rubysl-openssl 2.10 → 2.11

data/ext/rubysl/openssl/ossl_rand.c

@@ -41,13 +41,13 @@ ossl_rand_seed(VALUE self, VALUE str)
  * The +entropy+ argument is (the lower bound of) an estimate of how much
  * randomness is contained in +str+, measured in bytes.
  *
- *  Example:
+ * === Example
  *
  *    pid = $$
  *    now = Time.now
  *    ary = [now.to_i, now.nsec, 1000, pid]
- *    OpenSSL::Random.add(ary.join("").to_s, 0.0)
- *    OpenSSL::Random.seed(ary.join("").to_s)
+ *    OpenSSL::Random.add(ary.join, 0.0)
+ *    OpenSSL::Random.seed(ary.join)
  */
 static VALUE
 ossl_rand_add(VALUE self, VALUE str, VALUE entropy)
@@ -67,9 +67,9 @@ ossl_rand_add(VALUE self, VALUE str, VALUE entropy)
 static VALUE
 ossl_rand_load_file(VALUE self, VALUE filename)
 {
-    SafeStringValue(filename);
+    rb_check_safe_obj(filename);
 
-    if(!RAND_load_file(RSTRING_PTR(filename), -1)) {
+    if(!RAND_load_file(StringValueCStr(filename), -1)) {
 	ossl_raise(eRandomError, NULL);
     }
     return Qtrue;
@@ -86,8 +86,9 @@ ossl_rand_load_file(VALUE self, VALUE filename)
 static VALUE
 ossl_rand_write_file(VALUE self, VALUE filename)
 {
-    SafeStringValue(filename);
-    if (RAND_write_file(RSTRING_PTR(filename)) == -1) {
+    rb_check_safe_obj(filename);
+
+    if (RAND_write_file(StringValueCStr(filename)) == -1) {
 	ossl_raise(eRandomError, NULL);
     }
     return Qtrue;
@@ -100,10 +101,10 @@ ossl_rand_write_file(VALUE self, VALUE filename)
  * Generates +string+ with +length+ number of cryptographically strong
  * pseudo-random bytes.
  *
- *  Example:
+ * === Example
  *
  *    OpenSSL::Random.random_bytes(12)
- *    => "..."
+ *    #=> "..."
  */
 static VALUE
 ossl_rand_bytes(VALUE self, VALUE len)
@@ -114,10 +115,8 @@ ossl_rand_bytes(VALUE self, VALUE len)
 
     str = rb_str_new(0, n);
     ret = RAND_bytes((unsigned char *)RSTRING_PTR(str), n);
-    if (ret == 0){
-	char buf[256];
-	ERR_error_string_n(ERR_get_error(), buf, 256);
-	ossl_raise(eRandomError, "RAND_bytes error: %s", buf);
+    if (ret == 0) {
+	ossl_raise(eRandomError, "RAND_bytes");
     } else if (ret == -1) {
 	ossl_raise(eRandomError, "RAND_bytes is not supported");
     }
@@ -125,6 +124,7 @@ ossl_rand_bytes(VALUE self, VALUE len)
     return str;
 }
 
+#if defined(HAVE_RAND_PSEUDO_BYTES)
 /*
  *  call-seq:
  *	pseudo_bytes(length) -> string
@@ -134,10 +134,10 @@ ossl_rand_bytes(VALUE self, VALUE len)
  * Pseudo-random byte sequences generated by ::pseudo_bytes will be unique if
  * they are of sufficient length, but are not necessarily unpredictable.
  *
- *  Example:
+ * === Example
  *
  *    OpenSSL::Random.pseudo_bytes(12)
- *    => "..."
+ *    #=> "..."
  */
 static VALUE
 ossl_rand_pseudo_bytes(VALUE self, VALUE len)
@@ -146,12 +146,13 @@ ossl_rand_pseudo_bytes(VALUE self, VALUE len)
     int n = NUM2INT(len);
 
     str = rb_str_new(0, n);
-    if (!RAND_pseudo_bytes((unsigned char *)RSTRING_PTR(str), n)) {
+    if (RAND_pseudo_bytes((unsigned char *)RSTRING_PTR(str), n) < 1) {
 	ossl_raise(eRandomError, NULL);
     }
 
     return str;
 }
+#endif
 
 #ifdef HAVE_RAND_EGD
 /*
@@ -163,9 +164,9 @@ ossl_rand_pseudo_bytes(VALUE self, VALUE len)
 static VALUE
 ossl_rand_egd(VALUE self, VALUE filename)
 {
-    SafeStringValue(filename);
+    rb_check_safe_obj(filename);
 
-    if(!RAND_egd(RSTRING_PTR(filename))) {
+    if (RAND_egd(StringValueCStr(filename)) == -1) {
 	ossl_raise(eRandomError, NULL);
     }
     return Qtrue;
@@ -185,9 +186,9 @@ ossl_rand_egd_bytes(VALUE self, VALUE filename, VALUE len)
 {
     int n = NUM2INT(len);
 
-    SafeStringValue(filename);
+    rb_check_safe_obj(filename);
 
-    if (!RAND_egd_bytes(RSTRING_PTR(filename), n)) {
+    if (RAND_egd_bytes(StringValueCStr(filename), n) == -1) {
 	ossl_raise(eRandomError, NULL);
     }
     return Qtrue;
@@ -213,7 +214,8 @@ void
 Init_ossl_rand(void)
 {
 #if 0
-    mOSSL = rb_define_module("OpenSSL"); /* let rdoc know about mOSSL */
+    mOSSL = rb_define_module("OpenSSL");
+    eOSSLError = rb_define_class_under(mOSSL, "OpenSSLError", rb_eStandardError);
 #endif
 
     mRandom = rb_define_module_under(mOSSL, "Random");
@@ -225,7 +227,9 @@ Init_ossl_rand(void)
     rb_define_module_function(mRandom, "load_random_file", ossl_rand_load_file, 1);
     rb_define_module_function(mRandom, "write_random_file", ossl_rand_write_file, 1);
     rb_define_module_function(mRandom, "random_bytes", ossl_rand_bytes, 1);
+#if defined(HAVE_RAND_PSEUDO_BYTES)
     rb_define_module_function(mRandom, "pseudo_bytes", ossl_rand_pseudo_bytes, 1);
+#endif
 #ifdef HAVE_RAND_EGD
     rb_define_module_function(mRandom, "egd", ossl_rand_egd, 1);
     rb_define_module_function(mRandom, "egd_bytes", ossl_rand_egd_bytes, 2);

data/ext/rubysl/openssl/ossl_ssl.c

@@ -11,10 +11,6 @@
  */
 #include "ossl.h"
 
-#if defined(HAVE_UNISTD_H)
-#  include <unistd.h> /* for read(), and write() */
-#endif
-
 #define numberof(ary) (int)(sizeof(ary)/sizeof((ary)[0]))
 
 #ifdef _WIN32
@@ -36,87 +32,55 @@ VALUE cSSLSocket;
 static VALUE eSSLErrorWaitReadable;
 static VALUE eSSLErrorWaitWritable;
 
-#define ossl_sslctx_set_cert(o,v)        	rb_iv_set((o),"@cert",(v))
-#define ossl_sslctx_set_key(o,v)         	rb_iv_set((o),"@key",(v))
-#define ossl_sslctx_set_client_ca(o,v)   	rb_iv_set((o),"@client_ca",(v))
-#define ossl_sslctx_set_ca_file(o,v)     	rb_iv_set((o),"@ca_file",(v))
-#define ossl_sslctx_set_ca_path(o,v)     	rb_iv_set((o),"@ca_path",(v))
-#define ossl_sslctx_set_timeout(o,v)     	rb_iv_set((o),"@timeout",(v))
-#define ossl_sslctx_set_verify_mode(o,v) 	rb_iv_set((o),"@verify_mode",(v))
-#define ossl_sslctx_set_verify_dep(o,v)  	rb_iv_set((o),"@verify_depth",(v))
-#define ossl_sslctx_set_verify_cb(o,v)   	rb_iv_set((o),"@verify_callback",(v))
-#define ossl_sslctx_set_cert_store(o,v)  	rb_iv_set((o),"@cert_store",(v))
-#define ossl_sslctx_set_extra_cert(o,v)  	rb_iv_set((o),"@extra_chain_cert",(v))
-#define ossl_sslctx_set_client_cert_cb(o,v) 	rb_iv_set((o),"@client_cert_cb",(v))
-#define ossl_sslctx_set_sess_id_ctx(o, v) 	rb_iv_set((o),"@session_id_context",(v))
-
-#define ossl_sslctx_get_cert(o)          	rb_iv_get((o),"@cert")
-#define ossl_sslctx_get_key(o)           	rb_iv_get((o),"@key")
-#define ossl_sslctx_get_client_ca(o)     	rb_iv_get((o),"@client_ca")
-#define ossl_sslctx_get_ca_file(o)       	rb_iv_get((o),"@ca_file")
-#define ossl_sslctx_get_ca_path(o)       	rb_iv_get((o),"@ca_path")
-#define ossl_sslctx_get_timeout(o)       	rb_iv_get((o),"@timeout")
-#define ossl_sslctx_get_verify_mode(o)   	rb_iv_get((o),"@verify_mode")
-#define ossl_sslctx_get_verify_dep(o)    	rb_iv_get((o),"@verify_depth")
-#define ossl_sslctx_get_verify_cb(o)     	rb_iv_get((o),"@verify_callback")
-#define ossl_sslctx_get_cert_store(o)    	rb_iv_get((o),"@cert_store")
-#define ossl_sslctx_get_extra_cert(o)    	rb_iv_get((o),"@extra_chain_cert")
-#define ossl_sslctx_get_client_cert_cb(o) 	rb_iv_get((o),"@client_cert_cb")
-#define ossl_sslctx_get_tmp_ecdh_cb(o)          rb_iv_get((o),"@tmp_ecdh_callback")
-#define ossl_sslctx_get_sess_id_ctx(o)   	rb_iv_get((o),"@session_id_context")
-
-#define ossl_ssl_get_io(o)           rb_iv_get((o),"@io")
-#define ossl_ssl_get_ctx(o)          rb_iv_get((o),"@context")
-#define ossl_ssl_get_x509(o)         rb_iv_get((o),"@x509")
-#define ossl_ssl_get_key(o)          rb_iv_get((o),"@key")
-
-#define ossl_ssl_set_x509(o,v)       rb_iv_set((o),"@x509",(v))
-#define ossl_ssl_set_key(o,v)        rb_iv_set((o),"@key",(v))
-#define ossl_ssl_set_tmp_dh(o,v)     rb_iv_set((o),"@tmp_dh",(v))
-#define ossl_ssl_set_tmp_ecdh(o,v)   rb_iv_set((o),"@tmp_ecdh",(v))
-
-static ID ID_callback_state;
-
+static ID ID_callback_state, id_tmp_dh_callback, id_tmp_ecdh_callback,
+	  id_npn_protocols_encoded;
 static VALUE sym_exception, sym_wait_readable, sym_wait_writable;
 
