From 4963d417b426e6855700362acf34c056287564b2 Mon Sep 17 00:00:00 2001
From: Kazuki Yamaguchi <k@rhe.jp>
Date: Thu, 7 Apr 2016 23:41:49 +0900
Subject: patches: Ruby 1.6.5 から Ruby 2.3.0
 の全てのバージョンがビルドできるようになった（1.8.2 以前では tk は動かない）
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 Rakefile                                   |  56 +++++--
 config.json                                | 178 +++++++--------------
 patches/ruby/disable-tcltklib-165.patch    |  11 ++
 patches/ruby/disable-tcltklib-180.patch    |  11 ++
 patches/ruby/eval-64bit-fix-165.patch      |  22 +++
 patches/ruby/r16422-New-OpenSSL-180.patch  | 156 ++++++++++++++++++
 patches/ruby/r16422-New-OpenSSL-181.patch  | 149 ++++++++++++++++++
 patches/ruby/r16422-New-OpenSSL-182.patch  | 147 +++++++++++++++++
 patches/ruby/r16422-New-OpenSSL.patch      | 243 -----------------------------
 patches/ruby/r16478-pkcs5-typo.patch       |  13 ++
 patches/ruby/r26781-OpenSSL10-180.patch    |  71 +++++++++
 patches/ruby/r26781-OpenSSL10-181.patch    | 201 ++++++++++++++++++++++++
 patches/ruby/r26781-OpenSSL10.patch        | 201 ------------------------
 patches/ruby/r31346-r31528-SSLv2-180.patch |  31 ++++
 patches/ruby/r31346-r31528-SSLv2-181.patch |  31 ++++
 patches/ruby/r31346-r31528-SSLv2-182.patch |  31 ++++
 patches/ruby/r31346-r31528-SSLv2-183.patch |  31 ++++
 patches/ruby/r31346-r31528-SSLv2-192.patch |  31 ++++
 patches/ruby/r31346-r31528-SSLv2.patch     |  45 ------
 patches/ruby/r51722-SSLv3-180.patch        |  31 ++++
 patches/ruby/r51722-SSLv3-181.patch        |  31 ++++
 patches/ruby/r51722-SSLv3-192.patch        |  31 ++++
 patches/ruby/r51722-SSLv3-200.patch        |  31 ++++
 patches/ruby/r51722-SSLv3.patch            |  59 -------
 24 files changed, 1156 insertions(+), 686 deletions(-)
 create mode 100644 patches/ruby/disable-tcltklib-165.patch
 create mode 100644 patches/ruby/disable-tcltklib-180.patch
 create mode 100644 patches/ruby/eval-64bit-fix-165.patch
 create mode 100644 patches/ruby/r16422-New-OpenSSL-180.patch
 create mode 100644 patches/ruby/r16422-New-OpenSSL-181.patch
 create mode 100644 patches/ruby/r16422-New-OpenSSL-182.patch
 delete mode 100644 patches/ruby/r16422-New-OpenSSL.patch
 create mode 100644 patches/ruby/r16478-pkcs5-typo.patch
 create mode 100644 patches/ruby/r26781-OpenSSL10-180.patch
 create mode 100644 patches/ruby/r26781-OpenSSL10-181.patch
 delete mode 100644 patches/ruby/r26781-OpenSSL10.patch
 create mode 100644 patches/ruby/r31346-r31528-SSLv2-180.patch
 create mode 100644 patches/ruby/r31346-r31528-SSLv2-181.patch
 create mode 100644 patches/ruby/r31346-r31528-SSLv2-182.patch
 create mode 100644 patches/ruby/r31346-r31528-SSLv2-183.patch
 create mode 100644 patches/ruby/r31346-r31528-SSLv2-192.patch
 delete mode 100644 patches/ruby/r31346-r31528-SSLv2.patch
 create mode 100644 patches/ruby/r51722-SSLv3-180.patch
