+    def parse(str, template = T.unsafe(nil)); end
+
+    # Parses the string representation of a distinguished name. Two
+    # different forms are supported:
+    #
+    # - \OpenSSL format (<tt>X509_NAME_oneline()</tt>) used by
+    #   <tt>#to_s</tt>. For example: <tt>/DC=com/DC=example/CN=nobody</tt>
+    # - \OpenSSL format (<tt>X509_NAME_print()</tt>)
+    #   used by <tt>#to_s(OpenSSL::X509::Name::COMPAT)</tt>. For example:
+    #   <tt>DC=com, DC=example, CN=nobody</tt>
+    #
+    # Neither of them is standardized and has quirks and inconsistencies
+    # in handling of escaped characters or multi-valued RDNs.
+    #
+    # Use of this method is discouraged in new applications. See
+    # Name.parse_rfc2253 and #to_utf8 for the alternative.
+    #
+    # source://openssl//openssl/x509.rb#305
+    def parse_openssl(str, template = T.unsafe(nil)); end
+
+    # Parses the UTF-8 string representation of a distinguished name,
+    # according to RFC 2253.
+    #
+    # See also #to_utf8 for the opposite operation.
+    #
+    # source://openssl//openssl/x509.rb#286
+    def parse_rfc2253(str, template = T.unsafe(nil)); end
+  end
+end
+
+module OpenSSL::X509::Name::RFC2253DN
+  private
+
+  # source://openssl//openssl/x509.rb#237
+  def expand_hexstring(str); end
+
+  # source://openssl//openssl/x509.rb#225
+  def expand_pair(str); end
+
+  # source://openssl//openssl/x509.rb#244
+  def expand_value(str1, str2, str3); end
+
+  # source://openssl//openssl/x509.rb#251
+  def scan(dn); end
+
+  class << self
+    # source://openssl//openssl/x509.rb#237
+    def expand_hexstring(str); end
+
+    # source://openssl//openssl/x509.rb#225
+    def expand_pair(str); end
+
+    # source://openssl//openssl/x509.rb#244
+    def expand_value(str1, str2, str3); end
+
+    # source://openssl//openssl/x509.rb#251
+    def scan(dn); end
+  end
+end
+
+class OpenSSL::X509::Request
+  include ::OpenSSL::Marshal
+  extend ::OpenSSL::Marshal::ClassMethods
+
+  # source://openssl//openssl/x509.rb#385
+  def ==(other); end
+end
+
+class OpenSSL::X509::Revoked
+  # source://openssl//openssl/x509.rb#376
+  def ==(other); end
+end