+static ID id_i_cert_store, id_i_ca_file, id_i_ca_path, id_i_verify_mode,
+	  id_i_verify_depth, id_i_verify_callback, id_i_client_ca,
+	  id_i_renegotiation_cb, id_i_cert, id_i_key, id_i_extra_chain_cert,
+	  id_i_client_cert_cb, id_i_tmp_ecdh_callback, id_i_timeout,
+	  id_i_session_id_context, id_i_session_get_cb, id_i_session_new_cb,
+	  id_i_session_remove_cb, id_i_npn_select_cb, id_i_npn_protocols,
+	  id_i_alpn_select_cb, id_i_alpn_protocols, id_i_servername_cb,
+	  id_i_verify_hostname;
+static ID id_i_io, id_i_context, id_i_hostname;
+
 /*
  * SSLContext class
  */
 static const struct {
     const char *name;
-    SSL_METHOD *(*func)(void);
+    SSL_METHOD *(*func)(void); /* FIXME: constify when dropping 0.9.8 */
+    int version;
 } ossl_ssl_method_tab[] = {
-#define OSSL_SSL_METHOD_ENTRY(name) { #name, (SSL_METHOD *(*)(void))name##_method }
-    OSSL_SSL_METHOD_ENTRY(TLSv1),
-    OSSL_SSL_METHOD_ENTRY(TLSv1_server),
-    OSSL_SSL_METHOD_ENTRY(TLSv1_client),
-#if defined(HAVE_TLSV1_2_METHOD) && defined(HAVE_TLSV1_2_SERVER_METHOD) && \
-        defined(HAVE_TLSV1_2_CLIENT_METHOD)
-    OSSL_SSL_METHOD_ENTRY(TLSv1_2),
-    OSSL_SSL_METHOD_ENTRY(TLSv1_2_server),
-    OSSL_SSL_METHOD_ENTRY(TLSv1_2_client),
+#if defined(HAVE_SSL_CTX_SET_MIN_PROTO_VERSION)
+#define OSSL_SSL_METHOD_ENTRY(name, version) \
+    { #name,          (SSL_METHOD *(*)(void))TLS_method, version }, \
+    { #name"_server", (SSL_METHOD *(*)(void))TLS_server_method, version }, \
+    { #name"_client", (SSL_METHOD *(*)(void))TLS_client_method, version }
+#else
+#define OSSL_SSL_METHOD_ENTRY(name, version) \
+    { #name,          (SSL_METHOD *(*)(void))name##_method, version }, \
+    { #name"_server", (SSL_METHOD *(*)(void))name##_server_method, version }, \
+    { #name"_client", (SSL_METHOD *(*)(void))name##_client_method, version }
 #endif
-#if defined(HAVE_TLSV1_1_METHOD) && defined(HAVE_TLSV1_1_SERVER_METHOD) && \
-        defined(HAVE_TLSV1_1_CLIENT_METHOD)
-    OSSL_SSL_METHOD_ENTRY(TLSv1_1),
-    OSSL_SSL_METHOD_ENTRY(TLSv1_1_server),
-    OSSL_SSL_METHOD_ENTRY(TLSv1_1_client),
+#if !defined(OPENSSL_NO_SSL2) && !defined(OPENSSL_NO_SSL2_METHOD) && defined(HAVE_SSLV2_METHOD)
+    OSSL_SSL_METHOD_ENTRY(SSLv2, SSL2_VERSION),
 #endif
-#if defined(HAVE_SSLV2_METHOD) && defined(HAVE_SSLV2_SERVER_METHOD) && \
-        defined(HAVE_SSLV2_CLIENT_METHOD)
-    OSSL_SSL_METHOD_ENTRY(SSLv2),
-    OSSL_SSL_METHOD_ENTRY(SSLv2_server),
-    OSSL_SSL_METHOD_ENTRY(SSLv2_client),
+#if !defined(OPENSSL_NO_SSL3) && !defined(OPENSSL_NO_SSL3_METHOD) && defined(HAVE_SSLV3_METHOD)
+    OSSL_SSL_METHOD_ENTRY(SSLv3, SSL3_VERSION),
 #endif
-#if defined(HAVE_SSLV3_METHOD) && defined(HAVE_SSLV3_SERVER_METHOD) && \
-        defined(HAVE_SSLV3_CLIENT_METHOD)
-    OSSL_SSL_METHOD_ENTRY(SSLv3),
-    OSSL_SSL_METHOD_ENTRY(SSLv3_server),
-    OSSL_SSL_METHOD_ENTRY(SSLv3_client),
+#if !defined(OPENSSL_NO_TLS1) && !defined(OPENSSL_NO_TLS1_METHOD)
+    OSSL_SSL_METHOD_ENTRY(TLSv1, TLS1_VERSION),
 #endif
-    OSSL_SSL_METHOD_ENTRY(SSLv23),
-    OSSL_SSL_METHOD_ENTRY(SSLv23_server),
-    OSSL_SSL_METHOD_ENTRY(SSLv23_client),
+#if !defined(OPENSSL_NO_TLS1_1) && !defined(OPENSSL_NO_TLS1_1_METHOD) && defined(HAVE_TLSV1_1_METHOD)
+    OSSL_SSL_METHOD_ENTRY(TLSv1_1, TLS1_1_VERSION),
+#endif
+#if !defined(OPENSSL_NO_TLS1_2) && !defined(OPENSSL_NO_TLS1_2_METHOD) && defined(HAVE_TLSV1_2_METHOD)
+    OSSL_SSL_METHOD_ENTRY(TLSv1_2, TLS1_2_VERSION),
+#endif
+    OSSL_SSL_METHOD_ENTRY(SSLv23, 0),
 #undef OSSL_SSL_METHOD_ENTRY
 };
 
@@ -128,8 +92,10 @@ static void
 ossl_sslctx_free(void *ptr)
 {
     SSL_CTX *ctx = ptr;
+#if !defined(HAVE_X509_STORE_UP_REF)
     if(ctx && SSL_CTX_get_ex_data(ctx, ossl_ssl_ex_store_p)== (void*)1)
 	ctx->cert_store = NULL;
+#endif
     SSL_CTX_free(ctx);
 }
 
@@ -145,7 +111,8 @@ static VALUE
 ossl_sslctx_s_alloc(VALUE klass)
 {
     SSL_CTX *ctx;
-    long mode = SSL_MODE_ENABLE_PARTIAL_WRITE;
+    long mode = SSL_MODE_ENABLE_PARTIAL_WRITE |
+	SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER;
     VALUE obj;
 
 #ifdef SSL_MODE_RELEASE_BUFFERS
@@ -161,6 +128,18 @@ ossl_sslctx_s_alloc(VALUE klass)
     RTYPEDDATA_DATA(obj) = ctx;
     SSL_CTX_set_ex_data(ctx, ossl_ssl_ex_ptr_idx, (void*)obj);
 
+#if !defined(OPENSSL_NO_EC) && defined(HAVE_SSL_CTX_SET_ECDH_AUTO)
+    /* We use SSL_CTX_set1_curves_list() to specify the curve used in ECDH. It
+     * allows to specify multiple curve names and OpenSSL will select
+     * automatically from them. In OpenSSL 1.0.2, the automatic selection has to
+     * be enabled explicitly. But OpenSSL 1.1.0 removed the knob and it is
+     * always enabled. To uniform the behavior, we enable the automatic
+     * selection also in 1.0.2. Users can still disable ECDH by removing ECDH
+     * cipher suites by SSLContext#ciphers=. */
+    if (!SSL_CTX_set_ecdh_auto(ctx, 1))
+	ossl_raise(eSSLError, "SSL_CTX_set_ecdh_auto");
+#endif
+
     return obj;
 }
 
@@ -169,146 +148,212 @@ ossl_sslctx_s_alloc(VALUE klass)
  *    ctx.ssl_version = :TLSv1
  *    ctx.ssl_version = "SSLv23_client"
  *
+ * Sets the SSL/TLS protocol version for the context. This forces connections to
+ * use only the specified protocol version.
+ *
  * You can get a list of valid versions with OpenSSL::SSL::SSLContext::METHODS
  */
 static VALUE
 ossl_sslctx_set_ssl_version(VALUE self, VALUE ssl_method)
 {
-    SSL_METHOD *method = NULL;
+    SSL_CTX *ctx;
     const char *s;
     VALUE m = ssl_method;
     int i;
 
-    SSL_CTX *ctx;
+    GetSSLCTX(self, ctx);
     if (RB_TYPE_P(ssl_method, T_SYMBOL))
 	m = rb_sym2str(ssl_method);
     s = StringValueCStr(m);
     for (i = 0; i < numberof(ossl_ssl_method_tab); i++) {
         if (strcmp(ossl_ssl_method_tab[i].name, s) == 0) {
-            method = ossl_ssl_method_tab[i].func();
-            break;
+#if defined(HAVE_SSL_CTX_SET_MIN_PROTO_VERSION)
+	    int version = ossl_ssl_method_tab[i].version;
+#endif
+	    SSL_METHOD *method = ossl_ssl_method_tab[i].func();
+
+	    if (SSL_CTX_set_ssl_version(ctx, method) != 1)
+		ossl_raise(eSSLError, "SSL_CTX_set_ssl_version");
+
+#if defined(HAVE_SSL_CTX_SET_MIN_PROTO_VERSION)
+	    if (!SSL_CTX_set_min_proto_version(ctx, version))
+		ossl_raise(eSSLError, "SSL_CTX_set_min_proto_version");
+	    if (!SSL_CTX_set_max_proto_version(ctx, version))
+		ossl_raise(eSSLError, "SSL_CTX_set_max_proto_version");
+#endif
+	    return ssl_method;
         }
     }
-    if (!method) {
-        ossl_raise(rb_eArgError, "unknown SSL method `%"PRIsVALUE"'.", m);
-    }
-    GetSSLCTX(self, ctx);
-    if (SSL_CTX_set_ssl_version(ctx, method) != 1) {
-        ossl_raise(eSSLError, "SSL_CTX_set_ssl_version");
-    }
 
-    return ssl_method;
+    ossl_raise(rb_eArgError, "unknown SSL method `%"PRIsVALUE"'.", m);
 }
 
 static VALUE
 ossl_call_client_cert_cb(VALUE obj)
 {
-    VALUE cb, ary, cert, key;
+    VALUE ctx_obj, cb, ary, cert, key;
+
+    ctx_obj = rb_attr_get(obj, id_i_context);
+    cb = rb_attr_get(ctx_obj, id_i_client_cert_cb);
+    if (NIL_P(cb))
+	return Qnil;
 
-    cb = rb_funcall(obj, rb_intern("client_cert_cb"), 0);
-    if (NIL_P(cb)) return Qfalse;
     ary = rb_funcall(cb, rb_intern("call"), 1, obj);
     Check_Type(ary, T_ARRAY);
     GetX509CertPtr(cert = rb_ary_entry(ary, 0));
-    GetPKeyPtr(key = rb_ary_entry(ary, 1));
-    ossl_ssl_set_x509(obj, cert);
-    ossl_ssl_set_key(obj, key);
+    GetPrivPKeyPtr(key = rb_ary_entry(ary, 1));
 
-    return Qtrue;
+    return rb_ary_new3(2, cert, key);
 }
 
 static int
 ossl_client_cert_cb(SSL *ssl, X509 **x509, EVP_PKEY **pkey)
 {
-    VALUE obj, success;
+    VALUE obj, ret;
 
     obj = (VALUE)SSL_get_ex_data(ssl, ossl_ssl_ex_ptr_idx);
-    success = rb_protect(ossl_call_client_cert_cb, obj, NULL);
-    if (!RTEST(success)) return 0;
-    *x509 = DupX509CertPtr(ossl_ssl_get_x509(obj));
-    *pkey = DupPKeyPtr(ossl_ssl_get_key(obj));
+    ret = rb_protect(ossl_call_client_cert_cb, obj, NULL);
+    if (NIL_P(ret))
+	return 0;
+
+    *x509 = DupX509CertPtr(RARRAY_AREF(ret, 0));
+    *pkey = DupPKeyPtr(RARRAY_AREF(ret, 1));
 
     return 1;
 }
 
-#if !defined(OPENSSL_NO_DH)
-static VALUE
-ossl_call_tmp_dh_callback(VALUE args)
+#if !defined(OPENSSL_NO_DH) || \
+    !defined(OPENSSL_NO_EC) && defined(HAVE_SSL_CTX_SET_TMP_ECDH_CALLBACK)
+struct tmp_dh_callback_args {
+    VALUE ssl_obj;
+    ID id;
+    int type;
+    int is_export;
+    int keylength;
+};
+
+static EVP_PKEY *
+ossl_call_tmp_dh_callback(struct tmp_dh_callback_args *args)
 {
     VALUE cb, dh;
     EVP_PKEY *pkey;
 
-    cb = rb_funcall(rb_ary_entry(args, 0), rb_intern("tmp_dh_callback"), 0);
-
-    if (NIL_P(cb)) return Qfalse;
-    dh = rb_apply(cb, rb_intern("call"), args);
+    cb = rb_funcall(args->ssl_obj, args->id, 0);
+    if (NIL_P(cb))
+	return NULL;
+    dh = rb_funcall(cb, rb_intern("call"), 3,
+		    args->ssl_obj, INT2NUM(args->is_export), INT2NUM(args->keylength));
     pkey = GetPKeyPtr(dh);
-    if (EVP_PKEY_type(pkey->type) != EVP_PKEY_DH) return Qfalse;
+    if (EVP_PKEY_base_id(pkey) != args->type)
+	return NULL;
 
-    return dh;
+    return pkey;
 }
+#endif
 
-static DH*
+#if !defined(OPENSSL_NO_DH)
+static DH *
 ossl_tmp_dh_callback(SSL *ssl, int is_export, int keylength)
 {
-    VALUE args, dh, rb_ssl;
+    VALUE rb_ssl;
+    EVP_PKEY *pkey;
+    struct tmp_dh_callback_args args;
+    int state;
 
     rb_ssl = (VALUE)SSL_get_ex_data(ssl, ossl_ssl_ex_ptr_idx);
+    args.ssl_obj = rb_ssl;
+    args.id = id_tmp_dh_callback;
+    args.is_export = is_export;
+    args.keylength = keylength;
+    args.type = EVP_PKEY_DH;
+
+    pkey = (EVP_PKEY *)rb_protect((VALUE (*)(VALUE))ossl_call_tmp_dh_callback,
+				  (VALUE)&args, &state);
+    if (state) {
+	rb_ivar_set(rb_ssl, ID_callback_state, INT2NUM(state));
+	return NULL;
+    }
+    if (!pkey)
+	return NULL;
 
-    args = rb_ary_new_from_args(3, rb_ssl, INT2FIX(is_export), INT2FIX(keylength));
-
-    dh = rb_protect(ossl_call_tmp_dh_callback, args, NULL);
-    if (!RTEST(dh)) return NULL;
-    ossl_ssl_set_tmp_dh(rb_ssl, dh);
-
-    return GetPKeyPtr(dh)->pkey.dh;
+    return EVP_PKEY_get0_DH(pkey);
 }
 #endif /* OPENSSL_NO_DH */
 