 create mode 100644 patches/ruby/r51722-SSLv3-181.patch
 create mode 100644 patches/ruby/r51722-SSLv3-192.patch
 create mode 100644 patches/ruby/r51722-SSLv3-200.patch
 delete mode 100644 patches/ruby/r51722-SSLv3.patch

diff --git a/Rakefile b/Rakefile
index e89f39f..e8174b4 100644
--- a/Rakefile
+++ b/Rakefile
@@ -33,17 +33,43 @@ rescue
   retry
 end
 
+def download(url, target)
+  FileUtils.mkdir_p($datadir + "/cache")
+  out = $datadir + "/cache/" + File.basename(url)
+  system("curl -z #{Shellwords.escape(out)} -o #{Shellwords.escape(out)} -L #{Shellwords.escape(url)}") or
+    raise("failed download: #{url}")
+  FileUtils.copy(out, target)
+end
+
 load_config
 
 RUBY_PATCHES = {
-  ruby: {
-    /^(1.8.[01])/ => ["tcltklib-Tcl_GetStringResult"],
-    /^(1.8.[0-2])/ => ["r8532-X509_STORE_CTX-flags"],
-    /^(1.8.[0-6])/ => ["r16422-New-OpenSSL"],
-    /^(1.8|1.9.1)/ => ["r26781-OpenSSL10"],
-    /^(1.8|1.9|2.0|2.1|2.2)/ => ["r31346-r31528-SSLv2", "r51722-SSLv3"],
-    /^(1.8.7|1.9|2.[012])/ => ["r41808-EC2M"],
-  }
+  ruby: [
+    # core
+    [/^(1.6.[5-8])/,            "eval-64bit-fix-165", "disable-tcltklib-165"],
+
+    # ext/tcltklib (old)
+    [/^1.8.[01]/,               "disable-tcltklib-180"],
+
+    # ext/openssl
+    [/^1.8.2/,                  "r8532-X509_STORE_CTX-flags"],
+    [/^1.8.0/,                  "r16422-New-OpenSSL-180"],
+    [/^1.8.1/,                  "r16422-New-OpenSSL-181"],
+    [/^(1.8.[2-6]|1.9.0)/,      "r16422-New-OpenSSL-182"],
+    [/^1.9.0/,                  "r16478-pkcs5-typo"],
+    # OpenSSL 1.0 support
+    [/^1.8.0/,                  "r26781-OpenSSL10-180"],
+    [/^(1.8.[1-7]|1.9.[01])/,   "r26781-OpenSSL10-181"],
+    # apply SSLv2, then apply SSLv3
+    [/^1.8.0/,                  "r31346-r31528-SSLv2-180", "r51722-SSLv3-180"],
+    [/^1.8.1/,                  "r31346-r31528-SSLv2-181", "r51722-SSLv3-181"],
+    [/^1.8.2/,                  "r31346-r31528-SSLv2-182", "r51722-SSLv3-181"],
+    [/^(1.8.[3-7]|1.9.[01])/,   "r31346-r31528-SSLv2-183", "r51722-SSLv3-181"],
+    [/^1.9.[23]/,               "r31346-r31528-SSLv2-192", "r51722-SSLv3-192"],
+    [/^2.[012]/,                "r51722-SSLv3-200"],
+    # EC2M
+    [/^(1.8.7|1.9|2.[012])/,    "r41808-EC2M"],
+  ]
 }
 
 namespace :compiler do
@@ -71,19 +97,23 @@ namespace :compiler do
 
     Dir.mktmpdir { |tmpdir|
       FileUtils.chdir(tmpdir) {
-        system("curl -o archive.tar.gz #{Shellwords.escape(url)}") or raise("failed to download")
+        download(url, "archive.tar.gz")
         system("tar xf archive.tar.gz") or raise("failed to extract")
         FileUtils.chdir(archive_dir) {
-          RUBY_PATCHES[:ruby].each { |regexp, patch_names|
+          RUBY_PATCHES[:ruby].each { |regexp, *patch_names|
             next if regexp !~ version
             patch_names.each { |name|
               puts "applying patch #{name}..."