-#if !defined(OPENSSL_NO_EC)
-static VALUE
-ossl_call_tmp_ecdh_callback(VALUE args)
+#if !defined(OPENSSL_NO_EC) && defined(HAVE_SSL_CTX_SET_TMP_ECDH_CALLBACK)
+static EC_KEY *
+ossl_tmp_ecdh_callback(SSL *ssl, int is_export, int keylength)
 {
-    VALUE cb, ecdh;
+    VALUE rb_ssl;
     EVP_PKEY *pkey;
+    struct tmp_dh_callback_args args;
+    int state;
 
-    cb = rb_funcall(rb_ary_entry(args, 0), rb_intern("tmp_ecdh_callback"), 0);
-
-    if (NIL_P(cb)) return Qfalse;
-    ecdh = rb_apply(cb, rb_intern("call"), args);
-    pkey = GetPKeyPtr(ecdh);
-    if (EVP_PKEY_type(pkey->type) != EVP_PKEY_EC) return Qfalse;
+    rb_ssl = (VALUE)SSL_get_ex_data(ssl, ossl_ssl_ex_ptr_idx);
+    args.ssl_obj = rb_ssl;
+    args.id = id_tmp_ecdh_callback;
+    args.is_export = is_export;
+    args.keylength = keylength;
+    args.type = EVP_PKEY_EC;
+
+    pkey = (EVP_PKEY *)rb_protect((VALUE (*)(VALUE))ossl_call_tmp_dh_callback,
+				  (VALUE)&args, &state);
+    if (state) {
+	rb_ivar_set(rb_ssl, ID_callback_state, INT2NUM(state));
+	return NULL;
+    }
+    if (!pkey)
+	return NULL;
 
-    return ecdh;
+    return EVP_PKEY_get0_EC_KEY(pkey);
 }
+#endif
 
-static EC_KEY*
-ossl_tmp_ecdh_callback(SSL *ssl, int is_export, int keylength)
+static VALUE
+call_verify_certificate_identity(VALUE ctx_v)
 {
-    VALUE args, ecdh, rb_ssl;
-
-    rb_ssl = (VALUE)SSL_get_ex_data(ssl, ossl_ssl_ex_ptr_idx);
+    X509_STORE_CTX *ctx = (X509_STORE_CTX *)ctx_v;
+    SSL *ssl;
+    VALUE ssl_obj, hostname, cert_obj;
 
-    args = rb_ary_new_from_args(3, rb_ssl, INT2FIX(is_export), INT2FIX(keylength));
+    ssl = X509_STORE_CTX_get_ex_data(ctx, SSL_get_ex_data_X509_STORE_CTX_idx());
+    ssl_obj = (VALUE)SSL_get_ex_data(ssl, ossl_ssl_ex_ptr_idx);
+    hostname = rb_attr_get(ssl_obj, id_i_hostname);
 
-    ecdh = rb_protect(ossl_call_tmp_ecdh_callback, args, NULL);
-    if (!RTEST(ecdh)) return NULL;
-    ossl_ssl_set_tmp_ecdh(rb_ssl, ecdh);
+    if (!RTEST(hostname)) {
+	rb_warning("verify_hostname requires hostname to be set");
+	return Qtrue;
+    }
 
-    return GetPKeyPtr(ecdh)->pkey.ec;
+    cert_obj = ossl_x509_new(X509_STORE_CTX_get_current_cert(ctx));
+    return rb_funcall(mSSL, rb_intern("verify_certificate_identity"), 2,
+		      cert_obj, hostname);
 }
-#endif
 
 static int
 ossl_ssl_verify_callback(int preverify_ok, X509_STORE_CTX *ctx)
 {
-    VALUE cb;
+    VALUE cb, ssl_obj, sslctx_obj, verify_hostname, ret;
     SSL *ssl;
+    int status;
 
     ssl = X509_STORE_CTX_get_ex_data(ctx, SSL_get_ex_data_X509_STORE_CTX_idx());
     cb = (VALUE)SSL_get_ex_data(ssl, ossl_ssl_ex_vcb_idx);
-    X509_STORE_CTX_set_ex_data(ctx, ossl_verify_cb_idx, (void*)cb);
-    return ossl_verify_cb(preverify_ok, ctx);
+    ssl_obj = (VALUE)SSL_get_ex_data(ssl, ossl_ssl_ex_ptr_idx);
+    sslctx_obj = rb_attr_get(ssl_obj, id_i_context);
+    verify_hostname = rb_attr_get(sslctx_obj, id_i_verify_hostname);
+
+    if (preverify_ok && RTEST(verify_hostname) && !SSL_is_server(ssl) &&
+	!X509_STORE_CTX_get_error_depth(ctx)) {
+	ret = rb_protect(call_verify_certificate_identity, (VALUE)ctx, &status);
+	if (status) {
+	    rb_ivar_set(ssl_obj, ID_callback_state, INT2NUM(status));
+	    return 0;
+	}
+	preverify_ok = ret == Qtrue;
+    }
+
+    return ossl_verify_cb_call(cb, preverify_ok, ctx);
 }
 
 static VALUE
@@ -327,7 +372,11 @@ ossl_call_session_get_cb(VALUE ary)
 
 /* this method is currently only called for servers (in OpenSSL <= 0.9.8e) */
 static SSL_SESSION *
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
+ossl_sslctx_session_get_cb(SSL *ssl, const unsigned char *buf, int len, int *copy)
+#else
 ossl_sslctx_session_get_cb(SSL *ssl, unsigned char *buf, int len, int *copy)
+#endif
 {
     VALUE ary, ssl_obj, ret_obj;
     SSL_SESSION *sess;
@@ -384,7 +433,7 @@ ossl_sslctx_session_new_cb(SSL *ssl, SSL_SESSION *sess)
     	return 1;
     ssl_obj = (VALUE)ptr;
     sess_obj = rb_obj_alloc(cSSLSession);
-    CRYPTO_add(&sess->references, 1, CRYPTO_LOCK_SSL_SESSION);
+    SSL_SESSION_up_ref(sess);
     DATA_PTR(sess_obj) = sess;
 
     ary = rb_ary_new2(2);
@@ -414,7 +463,7 @@ ossl_call_session_remove_cb(VALUE ary)
     Check_Type(ary, T_ARRAY);
     sslctx_obj = rb_ary_entry(ary, 0);
 
-    cb = rb_iv_get(sslctx_obj, "@session_remove_cb");
+    cb = rb_attr_get(sslctx_obj, id_i_session_remove_cb);
     if (NIL_P(cb)) return Qnil;
 
     return rb_funcall(cb, rb_intern("call"), 1, ary);
@@ -427,20 +476,27 @@ ossl_sslctx_session_remove_cb(SSL_CTX *ctx, SSL_SESSION *sess)
     void *ptr;
     int state = 0;
 
+    /*
+     * This callback is also called for all sessions in the internal store
+     * when SSL_CTX_free() is called.
+     */
+    if (rb_during_gc())
+	return;
+
     OSSL_Debug("SSL SESSION remove callback entered");
 
     if ((ptr = SSL_CTX_get_ex_data(ctx, ossl_ssl_ex_ptr_idx)) == NULL)
     	return;
     sslctx_obj = (VALUE)ptr;
     sess_obj = rb_obj_alloc(cSSLSession);
-    CRYPTO_add(&sess->references, 1, CRYPTO_LOCK_SSL_SESSION);
+    SSL_SESSION_up_ref(sess);
     DATA_PTR(sess_obj) = sess;
 
     ary = rb_ary_new2(2);
     rb_ary_push(ary, sslctx_obj);
     rb_ary_push(ary, sess_obj);
 
-    rb_protect((VALUE(*)_((VALUE)))ossl_call_session_remove_cb, ary, &state);
+    rb_protect(ossl_call_session_remove_cb, ary, &state);
     if (state) {
 /*
   the SSL_CTX is frozen, nowhere to save state.
@@ -476,9 +532,8 @@ ossl_call_servername_cb(VALUE ary)
     Check_Type(ary, T_ARRAY);
     ssl_obj = rb_ary_entry(ary, 0);
 
-    sslctx_obj = rb_iv_get(ssl_obj, "@context");
-    if (NIL_P(sslctx_obj)) return Qnil;
-    cb = rb_iv_get(sslctx_obj, "@servername_cb");
+    sslctx_obj = rb_attr_get(ssl_obj, id_i_context);
+    cb = rb_attr_get(sslctx_obj, id_i_servername_cb);
     if (NIL_P(cb)) return Qnil;
 
     ret_obj = rb_funcall(cb, rb_intern("call"), 1, ary);
@@ -490,9 +545,10 @@ ossl_call_servername_cb(VALUE ary)
         GetSSL(ssl_obj, ssl);
         GetSSLCTX(ret_obj, ctx2);
         SSL_set_SSL_CTX(ssl, ctx2);
-        rb_iv_set(ssl_obj, "@context", ret_obj);
+        rb_ivar_set(ssl_obj, id_i_context, ret_obj);
     } else if (!NIL_P(ret_obj)) {
-            ossl_raise(rb_eArgError, "servername_cb must return an OpenSSL::SSL::SSLContext object or nil");
+	ossl_raise(rb_eArgError, "servername_cb must return an "
+		   "OpenSSL::SSL::SSLContext object or nil");
     }
 
     return ret_obj;
@@ -516,7 +572,7 @@ ssl_servername_cb(SSL *ssl, int *ad, void *arg)
     rb_ary_push(ary, ssl_obj);
     rb_ary_push(ary, rb_str_new2(servername));
 
-    rb_protect((VALUE(*)_((VALUE)))ossl_call_servername_cb, ary, &state);
+    rb_protect(ossl_call_servername_cb, ary, &state);
     if (state) {
         rb_ivar_set(ssl_obj, ID_callback_state, INT2NUM(state));
         return SSL_TLSEXT_ERR_ALERT_FATAL;
@@ -536,15 +592,15 @@ ssl_renegotiation_cb(const SSL *ssl)
 	ossl_raise(eSSLError, "SSL object could not be retrieved");
     ssl_obj = (VALUE)ptr;
 
-    sslctx_obj = rb_iv_get(ssl_obj, "@context");
-    if (NIL_P(sslctx_obj)) return;
-    cb = rb_iv_get(sslctx_obj, "@renegotiation_cb");
+    sslctx_obj = rb_attr_get(ssl_obj, id_i_context);
+    cb = rb_attr_get(sslctx_obj, id_i_renegotiation_cb);
     if (NIL_P(cb)) return;
 
     (void) rb_funcall(cb, rb_intern("call"), 1, ssl_obj);
 }
 
-#if defined(HAVE_SSL_CTX_SET_NEXT_PROTO_SELECT_CB) || defined(HAVE_SSL_CTX_SET_ALPN_SELECT_CB)
+#if defined(HAVE_SSL_CTX_SET_NEXT_PROTO_SELECT_CB) || \
+    defined(HAVE_SSL_CTX_SET_ALPN_SELECT_CB)
 static VALUE
 ssl_npn_encode_protocol_i(VALUE cur, VALUE encoded)
 {
@@ -562,20 +618,25 @@ ssl_npn_encode_protocol_i(VALUE cur, VALUE encoded)
 static VALUE
 ssl_encode_npn_protocols(VALUE protocols)
 {
-    VALUE encoded = rb_str_new2("");
+    VALUE encoded = rb_str_new(NULL, 0);
     rb_iterate(rb_each, protocols, ssl_npn_encode_protocol_i, encoded);
-    StringValueCStr(encoded);
     return encoded;
 }
 
-static int
-ssl_npn_select_cb_common(VALUE cb, const unsigned char **out, unsigned char *outlen, const unsigned char *in, unsigned int inlen)
+struct npn_select_cb_common_args {
+    VALUE cb;
+    const unsigned char *in;
+    unsigned inlen;
+};
+
+static VALUE
+npn_select_cb_common_i(VALUE tmp)
 {
-    VALUE selected;
-    long len;
-    VALUE protocols = rb_ary_new();
+    struct npn_select_cb_common_args *args = (void *)tmp;
+    const unsigned char *in = args->in, *in_end = in + args->inlen;
     unsigned char l;
-    const unsigned char *in_end = in + inlen;
+    long len;
+    VALUE selected, protocols = rb_ary_new();
 
     /* assume OpenSSL verifies this format */
     /* The format is len_1|proto_1|...|len_n|proto_n */
@@ -585,24 +646,50 @@ ssl_npn_select_cb_common(VALUE cb, const unsigned char **out, unsigned char *out
 	in += l;
     }
 
-    selected = rb_funcall(cb, rb_intern("call"), 1, protocols);
+    selected = rb_funcall(args->cb, rb_intern("call"), 1, protocols);
     StringValue(selected);
     len = RSTRING_LEN(selected);
     if (len < 1 || len >= 256) {
 	ossl_raise(eSSLError, "Selected protocol name must have length 1..255");
     }
+
+    return selected;
+}
+
+static int
+ssl_npn_select_cb_common(SSL *ssl, VALUE cb, const unsigned char **out,
+			 unsigned char *outlen, const unsigned char *in,
+			 unsigned int inlen)
+{
+    VALUE selected;
+    int status;
+    struct npn_select_cb_common_args args;
+
+    args.cb = cb;
+    args.in = in;
+    args.inlen = inlen;
+
+    selected = rb_protect(npn_select_cb_common_i, (VALUE)&args, &status);
+    if (status) {
+	VALUE ssl_obj = (VALUE)SSL_get_ex_data(ssl, ossl_ssl_ex_ptr_idx);
+
+	rb_ivar_set(ssl_obj, ID_callback_state, INT2NUM(status));
+	return SSL_TLSEXT_ERR_ALERT_FATAL;
+    }
+
     *out = (unsigned char *)RSTRING_PTR(selected);
-    *outlen = (unsigned char)len;
+    *outlen = (unsigned char)RSTRING_LEN(selected);
 
     return SSL_TLSEXT_ERR_OK;
 }
+#endif
 
 #ifdef HAVE_SSL_CTX_SET_NEXT_PROTO_SELECT_CB
 static int
-ssl_npn_advertise_cb(SSL *ssl, const unsigned char **out, unsigned int *outlen, void *arg)
+ssl_npn_advertise_cb(SSL *ssl, const unsigned char **out, unsigned int *outlen,
+		     void *arg)
 {
-    VALUE sslctx_obj = (VALUE) arg;
-    VALUE protocols = rb_iv_get(sslctx_obj, "@_protocols");
+    VALUE protocols = (VALUE)arg;
 
     *out = (const unsigned char *) RSTRING_PTR(protocols);
     *outlen = RSTRING_LENINT(protocols);
@@ -611,40 +698,40 @@ ssl_npn_advertise_cb(SSL *ssl, const unsigned char **out, unsigned int *outlen,
 }
 
 static int
-ssl_npn_select_cb(SSL *s, unsigned char **out, unsigned char *outlen, const unsigned char *in, unsigned int inlen, void *arg)
+ssl_npn_select_cb(SSL *ssl, unsigned char **out, unsigned char *outlen,
+		  const unsigned char *in, unsigned int inlen, void *arg)
 {
     VALUE sslctx_obj, cb;
 
     sslctx_obj = (VALUE) arg;
-    cb = rb_iv_get(sslctx_obj, "@npn_select_cb");
+    cb = rb_attr_get(sslctx_obj, id_i_npn_select_cb);
 
-    return ssl_npn_select_cb_common(cb, (const unsigned char **)out, outlen, in, inlen);
+    return ssl_npn_select_cb_common(ssl, cb, (const unsigned char **)out,
+				    outlen, in, inlen);
 }
 #endif
 
 #ifdef HAVE_SSL_CTX_SET_ALPN_SELECT_CB
 static int
-ssl_alpn_select_cb(SSL *ssl, const unsigned char **out, unsigned char *outlen, const unsigned char *in, unsigned int inlen, void *arg)
+ssl_alpn_select_cb(SSL *ssl, const unsigned char **out, unsigned char *outlen,
+		   const unsigned char *in, unsigned int inlen, void *arg)
 {
     VALUE sslctx_obj, cb;
 
     sslctx_obj = (VALUE) arg;
-    cb = rb_iv_get(sslctx_obj, "@alpn_select_cb");
+    cb = rb_attr_get(sslctx_obj, id_i_alpn_select_cb);
 
-    return ssl_npn_select_cb_common(cb, out, outlen, in, inlen);
+    return ssl_npn_select_cb_common(ssl, cb, out, outlen, in, inlen);
 }
 #endif
-#endif /* HAVE_SSL_CTX_SET_NEXT_PROTO_SELECT_CB || HAVE_SSL_CTX_SET_ALPN_SELECT_CB */
 
-/* This function may serve as the entry point to support further
- * callbacks. */
+/* This function may serve as the entry point to support further callbacks. */
 static void
 ssl_info_cb(const SSL *ssl, int where, int val)
 {
-    int state = SSL_state(ssl);
+    int is_server = SSL_is_server((SSL *)ssl);
 
-    if ((where & SSL_CB_HANDSHAKE_START) &&
-	(state & SSL_ST_ACCEPT)) {
+    if (is_server && where & SSL_CB_HANDSHAKE_START) {
 	ssl_renegotiation_cb(ssl);
     }
 }
@@ -696,7 +783,6 @@ ossl_sslctx_setup(VALUE self)
 {
     SSL_CTX *ctx;
     X509 *cert = NULL, *client_ca = NULL;
-    X509_STORE *store;
     EVP_PKEY *key = NULL;
     char *ca_path = NULL, *ca_file = NULL;
     int verify_mode;
@@ -711,34 +797,52 @@ ossl_sslctx_setup(VALUE self)
 #endif
 
 #if !defined(OPENSSL_NO_EC)
-    if (RTEST(ossl_sslctx_get_tmp_ecdh_cb(self))){
+    /* We added SSLContext#tmp_ecdh_callback= in Ruby 2.3.0,
+     * but SSL_CTX_set_tmp_ecdh_callback() was removed in OpenSSL 1.1.0. */
+    if (RTEST(rb_attr_get(self, id_i_tmp_ecdh_callback))) {
+# if defined(HAVE_SSL_CTX_SET_TMP_ECDH_CALLBACK)
+	rb_warn("#tmp_ecdh_callback= is deprecated; use #ecdh_curves= instead");
 	SSL_CTX_set_tmp_ecdh_callback(ctx, ossl_tmp_ecdh_callback);
+#  if defined(HAVE_SSL_CTX_SET_ECDH_AUTO)
+	/* tmp_ecdh_callback and ecdh_auto conflict; OpenSSL ignores
+	 * tmp_ecdh_callback. So disable ecdh_auto. */
+	if (!SSL_CTX_set_ecdh_auto(ctx, 0))
+	    ossl_raise(eSSLError, "SSL_CTX_set_ecdh_auto");
+#  endif
+# else
+	ossl_raise(eSSLError, "OpenSSL does not support tmp_ecdh_callback; "
+		   "use #ecdh_curves= instead");
+# endif
     }
-#endif
+#endif /* OPENSSL_NO_EC */
 
-    val = ossl_sslctx_get_cert_store(self);
-    if(!NIL_P(val)){
+    val = rb_attr_get(self, id_i_cert_store);
+    if (!NIL_P(val)) {
+	X509_STORE *store = GetX509StorePtr(val); /* NO NEED TO DUP */
+	SSL_CTX_set_cert_store(ctx, store);
+#if !defined(HAVE_X509_STORE_UP_REF)
 	/*
          * WORKAROUND:
 	 *   X509_STORE can count references, but
 	 *   X509_STORE_free() doesn't care it.
 	 *   So we won't increment it but mark it by ex_data.
 	 */
-        store = GetX509StorePtr(val); /* NO NEED TO DUP */
-        SSL_CTX_set_cert_store(ctx, store);
-        SSL_CTX_set_ex_data(ctx, ossl_ssl_ex_store_p, (void*)1);
+        SSL_CTX_set_ex_data(ctx, ossl_ssl_ex_store_p, (void *)1);
+#else /* Fixed in OpenSSL 1.0.2; bff9ce4db38b (master), 5b4b9ce976fc (1.0.2) */
+	X509_STORE_up_ref(store);
+#endif
     }
 
-    val = ossl_sslctx_get_extra_cert(self);
+    val = rb_attr_get(self, id_i_extra_chain_cert);
     if(!NIL_P(val)){
 	rb_block_call(val, rb_intern("each"), 0, 0, ossl_sslctx_add_extra_chain_cert_i, self);
     }
 
     /* private key may be bundled in certificate file. */
-    val = ossl_sslctx_get_cert(self);
+    val = rb_attr_get(self, id_i_cert);
     cert = NIL_P(val) ? NULL : GetX509CertPtr(val); /* NO DUP NEEDED */
-    val = ossl_sslctx_get_key(self);
-    key = NIL_P(val) ? NULL : GetPKeyPtr(val); /* NO DUP NEEDED */
+    val = rb_attr_get(self, id_i_key);
+    key = NIL_P(val) ? NULL : GetPrivPKeyPtr(val); /* NO DUP NEEDED */
     if (cert && key) {
         if (!SSL_CTX_use_certificate(ctx, cert)) {
             /* Adds a ref => Safe to FREE */
@@ -753,7 +857,7 @@ ossl_sslctx_setup(VALUE self)
         }
     }
 
-    val = ossl_sslctx_get_client_ca(self);
+    val = rb_attr_get(self, id_i_client_ca);
     if(!NIL_P(val)){
 	if (RB_TYPE_P(val, T_ARRAY)) {
 	    for(i = 0; i < RARRAY_LEN(val); i++){
@@ -773,48 +877,53 @@ ossl_sslctx_setup(VALUE self)
 	}
     }
 
-    val = ossl_sslctx_get_ca_file(self);
-    ca_file = NIL_P(val) ? NULL : StringValuePtr(val);
-    val = ossl_sslctx_get_ca_path(self);
-    ca_path = NIL_P(val) ? NULL : StringValuePtr(val);
+    val = rb_attr_get(self, id_i_ca_file);
+    ca_file = NIL_P(val) ? NULL : StringValueCStr(val);
+    val = rb_attr_get(self, id_i_ca_path);
+    ca_path = NIL_P(val) ? NULL : StringValueCStr(val);
     if(ca_file || ca_path){
 	if (!SSL_CTX_load_verify_locations(ctx, ca_file, ca_path))
 	    rb_warning("can't set verify locations");
     }
 
-    val = ossl_sslctx_get_verify_mode(self);
+    val = rb_attr_get(self, id_i_verify_mode);
     verify_mode = NIL_P(val) ? SSL_VERIFY_NONE : NUM2INT(val);
     SSL_CTX_set_verify(ctx, verify_mode, ossl_ssl_verify_callback);
-    if (RTEST(ossl_sslctx_get_client_cert_cb(self)))
+    if (RTEST(rb_attr_get(self, id_i_client_cert_cb)))
 	SSL_CTX_set_client_cert_cb(ctx, ossl_client_cert_cb);
 
-    val = ossl_sslctx_get_timeout(self);
+    val = rb_attr_get(self, id_i_timeout);
     if(!NIL_P(val)) SSL_CTX_set_timeout(ctx, NUM2LONG(val));
 
-    val = ossl_sslctx_get_verify_dep(self);
+    val = rb_attr_get(self, id_i_verify_depth);
     if(!NIL_P(val)) SSL_CTX_set_verify_depth(ctx, NUM2INT(val));
 
 #ifdef HAVE_SSL_CTX_SET_NEXT_PROTO_SELECT_CB
-    val = rb_iv_get(self, "@npn_protocols");
+    val = rb_attr_get(self, id_i_npn_protocols);
     if (!NIL_P(val)) {
-	rb_iv_set(self, "@_protocols", ssl_encode_npn_protocols(val));
-	SSL_CTX_set_next_protos_advertised_cb(ctx, ssl_npn_advertise_cb, (void *) self);
+	VALUE encoded = ssl_encode_npn_protocols(val);
+	rb_ivar_set(self, id_npn_protocols_encoded, encoded);
+	SSL_CTX_set_next_protos_advertised_cb(ctx, ssl_npn_advertise_cb, (void *)encoded);
 	OSSL_Debug("SSL NPN advertise callback added");
     }
-    if (RTEST(rb_iv_get(self, "@npn_select_cb"))) {
+    if (RTEST(rb_attr_get(self, id_i_npn_select_cb))) {
 	SSL_CTX_set_next_proto_select_cb(ctx, ssl_npn_select_cb, (void *) self);
 	OSSL_Debug("SSL NPN select callback added");
     }
 #endif
 
 #ifdef HAVE_SSL_CTX_SET_ALPN_SELECT_CB
-    val = rb_iv_get(self, "@alpn_protocols");
+    val = rb_attr_get(self, id_i_alpn_protocols);
     if (!NIL_P(val)) {
 	VALUE rprotos = ssl_encode_npn_protocols(val);
-	SSL_CTX_set_alpn_protos(ctx, (const unsigned char *)StringValueCStr(rprotos), RSTRING_LENINT(rprotos));
+
+	/* returns 0 on success */
+	if (SSL_CTX_set_alpn_protos(ctx, (unsigned char *)RSTRING_PTR(rprotos),
+				    RSTRING_LENINT(rprotos)))
+	    ossl_raise(eSSLError, "SSL_CTX_set_alpn_protos");
 	OSSL_Debug("SSL ALPN values added");
     }
-    if (RTEST(rb_iv_get(self, "@alpn_select_cb"))) {
+    if (RTEST(rb_attr_get(self, id_i_alpn_select_cb))) {
 	SSL_CTX_set_alpn_select_cb(ctx, ssl_alpn_select_cb, (void *) self);
 	OSSL_Debug("SSL ALPN select callback added");
     }
@@ -822,7 +931,7 @@ ossl_sslctx_setup(VALUE self)
 
     rb_obj_freeze(self);
 