-              system("patch -N -p1 <#{File.expand_path("../patches/ruby/#{name}.patch", __FILE__)}") or
-                puts("patching failed: #{name}, ignoring")
+              patch_file = File.expand_path("../patches/ruby/#{name}.patch", __FILE__)
+              retriable {
+                system("patch --dry-run -R -N -p1 <#{patch_file}") or
+                  system("patch -N -p1 <#{patch_file}") or
+                    raise("patch failed: #{name}")
+              }
             }
           }
           retriable {
-            system("./configure --prefix=#{prefix} --enable-shared --disable-install-doc") or raise("failed to configure")
+            system("./configure --prefix=#{prefix} --enable-shared --disable-install-doc --without-tk --without-tcllib --without-tklib") or raise("failed to configure")
             system("make -j6") or raise("failed to make")
             system("make install DESTDIR=#{destdir}") or raise("failed to install")
           }
diff --git a/config.json b/config.json
index aa5a45c..af7ad18 100644
--- a/config.json
+++ b/config.json
@@ -3,232 +3,160 @@
   "runner": "/work/poe/sandbox/runner",
   "compilers": {
     "ruby": {
-      "ruby-snapshot": {
-        "version": "ruby 2.4.0dev (2016-04-02 trunk 54474) [x86_64-linux]",
-        "version_command": "/opt/bin/ruby -v",
-        "commandline": [
-          "/opt/bin/ruby",
-          "{}"
-        ]
-      },
       "ruby-2.3.0": {
         "version": "ruby 2.3.0p0 (2015-12-25 revision 53290) [x86_64-linux]",
-        "version_command": "/opt/bin/ruby -v",
+        "version_command": "/usr/bin/ruby -v",
         "commandline": [
-          "/opt/bin/ruby",
+          "/usr/bin/ruby",
           "{}"
         ]
       },
       "ruby-2.2.4": {
         "version": "ruby 2.2.4p230 (2015-12-16 revision 53155) [x86_64-linux]",
-        "version_command": "/opt/bin/ruby -v",
-        "commandline": [
-          "/opt/bin/ruby",
-          "{}"
-        ]
-      },
-      "ruby-2.2.3": {
-        "version": "ruby 2.2.3p173 (2015-08-18 revision 51636) [x86_64-linux]",
-        "version_command": "/opt/bin/ruby -v",
-        "commandline": [
-          "/opt/bin/ruby",
-          "{}"
-        ]
-      },
-      "ruby-2.2.2": {
-        "version": "ruby 2.2.2p95 (2015-04-13 revision 50295) [x86_64-linux]",
-        "version_command": "/opt/bin/ruby -v",
-        "commandline": [
-          "/opt/bin/ruby",
-          "{}"
-        ]
-      },
-      "ruby-2.2.1": {
-        "version": "ruby 2.2.1p85 (2015-02-26 revision 49769) [x86_64-linux]",
-        "version_command": "/opt/bin/ruby -v",
-        "commandline": [
-          "/opt/bin/ruby",
-          "{}"
-        ]
-      },
-      "ruby-2.2.0": {
-        "version": "ruby 2.2.0p0 (2014-12-25 revision 49005) [x86_64-linux]",
-        "version_command": "/opt/bin/ruby -v",
-        "commandline": [
-          "/opt/bin/ruby",
-          "{}"
-        ]
-      },
-      "ruby-2.1.9": {
-        "version_command": "/opt/bin/ruby -v",
-        "version": "ruby 2.1.9p490 (2016-03-30 revision 54437) [x86_64-linux]",
-        "commandline": [
-          "/opt/bin/ruby",
-          "{}"
-        ]
-      },