-    val = ossl_sslctx_get_sess_id_ctx(self);
+    val = rb_attr_get(self, id_i_session_id_context);
     if (!NIL_P(val)){
 	StringValue(val);
 	if (!SSL_CTX_set_session_id_context(ctx, (unsigned char *)RSTRING_PTR(val),
@@ -831,21 +940,21 @@ ossl_sslctx_setup(VALUE self)
 	}
     }
 
-    if (RTEST(rb_iv_get(self, "@session_get_cb"))) {
+    if (RTEST(rb_attr_get(self, id_i_session_get_cb))) {
 	SSL_CTX_sess_set_get_cb(ctx, ossl_sslctx_session_get_cb);
 	OSSL_Debug("SSL SESSION get callback added");
     }
-    if (RTEST(rb_iv_get(self, "@session_new_cb"))) {
+    if (RTEST(rb_attr_get(self, id_i_session_new_cb))) {
 	SSL_CTX_sess_set_new_cb(ctx, ossl_sslctx_session_new_cb);
 	OSSL_Debug("SSL SESSION new callback added");
     }
-    if (RTEST(rb_iv_get(self, "@session_remove_cb"))) {
+    if (RTEST(rb_attr_get(self, id_i_session_remove_cb))) {
 	SSL_CTX_sess_set_remove_cb(ctx, ossl_sslctx_session_remove_cb);
 	OSSL_Debug("SSL SESSION remove callback added");
     }
 
 #ifdef HAVE_SSL_SET_TLSEXT_HOST_NAME
-    val = rb_iv_get(self, "@servername_cb");
+    val = rb_attr_get(self, id_i_servername_cb);
     if (!NIL_P(val)) {
         SSL_CTX_set_tlsext_servername_callback(ctx, ssl_servername_cb);
 	OSSL_Debug("SSL TLSEXT servername callback added");
@@ -856,7 +965,7 @@ ossl_sslctx_setup(VALUE self)
 }
 
 static VALUE
-ossl_ssl_cipher_to_ary(SSL_CIPHER *cipher)
+ossl_ssl_cipher_to_ary(const SSL_CIPHER *cipher)
 {
     VALUE ary;
     int bits, alg_bits;
@@ -865,8 +974,8 @@ ossl_ssl_cipher_to_ary(SSL_CIPHER *cipher)
     rb_ary_push(ary, rb_str_new2(SSL_CIPHER_get_name(cipher)));
     rb_ary_push(ary, rb_str_new2(SSL_CIPHER_get_version(cipher)));
     bits = SSL_CIPHER_get_bits(cipher, &alg_bits);
-    rb_ary_push(ary, INT2FIX(bits));
-    rb_ary_push(ary, INT2FIX(alg_bits));
+    rb_ary_push(ary, INT2NUM(bits));
+    rb_ary_push(ary, INT2NUM(alg_bits));
 
     return ary;
 }
@@ -875,24 +984,19 @@ ossl_ssl_cipher_to_ary(SSL_CIPHER *cipher)
  * call-seq:
  *    ctx.ciphers => [[name, version, bits, alg_bits], ...]
  *
- * The list of ciphers configured for this context.
+ * The list of cipher suites configured for this context.
  */
 static VALUE
 ossl_sslctx_get_ciphers(VALUE self)
 {
     SSL_CTX *ctx;
     STACK_OF(SSL_CIPHER) *ciphers;
-    SSL_CIPHER *cipher;
+    const SSL_CIPHER *cipher;
     VALUE ary;
     int i, num;
 
     GetSSLCTX(self, ctx);
-    if(!ctx){
-        rb_warning("SSL_CTX is not initialized.");
-        return Qnil;
-    }
-    ciphers = ctx->cipher_list;
-
+    ciphers = SSL_CTX_get_ciphers(ctx);
     if (!ciphers)
         return rb_ary_new();
 
@@ -911,11 +1015,9 @@ ossl_sslctx_get_ciphers(VALUE self)
  *    ctx.ciphers = [name, ...]
  *    ctx.ciphers = [[name, version, bits, alg_bits], ...]
  *
- * Sets the list of available ciphers for this context.  Note in a server
+ * Sets the list of available cipher suites for this context.  Note in a server
  * context some ciphers require the appropriate certificates.  For example, an
- * RSA cipher can only be chosen when an RSA certificate is available.
- *
- * See also OpenSSL::Cipher and OpenSSL::Cipher::ciphers
+ * RSA cipher suite can only be chosen when an RSA certificate is available.
  */
 static VALUE
 ossl_sslctx_set_ciphers(VALUE self, VALUE v)
@@ -942,22 +1044,165 @@ ossl_sslctx_set_ciphers(VALUE self, VALUE v)
     }
 
     GetSSLCTX(self, ctx);
-    if(!ctx){
-        ossl_raise(eSSLError, "SSL_CTX is not initialized.");
-        return Qnil;
-    }
-    if (!SSL_CTX_set_cipher_list(ctx, RSTRING_PTR(str))) {
+    if (!SSL_CTX_set_cipher_list(ctx, StringValueCStr(str))) {
         ossl_raise(eSSLError, "SSL_CTX_set_cipher_list");
     }
 
     return v;
 }
 
+#if !defined(OPENSSL_NO_EC)
+/*
+ * call-seq:
+ *    ctx.ecdh_curves = curve_list -> curve_list
+ *
+ * Sets the list of "supported elliptic curves" for this context.
+ *
+ * For a TLS client, the list is directly used in the Supported Elliptic Curves
+ * Extension. For a server, the list is used by OpenSSL to determine the set of
+ * shared curves. OpenSSL will pick the most appropriate one from it.
+ *
+ * Note that this works differently with old OpenSSL (<= 1.0.1). Only one curve
+ * can be set, and this has no effect for TLS clients.
+ *
+ * === Example
+ *   ctx1 = OpenSSL::SSL::SSLContext.new
+ *   ctx1.ecdh_curves = "X25519:P-256:P-224"
+ *   svr = OpenSSL::SSL::SSLServer.new(tcp_svr, ctx1)
+ *   Thread.new { svr.accept }
+ *
+ *   ctx2 = OpenSSL::SSL::SSLContext.new
+ *   ctx2.ecdh_curves = "P-256"
+ *   cli = OpenSSL::SSL::SSLSocket.new(tcp_sock, ctx2)
+ *   cli.connect
+ *
+ *   p cli.tmp_key.group.curve_name
+ *   # => "prime256v1" (is an alias for NIST P-256)
+ */
+static VALUE
+ossl_sslctx_set_ecdh_curves(VALUE self, VALUE arg)
+{
+    SSL_CTX *ctx;
+
+    rb_check_frozen(self);
+    GetSSLCTX(self, ctx);
+    StringValueCStr(arg);
+
+#if defined(HAVE_SSL_CTX_SET1_CURVES_LIST)
+    if (!SSL_CTX_set1_curves_list(ctx, RSTRING_PTR(arg)))
+	ossl_raise(eSSLError, NULL);
+#else
+    /* OpenSSL does not have SSL_CTX_set1_curves_list()... Fallback to
+     * SSL_CTX_set_tmp_ecdh(). So only the first curve is used. */
+    {
+	VALUE curve, splitted;
+	EC_KEY *ec;
+	int nid;
+
+	splitted = rb_str_split(arg, ":");
+	if (!RARRAY_LEN(splitted))
+	    ossl_raise(eSSLError, "invalid input format");
+	curve = RARRAY_AREF(splitted, 0);
+	StringValueCStr(curve);
+
+	/* SSL_CTX_set1_curves_list() accepts NIST names */
+	nid = EC_curve_nist2nid(RSTRING_PTR(curve));
+	if (nid == NID_undef)
+	    nid = OBJ_txt2nid(RSTRING_PTR(curve));
+	if (nid == NID_undef)
+	    ossl_raise(eSSLError, "unknown curve name");
+
+	ec = EC_KEY_new_by_curve_name(nid);
+	if (!ec)
+	    ossl_raise(eSSLError, NULL);
+	EC_KEY_set_asn1_flag(ec, OPENSSL_EC_NAMED_CURVE);
+	if (!SSL_CTX_set_tmp_ecdh(ctx, ec)) {
+	    EC_KEY_free(ec);
+	    ossl_raise(eSSLError, "SSL_CTX_set_tmp_ecdh");
+	}
+	EC_KEY_free(ec);
+# if defined(HAVE_SSL_CTX_SET_ECDH_AUTO)
+	/* tmp_ecdh and ecdh_auto conflict. tmp_ecdh is ignored when ecdh_auto
+	 * is enabled. So disable ecdh_auto. */
+	if (!SSL_CTX_set_ecdh_auto(ctx, 0))
+	    ossl_raise(eSSLError, "SSL_CTX_set_ecdh_auto");
+# endif
+    }
+#endif
+
+    return arg;
+}
+#else
+#define ossl_sslctx_set_ecdh_curves rb_f_notimplement
+#endif
+
+/*
+ * call-seq:
+ *    ctx.security_level -> Integer
+ *
+ * Returns the security level for the context.
+ *
+ * See also OpenSSL::SSL::SSLContext#security_level=.
+ */
+static VALUE
+ossl_sslctx_get_security_level(VALUE self)
+{
+    SSL_CTX *ctx;
+
+    GetSSLCTX(self, ctx);
+
+#if defined(HAVE_SSL_CTX_GET_SECURITY_LEVEL)
+    return INT2NUM(SSL_CTX_get_security_level(ctx));
+#else
+    (void)ctx;
+    return INT2FIX(0);
+#endif
+}
+
+/*
+ * call-seq:
+ *    ctx.security_level = integer
+ *
+ * Sets the security level for the context. OpenSSL limits parameters according
+ * to the level. The "parameters" include: ciphersuites, curves, key sizes,
+ * certificate signature algorithms, protocol version and so on. For example,
+ * level 1 rejects parameters offering below 80 bits of security, such as
+ * ciphersuites using MD5 for the MAC or RSA keys shorter than 1024 bits.
+ *
+ * Note that attempts to set such parameters with insufficient security are
+ * also blocked. You need to lower the level first.
+ *
+ * This feature is not supported in OpenSSL < 1.1.0, and setting the level to
+ * other than 0 will raise NotImplementedError. Level 0 means everything is
+ * permitted, the same behavior as previous versions of OpenSSL.
+ *
+ * See the manpage of SSL_CTX_set_security_level(3) for details.
+ */
+static VALUE
+ossl_sslctx_set_security_level(VALUE self, VALUE value)
+{
+    SSL_CTX *ctx;
+
+    rb_check_frozen(self);
+    GetSSLCTX(self, ctx);
+
+#if defined(HAVE_SSL_CTX_GET_SECURITY_LEVEL)
+    SSL_CTX_set_security_level(ctx, NUM2INT(value));
+#else
+    (void)ctx;
+    if (NUM2INT(value) != 0)
+	ossl_raise(rb_eNotImpError, "setting security level to other than 0 is "
+		   "not supported in this version of OpenSSL");
+#endif
+
+    return value;
+}
+
 /*
  *  call-seq:
  *     ctx.session_add(session) -> true | false
  *
- * Adds +session+ to the session cache
+ * Adds +session+ to the session cache.
  */
 static VALUE
 ossl_sslctx_session_add(VALUE self, VALUE arg)
@@ -975,7 +1220,7 @@ ossl_sslctx_session_add(VALUE self, VALUE arg)
  *  call-seq:
  *     ctx.session_remove(session) -> true | false
  *
- * Removes +session+ from the session cache
+ * Removes +session+ from the session cache.
  */
 static VALUE
 ossl_sslctx_session_remove(VALUE self, VALUE arg)
@@ -1143,25 +1388,11 @@ ossl_sslctx_flush_sessions(int argc, VALUE *argv, VALUE self)
  * SSLSocket class
  */
 #ifndef OPENSSL_NO_SOCK
-static void
-ossl_ssl_shutdown(SSL *ssl)
-{
-    int i, rc;
-
-    if (ssl) {
-	/* 4 is from SSL_smart_shutdown() of mod_ssl.c (v2.2.19) */
-	/* It says max 2x pending + 2x data = 4 */
-	for (i = 0; i < 4; ++i) {
-	    /*
-	     * Ignore the case SSL_shutdown returns -1. Empty handshake_func
-	     * must not happen.
-	     */
-	    if ((rc = SSL_shutdown(ssl)) != 0)
-		break;
-	}
-	SSL_clear(ssl);
-	ERR_clear_error();
-    }
+static inline int
+ssl_started(SSL *ssl)
+{
+    /* the FD is set in ossl_ssl_setup(), called by #connect or #accept */
+    return SSL_get_fd(ssl) >= 0;
 }
 
 static void
@@ -1184,45 +1415,76 @@ ossl_ssl_s_alloc(VALUE klass)
     return TypedData_Wrap_Struct(klass, &ossl_ssl_type, NULL);
 }
 
+/*
+ * call-seq:
+ *    SSLSocket.new(io) => aSSLSocket
+ *    SSLSocket.new(io, ctx) => aSSLSocket
+ *
+ * Creates a new SSL socket from +io+ which must be a real IO object (not an
+ * IO-like object that responds to read/write).
+ *
+ * If +ctx+ is provided the SSL Sockets initial params will be taken from
+ * the context.
+ *
+ * The OpenSSL::Buffering module provides additional IO methods.
+ *
+ * This method will freeze the SSLContext if one is provided;
+ * however, session management is still allowed in the frozen SSLContext.
+ */
 static VALUE
-ossl_ssl_setup(VALUE self)
+ossl_ssl_initialize(int argc, VALUE *argv, VALUE self)
 {
-    VALUE io, v_ctx, cb;
+    VALUE io, v_ctx, verify_cb;
+    SSL *ssl;
     SSL_CTX *ctx;
+
+    TypedData_Get_Struct(self, SSL, &ossl_ssl_type, ssl);
+    if (ssl)
+	ossl_raise(eSSLError, "SSL already initialized");
+
+    if (rb_scan_args(argc, argv, "11", &io, &v_ctx) == 1)
+	v_ctx = rb_funcall(cSSLContext, rb_intern("new"), 0);
+
+    GetSSLCTX(v_ctx, ctx);
+    rb_ivar_set(self, id_i_context, v_ctx);
+    ossl_sslctx_setup(v_ctx);
+
+    if (rb_respond_to(io, rb_intern("nonblock=")))
+	rb_funcall(io, rb_intern("nonblock="), 1, Qtrue);
+    rb_ivar_set(self, id_i_io, io);
+
+    ssl = SSL_new(ctx);
+    if (!ssl)
+	ossl_raise(eSSLError, NULL);
+    RTYPEDDATA_DATA(self) = ssl;
+
+    SSL_set_ex_data(ssl, ossl_ssl_ex_ptr_idx, (void *)self);
+    SSL_set_info_callback(ssl, ssl_info_cb);
+    verify_cb = rb_attr_get(v_ctx, id_i_verify_callback);
+    SSL_set_ex_data(ssl, ossl_ssl_ex_vcb_idx, (void *)verify_cb);
+
+    rb_call_super(0, NULL);
+
+    return self;
+}
+
+static VALUE
+ossl_ssl_setup(VALUE self)
+{
+    VALUE io;
     SSL *ssl;
     rb_io_t *fptr;
 
     GetSSL(self, ssl);
-    if(!ssl){
-#ifdef HAVE_SSL_SET_TLSEXT_HOST_NAME
-	VALUE hostname = rb_iv_get(self, "@hostname");
-#endif
+    if (ssl_started(ssl))
+	return Qtrue;
 
-        v_ctx = ossl_ssl_get_ctx(self);
-        GetSSLCTX(v_ctx, ctx);
-
-        ssl = SSL_new(ctx);
-        if (!ssl) {
-            ossl_raise(eSSLError, "SSL_new");
-        }
-        DATA_PTR(self) = ssl;
-
-#ifdef HAVE_SSL_SET_TLSEXT_HOST_NAME
-        if (!NIL_P(hostname)) {
-           if (SSL_set_tlsext_host_name(ssl, StringValuePtr(hostname)) != 1)
-               ossl_raise(eSSLError, "SSL_set_tlsext_host_name");
-        }
-#endif
-        io = ossl_ssl_get_io(self);
-        GetOpenFile(io, fptr);
-        rb_io_check_readable(fptr);
-        rb_io_check_writable(fptr);
-        SSL_set_fd(ssl, TO_SOCKET(FPTR_TO_FD(fptr)));
-	SSL_set_ex_data(ssl, ossl_ssl_ex_ptr_idx, (void*)self);
-	cb = ossl_sslctx_get_verify_cb(v_ctx);
-	SSL_set_ex_data(ssl, ossl_ssl_ex_vcb_idx, (void*)cb);
-	SSL_set_info_callback(ssl, ssl_info_cb);
-    }
+    io = rb_attr_get(self, id_i_io);
+    GetOpenFile(io, fptr);
+    rb_io_check_readable(fptr);
+    rb_io_check_writable(fptr);
+    if (!SSL_set_fd(ssl, TO_SOCKET(FPTR_TO_FD(fptr))))
+	ossl_raise(eSSLError, "SSL_set_fd");
 
     return Qtrue;
 }
@@ -1233,31 +1495,18 @@ ossl_ssl_setup(VALUE self)
 #define ssl_get_error(ssl, ret) SSL_get_error((ssl), (ret))
 #endif
 
-#define ossl_ssl_data_get_struct(v, ssl)		\
-do {							\
-    GetSSL((v), (ssl)); 				\
-    if (!(ssl)) {					\
-        rb_warning("SSL session is not started yet.");  \
-        return Qnil;					\
-    }							\
-} while (0)
-
 static void
 write_would_block(int nonblock)
 {
-    if (nonblock) {
-        VALUE exc = ossl_exc_new(eSSLErrorWaitWritable, "write would block");
-        rb_exc_raise(exc);
-    }
+    if (nonblock)
+	ossl_raise(eSSLErrorWaitWritable, "write would block");
 }
 
 static void
 read_would_block(int nonblock)
 {
-    if (nonblock) {
-        VALUE exc = ossl_exc_new(eSSLErrorWaitReadable, "read would block");
-        rb_exc_raise(exc);
-    }
+    if (nonblock)
+	ossl_raise(eSSLErrorWaitReadable, "read would block");
 }
 
 static int
@@ -1280,15 +1529,18 @@ ossl_start_ssl(VALUE self, int (*func)(), const char *funcname, VALUE opts)
 
     rb_ivar_set(self, ID_callback_state, Qnil);
 
-    ossl_ssl_data_get_struct(self, ssl);
+    GetSSL(self, ssl);
 
-    GetOpenFile(ossl_ssl_get_io(self), fptr);
+    GetOpenFile(rb_attr_get(self, id_i_io), fptr);
     for(;;){
 	ret = func(ssl);
 
-        cb_state = rb_ivar_get(self, ID_callback_state);
-        if (!NIL_P(cb_state))
-            rb_jump_tag(NUM2INT(cb_state));
+	cb_state = rb_attr_get(self, ID_callback_state);
+        if (!NIL_P(cb_state)) {
+	    /* must cleanup OpenSSL error stack before re-raising */
+	    ossl_clear_error();
+	    rb_jump_tag(NUM2INT(cb_state));
+	}
 
 	if (ret > 0)
 	    break;
@@ -1418,7 +1670,7 @@ ossl_ssl_read_internal(int argc, VALUE *argv, VALUE self, int nonblock)
     int ilen, nread = 0;
     VALUE len, str;
     rb_io_t *fptr;
-    VALUE opts = Qnil;
+    VALUE io, opts = Qnil;
 
     if (nonblock) {
 	rb_scan_args(argc, argv, "11:", &len, &str, &opts);
@@ -1427,21 +1679,26 @@ ossl_ssl_read_internal(int argc, VALUE *argv, VALUE self, int nonblock)
     }
 
     ilen = NUM2INT(len);
-    if(NIL_P(str)) str = rb_str_new(0, ilen);
-    else{
-        StringValue(str);
-        rb_str_modify(str);
-        rb_str_resize(str, ilen);
+    if (NIL_P(str))
+	str = rb_str_new(0, ilen);
+    else {
+	StringValue(str);
+	if (RSTRING_LEN(str) >= ilen)
+	    rb_str_modify(str);
+	else
+	    rb_str_modify_expand(str, ilen - RSTRING_LEN(str));
     }
-    if(ilen == 0) return str;
+    OBJ_TAINT(str);
+    rb_str_set_len(str, 0);
+    if (ilen == 0)
+	return str;
 
     GetSSL(self, ssl);
-    GetOpenFile(ossl_ssl_get_io(self), fptr);
-    if (ssl) {
-	if(!nonblock && SSL_pending(ssl) <= 0)
-	    rb_thread_wait_fd(FPTR_TO_FD(fptr));
+    io = rb_attr_get(self, id_i_io);
+    GetOpenFile(io, fptr);
+    if (ssl_started(ssl)) {
 	for (;;){
-	    nread = SSL_read(ssl, RSTRING_PTR(str), RSTRING_LENINT(str));
+	    nread = SSL_read(ssl, RSTRING_PTR(str), ilen);
 	    switch(ssl_get_error(ssl, nread)){
 	    case SSL_ERROR_NONE:
 		goto end;
@@ -1459,30 +1716,38 @@ ossl_ssl_read_internal(int argc, VALUE *argv, VALUE self, int nonblock)
                 rb_io_wait_readable(FPTR_TO_FD(fptr));
 		continue;
 	    case SSL_ERROR_SYSCALL:
-		if(ERR_peek_error() == 0 && nread == 0) {
-		    if (no_exception_p(opts)) { return Qnil; }
-		    rb_eof_error();
+		if (!ERR_peek_error()) {
+		    if (errno)
+			rb_sys_fail(0);
+		    else {
+			/*
+			 * The underlying BIO returned 0. This is actually a
+			 * protocol error. But unfortunately, not all
+			 * implementations cleanly shutdown the TLS connection
+			 * but just shutdown/close the TCP connection. So report
+			 * EOF for now...
+			 */
+			if (no_exception_p(opts)) { return Qnil; }
+			rb_eof_error();
+		    }
 		}
-		rb_sys_fail(0);
 	    default:
 		ossl_raise(eSSLError, "SSL_read");
 	    }
         }
     }
     else {
-        ID meth = nonblock ? rb_intern("read_nonblock") : rb_intern("sysread");
-        rb_warning("SSL session is not started yet.");
-        if (nonblock) {
-          return rb_funcall(ossl_ssl_get_io(self), meth, 3, len, str, opts);
-        } else {
-          return rb_funcall(ossl_ssl_get_io(self), meth, 2, len, str);
-        }
+	ID meth = nonblock ? rb_intern("read_nonblock") : rb_intern("sysread");
+
+	rb_warning("SSL session is not started yet.");
+	if (nonblock)
+	    return rb_funcall(io, meth, 3, len, str, opts);
+	else
+	    return rb_funcall(io, meth, 2, len, str);
     }
 
   end:
     rb_str_set_len(str, nread);
-    OBJ_TAINT(str);
-
     return str;
 }
 
@@ -1526,12 +1791,13 @@ ossl_ssl_write_internal(VALUE self, VALUE str, VALUE opts)
     int nwrite = 0;
     rb_io_t *fptr;
     int nonblock = opts != Qfalse;
+    VALUE io;
 
     StringValue(str);
     GetSSL(self, ssl);
-    GetOpenFile(ossl_ssl_get_io(self), fptr);
-
-    if (ssl) {
+    io = rb_attr_get(self, id_i_io);
+    GetOpenFile(io, fptr);
+    if (ssl_started(ssl)) {
 	for (;;){
 	    int num = RSTRING_LENINT(str);
 
@@ -1561,9 +1827,14 @@ ossl_ssl_write_internal(VALUE self, VALUE str, VALUE opts)
         }
     }
     else {
-        ID id_syswrite = rb_intern("syswrite");
-        rb_warning("SSL session is not started yet.");
-	return rb_funcall(ossl_ssl_get_io(self), id_syswrite, 1, str);
+	ID meth = nonblock ?
+	    rb_intern("write_nonblock") : rb_intern("syswrite");
+
+	rb_warning("SSL session is not started yet.");
+	if (nonblock)
+	    return rb_funcall(io, meth, 2, str, opts);
+	else
+	    return rb_funcall(io, meth, 1, str);
     }
 
   end:
@@ -1610,11 +1881,24 @@ static VALUE
 ossl_ssl_stop(VALUE self)
 {
     SSL *ssl;
+    int ret;
 
-    ossl_ssl_data_get_struct(self, ssl);
-
-    ossl_ssl_shutdown(ssl);
+    GetSSL(self, ssl);
+    if (!ssl_started(ssl))
+	return Qnil;
+    ret = SSL_shutdown(ssl);
+    if (ret == 1) /* Have already received close_notify */
+	return Qnil;
+    if (ret == 0) /* Sent close_notify, but we don't wait for reply */
+	return Qnil;
 
+    /*
+     * XXX: Something happened. Possibly it failed because the underlying socket
+     * is not writable/readable, since it is in non-blocking mode. We should do
+     * some proper error handling using SSL_get_error() and maybe retry, but we
+     * can't block here. Give up for now.
+     */
+    ossl_clear_error();
     return Qnil;
 }
 
@@ -1630,7 +1914,7 @@ ossl_ssl_get_cert(VALUE self)
     SSL *ssl;
     X509 *cert = NULL;
 
-    ossl_ssl_data_get_struct(self, ssl);
+    GetSSL(self, ssl);
 
     /*
      * Is this OpenSSL bug? Should add a ref?
@@ -1657,7 +1941,7 @@ ossl_ssl_get_peer_cert(VALUE self)
     X509 *cert = NULL;
     VALUE obj;
 
-    ossl_ssl_data_get_struct(self, ssl);
+    GetSSL(self, ssl);
 
     cert = SSL_get_peer_certificate(ssl); /* Adds a ref => Safe to FREE. */
 
@@ -1685,7 +1969,7 @@ ossl_ssl_get_peer_cert_chain(VALUE self)
     VALUE ary;
     int i, num;
 
-    ossl_ssl_data_get_struct(self, ssl);
+    GetSSL(self, ssl);
 
     chain = SSL_get_peer_cert_chain(ssl);
     if(!chain) return Qnil;
@@ -1711,7 +1995,7 @@ ossl_ssl_get_version(VALUE self)
 {
     SSL *ssl;
 
-    ossl_ssl_data_get_struct(self, ssl);
+    GetSSL(self, ssl);
 
     return rb_str_new2(SSL_get_version(ssl));
 }
@@ -1728,7 +2012,7 @@ ossl_ssl_get_cipher(VALUE self)
     SSL *ssl;
     SSL_CIPHER *cipher;
 
-    ossl_ssl_data_get_struct(self, ssl);
+    GetSSL(self, ssl);
 
     cipher = (SSL_CIPHER *)SSL_get_current_cipher(ssl);
 
@@ -1739,7 +2023,8 @@ ossl_ssl_get_cipher(VALUE self)
  * call-seq:
  *    ssl.state => string
  *
- * A description of the current connection state.
+ * A description of the current connection state. This is for diagnostic
+ * purposes only.
  */
 static VALUE
 ossl_ssl_get_state(VALUE self)
@@ -1747,7 +2032,7 @@ ossl_ssl_get_state(VALUE self)
     SSL *ssl;
     VALUE ret;
 
-    ossl_ssl_data_get_struct(self, ssl);
+    GetSSL(self, ssl);
 
     ret = rb_str_new2(SSL_state_string(ssl));
     if (ruby_verbose) {
@@ -1761,14 +2046,14 @@ ossl_ssl_get_state(VALUE self)
  * call-seq:
  *    ssl.pending => Integer
  *
- * The number of bytes that are immediately available for reading
+ * The number of bytes that are immediately available for reading.
  */
 static VALUE
 ossl_ssl_pending(VALUE self)
 {
     SSL *ssl;
 
-    ossl_ssl_data_get_struct(self, ssl);
+    GetSSL(self, ssl);
 
     return INT2NUM(SSL_pending(ssl));
 }
@@ -1784,15 +2069,9 @@ ossl_ssl_session_reused(VALUE self)
 {
     SSL *ssl;
 
-    ossl_ssl_data_get_struct(self, ssl);
-
-    switch(SSL_session_reused(ssl)) {
-    case 1:	return Qtrue;
-    case 0:	return Qfalse;
-    default:	ossl_raise(eSSLError, "SSL_session_reused");
-    }
+    GetSSL(self, ssl);
 
-    UNREACHABLE;
+    return SSL_session_reused(ssl) ? Qtrue : Qfalse;
 }
 
 /*
@@ -1807,11 +2086,7 @@ ossl_ssl_set_session(VALUE self, VALUE arg1)
     SSL *ssl;
     SSL_SESSION *sess;
 
-/* why is ossl_ssl_setup delayed? */
-    ossl_ssl_setup(self);
-
-    ossl_ssl_data_get_struct(self, ssl);
-
+    GetSSL(self, ssl);
     SafeGetSSLSession(arg1, sess);
 
     if (SSL_set_session(ssl, sess) != 1)
@@ -1820,6 +2095,35 @@ ossl_ssl_set_session(VALUE self, VALUE arg1)
     return arg1;
 }
 
+#ifdef HAVE_SSL_SET_TLSEXT_HOST_NAME
+/*
+ * call-seq:
+ *    ssl.hostname = hostname -> hostname
+ *
+ * Sets the server hostname used for SNI. This needs to be set before
+ * SSLSocket#connect.
+ */
+static VALUE
+ossl_ssl_set_hostname(VALUE self, VALUE arg)
+{
+    SSL *ssl;
+    char *hostname = NULL;
+
+    GetSSL(self, ssl);
+
+    if (!NIL_P(arg))
+	hostname = StringValueCStr(arg);
+
+    if (!SSL_set_tlsext_host_name(ssl, hostname))
+	ossl_raise(eSSLError, NULL);
+
+    /* for SSLSocket#hostname */
+    rb_ivar_set(self, id_i_hostname, arg);
+
+    return arg;
+}
+#endif
+
 /*
  * call-seq:
  *    ssl.verify_result => Integer
@@ -1834,9 +2138,9 @@ ossl_ssl_get_verify_result(VALUE self)
 {
     SSL *ssl;
 
-    ossl_ssl_data_get_struct(self, ssl);
+    GetSSL(self, ssl);
 
-    return INT2FIX(SSL_get_verify_result(ssl));
+    return INT2NUM(SSL_get_verify_result(ssl));
 }
 
 /*
@@ -1856,7 +2160,7 @@ ossl_ssl_get_client_ca_list(VALUE self)
     SSL *ssl;
     STACK_OF(X509_NAME) *ca;
 
-    ossl_ssl_data_get_struct(self, ssl);
+    GetSSL(self, ssl);
 
     ca = SSL_get_client_CA_list(ssl);
     return ossl_x509name_sk2ary(ca);
@@ -1865,7 +2169,7 @@ ossl_ssl_get_client_ca_list(VALUE self)
 # ifdef HAVE_SSL_CTX_SET_NEXT_PROTO_SELECT_CB
 /*
  * call-seq:
- *    ssl.npn_protocol => String
+ *    ssl.npn_protocol => String | nil
  *
  * Returns the protocol string that was finally selected by the client
  * during the handshake.
@@ -1877,7 +2181,7 @@ ossl_ssl_npn_protocol(VALUE self)
     const unsigned char *out;
     unsigned int outlen;
 
-    ossl_ssl_data_get_struct(self, ssl);
+    GetSSL(self, ssl);
 
     SSL_get0_next_proto_negotiated(ssl, &out, &outlen);
     if (!outlen)
@@ -1890,9 +2194,9 @@ ossl_ssl_npn_protocol(VALUE self)
 # ifdef HAVE_SSL_CTX_SET_ALPN_SELECT_CB
 /*
  * call-seq:
- *    ssl.alpn_protocol => String
+ *    ssl.alpn_protocol => String | nil
  *
- * Returns the ALPN protocol string that was finally selected by the client
+ * Returns the ALPN protocol string that was finally selected by the server
  * during the handshake.
  */
 static VALUE
@@ -1902,7 +2206,7 @@ ossl_ssl_alpn_protocol(VALUE self)
     const unsigned char *out;
     unsigned int outlen;
 
-    ossl_ssl_data_get_struct(self, ssl);
+    GetSSL(self, ssl);
 
     SSL_get0_alpn_selected(ssl, &out, &outlen);
     if (!outlen)
@@ -1911,8 +2215,30 @@ ossl_ssl_alpn_protocol(VALUE self)
 	return rb_str_new((const char *) out, outlen);
 }
 # endif
+
+# ifdef HAVE_SSL_GET_SERVER_TMP_KEY
+/*
+ * call-seq:
+ *    ssl.tmp_key => PKey or nil
+ *
+ * Returns the ephemeral key used in case of forward secrecy cipher.
+ */
+static VALUE
+ossl_ssl_tmp_key(VALUE self)
+{
+    SSL *ssl;
+    EVP_PKEY *key;
+
+    GetSSL(self, ssl);
+    if (!SSL_get_server_tmp_key(ssl, &key))
+	return Qnil;
+    return ossl_pkey_new(key);
+}
+# endif /* defined(HAVE_SSL_GET_SERVER_TMP_KEY) */
 #endif /* !defined(OPENSSL_NO_SOCK) */
 
+#undef rb_intern
+#define rb_intern(s) rb_intern_const(s)
 void
 Init_ossl_ssl(void)
 {
@@ -1920,10 +2246,13 @@ Init_ossl_ssl(void)
     VALUE ary;
 
 #if 0
-    mOSSL = rb_define_module("OpenSSL"); /* let rdoc know about mOSSL */
+    mOSSL = rb_define_module("OpenSSL");
+    eOSSLError = rb_define_class_under(mOSSL, "OpenSSLError", rb_eStandardError);
+    rb_mWaitReadable = rb_define_module_under(rb_cIO, "WaitReadable");
+    rb_mWaitWritable = rb_define_module_under(rb_cIO, "WaitWritable");
 #endif
 
-    ID_callback_state = rb_intern("@callback_state");
+    ID_callback_state = rb_intern("callback_state");
 
     ossl_ssl_ex_vcb_idx = SSL_get_ex_new_index(0,(void *)"ossl_ssl_ex_vcb_idx",0,0,0);
     ossl_ssl_ex_store_p = SSL_get_ex_new_index(0,(void *)"ossl_ssl_ex_store_p",0,0,0);
@@ -1968,14 +2297,10 @@ Init_ossl_ssl(void)
      *
      * All attributes must be set before creating an SSLSocket as the
      * SSLContext will be frozen afterward.
-     *
-     * The following attributes are available but don't show up in rdoc:
-     * * ssl_version, cert, key, client_ca, ca_file, ca_path, timeout,
-     * * verify_mode, verify_depth client_cert_cb, tmp_dh_callback,
-     * * session_id_context, session_add_cb, session_new_cb, session_remove_cb
      */
     cSSLContext = rb_define_class_under(mSSL, "SSLContext", rb_cObject);
     rb_define_alloc_func(cSSLContext, ossl_sslctx_s_alloc);
+    rb_undef_method(cSSLContext, "initialize_copy");
 
     /*
      * Context certificate
@@ -2005,7 +2330,7 @@ Init_ossl_ssl(void)
     rb_attr(cSSLContext, rb_intern("ca_path"), 1, 1, Qfalse);
 
     /*
-     * Maximum session lifetime.
+     * Maximum session lifetime in seconds.
      */
     rb_attr(cSSLContext, rb_intern("timeout"), 1, 1, Qfalse);
 
@@ -2014,6 +2339,11 @@ Init_ossl_ssl(void)
      *
      * Valid modes are VERIFY_NONE, VERIFY_PEER, VERIFY_CLIENT_ONCE,
      * VERIFY_FAIL_IF_NO_PEER_CERT and defined on OpenSSL::SSL
+     *
+     * The default mode is VERIFY_NONE, which does not perform any verification
+     * at all.
+     *
+     * See SSL_CTX_set_verify(3) for details.
      */
     rb_attr(cSSLContext, rb_intern("verify_mode"), 1, 1, Qfalse);
 
@@ -2031,12 +2361,21 @@ Init_ossl_ssl(void)
      * +store_context+ is an OpenSSL::X509::StoreContext containing the
      * context used for certificate verification.
      *
-     * If the callback returns false verification is stopped.
+     * If the callback returns false, the chain verification is immediately
+     * stopped and a bad_certificate alert is then sent.
      */
     rb_attr(cSSLContext, rb_intern("verify_callback"), 1, 1, Qfalse);
 
     /*
-     * An OpenSSL::X509::Store used for certificate verification
+     * Whether to check the server certificate is valid for the hostname.
+     *
+     * In order to make this work, verify_mode must be set to VERIFY_PEER and
+     * the server hostname must be given by OpenSSL::SSL::SSLSocket#hostname=.
+     */
+    rb_attr(cSSLContext, rb_intern("verify_hostname"), 1, 1, Qfalse);
+
+    /*
+     * An OpenSSL::X509::Store used for certificate verification.
      */
     rb_attr(cSSLContext, rb_intern("cert_store"), 1, 1, Qfalse);
 
@@ -2056,6 +2395,7 @@ Init_ossl_ssl(void)
      */
     rb_attr(cSSLContext, rb_intern("client_cert_cb"), 1, 1, Qfalse);
 
+#if !defined(OPENSSL_NO_EC) && defined(HAVE_SSL_CTX_SET_TMP_ECDH_CALLBACK)
     /*
      * A callback invoked when ECDH parameters are required.
      *
@@ -2063,10 +2403,11 @@ Init_ossl_ssl(void)
      * flag indicating the use of an export cipher and the keylength
      * required.
      *
-     * The callback must return an OpenSSL::PKey::EC instance of the correct
-     * key length.
+     * The callback is deprecated. This does not work with recent versions of
+     * OpenSSL. Use OpenSSL::SSL::SSLContext#ecdh_curves= instead.
      */
     rb_attr(cSSLContext, rb_intern("tmp_ecdh_callback"), 1, 1, Qfalse);
+#endif
 
     /*
      * Sets the context in which a session can be reused.  This allows
@@ -2096,6 +2437,10 @@ Init_ossl_ssl(void)
      * A callback invoked when a session is removed from the internal cache.
      *
      * The callback is invoked with an SSLContext and a Session.
+     *
+     * IMPORTANT NOTE: It is currently not possible to use this safely in a
+     * multi-threaded application. The callback is called inside a global lock
+     * and it can randomly cause deadlock on Ruby thread switching.
      */
     rb_attr(cSSLContext, rb_intern("session_remove_cb"), 1, 1, Qfalse);
 
@@ -2158,7 +2503,7 @@ Init_ossl_ssl(void)
      * === Example
      *
      *   ctx.npn_select_cb = lambda do |protocols|
-     *     #inspect the protocols and select one
+     *     # inspect the protocols and select one
      *     protocols.first
      *   end
      */
@@ -2168,10 +2513,10 @@ Init_ossl_ssl(void)
 #ifdef HAVE_SSL_CTX_SET_ALPN_SELECT_CB
     /*
      * An Enumerable of Strings. Each String represents a protocol to be
-     * advertised as the list of supported protocols for Application-Layer Protocol
-     * Negotiation. Supported in OpenSSL 1.0.1 and higher. Has no effect
-     * on the client side. If not set explicitly, the NPN extension will
-     * not be sent by the server in the handshake.
+     * advertised as the list of supported protocols for Application-Layer
+     * Protocol Negotiation. Supported in OpenSSL 1.0.2 and higher. Has no
+     * effect on the server side. If not set explicitly, the ALPN extension will
+     * not be included in the handshake.
      *
      * === Example
      *
@@ -2181,16 +2526,16 @@ Init_ossl_ssl(void)
     /*
      * A callback invoked on the server side when the server needs to select
      * a protocol from the list sent by the client. Supported in OpenSSL 1.0.2
-     * and higher. The server MUST select a protocol of those advertised by
+     * and higher. The callback must return a protocol of those advertised by
      * the client. If none is acceptable, raising an error in the callback
      * will cause the handshake to fail. Not setting this callback explicitly
-     * means not supporting the ALPN extension on the client - any protocols
-     * advertised by the server will be ignored.
+     * means not supporting the ALPN extension on the server - any protocols
+     * advertised by the client will be ignored.
      *
      * === Example
      *
      *   ctx.alpn_select_cb = lambda do |protocols|
-     *     #inspect the protocols and select one
+     *     # inspect the protocols and select one
      *     protocols.first
      *   end
      */
@@ -2202,28 +2547,32 @@ Init_ossl_ssl(void)
     rb_define_method(cSSLContext, "ssl_version=", ossl_sslctx_set_ssl_version, 1);
     rb_define_method(cSSLContext, "ciphers",     ossl_sslctx_get_ciphers, 0);
     rb_define_method(cSSLContext, "ciphers=",    ossl_sslctx_set_ciphers, 1);
+    rb_define_method(cSSLContext, "ecdh_curves=", ossl_sslctx_set_ecdh_curves, 1);
+    rb_define_method(cSSLContext, "security_level", ossl_sslctx_get_security_level, 0);
+    rb_define_method(cSSLContext, "security_level=", ossl_sslctx_set_security_level, 1);
 
     rb_define_method(cSSLContext, "setup", ossl_sslctx_setup, 0);
+    rb_define_alias(cSSLContext, "freeze", "setup");
 
     /*
      * No session caching for client or server
      */
-    rb_define_const(cSSLContext, "SESSION_CACHE_OFF", LONG2FIX(SSL_SESS_CACHE_OFF));
+    rb_define_const(cSSLContext, "SESSION_CACHE_OFF", LONG2NUM(SSL_SESS_CACHE_OFF));
 
     /*
      * Client sessions are added to the session cache
      */
-    rb_define_const(cSSLContext, "SESSION_CACHE_CLIENT", LONG2FIX(SSL_SESS_CACHE_CLIENT)); /* doesn't actually do anything in 0.9.8e */
+    rb_define_const(cSSLContext, "SESSION_CACHE_CLIENT", LONG2NUM(SSL_SESS_CACHE_CLIENT)); /* doesn't actually do anything in 0.9.8e */
 
     /*
      * Server sessions are added to the session cache
      */
-    rb_define_const(cSSLContext, "SESSION_CACHE_SERVER", LONG2FIX(SSL_SESS_CACHE_SERVER));
+    rb_define_const(cSSLContext, "SESSION_CACHE_SERVER", LONG2NUM(SSL_SESS_CACHE_SERVER));
 
     /*
      * Both client and server sessions are added to the session cache
      */
-    rb_define_const(cSSLContext, "SESSION_CACHE_BOTH", LONG2FIX(SSL_SESS_CACHE_BOTH)); /* no different than CACHE_SERVER in 0.9.8e */
+    rb_define_const(cSSLContext, "SESSION_CACHE_BOTH", LONG2NUM(SSL_SESS_CACHE_BOTH)); /* no different than CACHE_SERVER in 0.9.8e */
 
     /*
      * Normally the session cache is checked for expired sessions every 255
@@ -2231,7 +2580,7 @@ Init_ossl_ssl(void)
      * the automatic flushing may be disabled and #flush_sessions can be
      * called explicitly.
      */
-    rb_define_const(cSSLContext, "SESSION_CACHE_NO_AUTO_CLEAR", LONG2FIX(SSL_SESS_CACHE_NO_AUTO_CLEAR));
+    rb_define_const(cSSLContext, "SESSION_CACHE_NO_AUTO_CLEAR", LONG2NUM(SSL_SESS_CACHE_NO_AUTO_CLEAR));
 
     /*
      * Always perform external lookups of sessions even if they are in the
@@ -2239,18 +2588,18 @@ Init_ossl_ssl(void)
      *
      * This flag has no effect on clients
      */
-    rb_define_const(cSSLContext, "SESSION_CACHE_NO_INTERNAL_LOOKUP", LONG2FIX(SSL_SESS_CACHE_NO_INTERNAL_LOOKUP));
+    rb_define_const(cSSLContext, "SESSION_CACHE_NO_INTERNAL_LOOKUP", LONG2NUM(SSL_SESS_CACHE_NO_INTERNAL_LOOKUP));
 
     /*
      * Never automatically store sessions in the internal store.
      */
-    rb_define_const(cSSLContext, "SESSION_CACHE_NO_INTERNAL_STORE", LONG2FIX(SSL_SESS_CACHE_NO_INTERNAL_STORE));
+    rb_define_const(cSSLContext, "SESSION_CACHE_NO_INTERNAL_STORE", LONG2NUM(SSL_SESS_CACHE_NO_INTERNAL_STORE));
 
     /*
      * Enables both SESSION_CACHE_NO_INTERNAL_LOOKUP and
      * SESSION_CACHE_NO_INTERNAL_STORE.
      */
-    rb_define_const(cSSLContext, "SESSION_CACHE_NO_INTERNAL", LONG2FIX(SSL_SESS_CACHE_NO_INTERNAL));
+    rb_define_const(cSSLContext, "SESSION_CACHE_NO_INTERNAL", LONG2NUM(SSL_SESS_CACHE_NO_INTERNAL));
 
     rb_define_method(cSSLContext, "session_add",     ossl_sslctx_session_add, 1);
     rb_define_method(cSSLContext, "session_remove",     ossl_sslctx_session_remove, 1);
@@ -2273,17 +2622,16 @@ Init_ossl_ssl(void)
 
     /*
      * Document-class: OpenSSL::SSL::SSLSocket
-     *
-     * The following attributes are available but don't show up in rdoc.
-     * * io, context, sync_close
-     *
      */
     cSSLSocket = rb_define_class_under(mSSL, "SSLSocket", rb_cObject);
 #ifdef OPENSSL_NO_SOCK
     rb_define_const(mSSLExtConfig, "OPENSSL_NO_SOCK", Qtrue);
+    rb_define_method(cSSLSocket, "initialize", rb_f_notimplement, -1);
 #else
     rb_define_const(mSSLExtConfig, "OPENSSL_NO_SOCK", Qfalse);
     rb_define_alloc_func(cSSLSocket, ossl_ssl_s_alloc);
+    rb_define_method(cSSLSocket, "initialize", ossl_ssl_initialize, -1);
+    rb_undef_method(cSSLSocket, "initialize_copy");
     rb_define_method(cSSLSocket, "connect",    ossl_ssl_connect, 0);
     rb_define_method(cSSLSocket, "connect_nonblock",    ossl_ssl_connect_nonblock, -1);
     rb_define_method(cSSLSocket, "accept",     ossl_ssl_accept, 0);
@@ -2305,6 +2653,13 @@ Init_ossl_ssl(void)
     rb_define_method(cSSLSocket, "session=",    ossl_ssl_set_session, 1);
     rb_define_method(cSSLSocket, "verify_result", ossl_ssl_get_verify_result, 0);
     rb_define_method(cSSLSocket, "client_ca", ossl_ssl_get_client_ca_list, 0);
+#ifdef HAVE_SSL_SET_TLSEXT_HOST_NAME
+    /* #hostname is defined in lib/openssl/ssl.rb */
+    rb_define_method(cSSLSocket, "hostname=", ossl_ssl_set_hostname, 1);
+#endif
+# ifdef HAVE_SSL_GET_SERVER_TMP_KEY
+    rb_define_method(cSSLSocket, "tmp_key", ossl_ssl_tmp_key, 0);
+# endif
 # ifdef HAVE_SSL_CTX_SET_ALPN_SELECT_CB
     rb_define_method(cSSLSocket, "alpn_protocol", ossl_ssl_alpn_protocol, 0);
 # endif
@@ -2328,25 +2683,17 @@ Init_ossl_ssl(void)
     ossl_ssl_def_const(OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG);
     ossl_ssl_def_const(OP_SSLREF2_REUSE_CERT_TYPE_BUG);
     ossl_ssl_def_const(OP_MICROSOFT_BIG_SSLV3_BUFFER);
-#if defined(SSL_OP_MSIE_SSLV2_RSA_PADDING)
     ossl_ssl_def_const(OP_MSIE_SSLV2_RSA_PADDING);
-#endif
     ossl_ssl_def_const(OP_SSLEAY_080_CLIENT_DH_BUG);
     ossl_ssl_def_const(OP_TLS_D5_BUG);
     ossl_ssl_def_const(OP_TLS_BLOCK_PADDING_BUG);
     ossl_ssl_def_const(OP_DONT_INSERT_EMPTY_FRAGMENTS);
     ossl_ssl_def_const(OP_ALL);
-#if defined(SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION)
     ossl_ssl_def_const(OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION);
-#endif
-#if defined(SSL_OP_SINGLE_ECDH_USE)
     ossl_ssl_def_const(OP_SINGLE_ECDH_USE);
-#endif
     ossl_ssl_def_const(OP_SINGLE_DH_USE);
     ossl_ssl_def_const(OP_EPHEMERAL_RSA);
-#if defined(SSL_OP_CIPHER_SERVER_PREFERENCE)
     ossl_ssl_def_const(OP_CIPHER_SERVER_PREFERENCE);
-#endif
     ossl_ssl_def_const(OP_TLS_ROLLBACK_BUG);
     ossl_ssl_def_const(OP_NO_SSLv2);
     ossl_ssl_def_const(OP_NO_SSLv3);
@@ -2368,8 +2715,43 @@ Init_ossl_ssl(void)
     ossl_ssl_def_const(OP_NETSCAPE_CA_DN_BUG);
     ossl_ssl_def_const(OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG);
 
-#undef rb_intern
     sym_exception = ID2SYM(rb_intern("exception"));
     sym_wait_readable = ID2SYM(rb_intern("wait_readable"));
     sym_wait_writable = ID2SYM(rb_intern("wait_writable"));
+
+    id_tmp_dh_callback = rb_intern("tmp_dh_callback");
+    id_tmp_ecdh_callback = rb_intern("tmp_ecdh_callback");
+    id_npn_protocols_encoded = rb_intern("npn_protocols_encoded");
+
+#define DefIVarID(name) do \
+    id_i_##name = rb_intern("@"#name); while (0)
+
+    DefIVarID(cert_store);
+    DefIVarID(ca_file);
+    DefIVarID(ca_path);
+    DefIVarID(verify_mode);
+    DefIVarID(verify_depth);
+    DefIVarID(verify_callback);
+    DefIVarID(client_ca);
+    DefIVarID(renegotiation_cb);
+    DefIVarID(cert);
+    DefIVarID(key);
+    DefIVarID(extra_chain_cert);
+    DefIVarID(client_cert_cb);
+    DefIVarID(tmp_ecdh_callback);
+    DefIVarID(timeout);
+    DefIVarID(session_id_context);
+    DefIVarID(session_get_cb);
+    DefIVarID(session_new_cb);
+    DefIVarID(session_remove_cb);
+    DefIVarID(npn_select_cb);
+    DefIVarID(npn_protocols);
+    DefIVarID(alpn_protocols);
+    DefIVarID(alpn_select_cb);
+    DefIVarID(servername_cb);
+    DefIVarID(verify_hostname);
+
+    DefIVarID(io);
+    DefIVarID(context);
+    DefIVarID(hostname);
 }