-      "ruby-2.1.8": {
-        "version_command": "/opt/bin/ruby -v",
-        "version": "ruby 2.1.8p440 (2015-12-16 revision 53160) [x86_64-linux]",
-        "commandline": [
-          "/opt/bin/ruby",
-          "{}"
-        ]
-      },
-      "ruby-2.1.7": {
-        "version_command": "/opt/bin/ruby -v",
-        "version": "ruby 2.1.7p400 (2015-08-18 revision 51632) [x86_64-linux]",
+        "version_command": "/usr/bin/ruby -v",
         "commandline": [
-          "/opt/bin/ruby",
-          "{}"
-        ]
-      },
-      "ruby-2.1.6": {
-        "version": "ruby 2.1.6p336 (2015-04-13 revision 50298) [x86_64-linux]",
-        "version_command": "/opt/bin/ruby -v",
-        "commandline": [
-          "/opt/bin/ruby",
+          "/usr/bin/ruby",
           "{}"
         ]
       },
       "ruby-2.1.10": {
         "version": "ruby 2.1.10p492 (2016-04-01 revision 54464) [x86_64-linux]",
-        "version_command": "/opt/bin/ruby -v",
+        "version_command": "/usr/bin/ruby -v",
         "commandline": [
-          "/opt/bin/ruby",
+          "/usr/bin/ruby",
           "{}"
         ]
       },
       "ruby-2.0.0-p648": {
         "version": "ruby 2.0.0p648 (2015-12-16 revision 53162) [x86_64-linux]",
-        "version_command": "/opt/bin/ruby -v",
+        "version_command": "/usr/bin/ruby -v",
         "commandline": [
-          "/opt/bin/ruby",
+          "/usr/bin/ruby",
           "{}"
         ]
       },
-      "ruby-1.9.3-p551": {
-        "version": "ruby 1.9.3p551 (2014-11-13 revision 48407) [x86_64-linux]",
-        "version_command": "/opt/bin/ruby -v",
+      "ruby-2.0.0-p0": {
+        "version": "ruby 2.0.0p0 (2013-02-24 revision 39474) [x86_64-linux]",
+        "version_command": "/usr/bin/ruby -v",
         "commandline": [
-          "/opt/bin/ruby",
+          "/usr/bin/ruby",
           "{}"
         ]
       },
       "ruby-1.9.3-p0": {
         "version": "ruby 1.9.3p0 (2011-10-30 revision 33570) [x86_64-linux]",
-        "version_command": "/opt/bin/ruby -v",
+        "version_command": "/usr/bin/ruby -v",
         "commandline": [
-          "/opt/bin/ruby",
+          "/usr/bin/ruby",
           "{}"
         ]
       },
       "ruby-1.9.2-p0": {
         "version": "ruby 1.9.2p0 (2010-08-18 revision 29036) [x86_64-linux]",
-        "version_command": "/opt/bin/ruby -v",
+        "version_command": "/usr/bin/ruby -v",
         "commandline": [
-          "/opt/bin/ruby",
+          "/usr/bin/ruby",
           "{}"
         ]
       },
       "ruby-1.9.1-p0": {
         "version": "ruby 1.9.1p0 (2009-01-30 revision 21907) [x86_64-linux]",
-        "version_command": "/opt/bin/ruby -v",
+        "version_command": "/usr/bin/ruby -v",
         "commandline": [
-          "/opt/bin/ruby",
+          "/usr/bin/ruby",
           "{}"
         ]
       },
-      "ruby-1.8.7-p358": {
-        "version": "ruby 1.8.7 (2012-02-08 patchlevel 358) [x86_64-linux]",
-        "version_command": "/opt/bin/ruby -v",
+      "ruby-1.9.0-0": {
+        "version": "ruby 1.9.0 (2007-12-25 revision 14709) [x86_64-linux]",
+        "version_command": "/usr/bin/ruby -v",
         "commandline": [
-          "/opt/bin/ruby",
+          "/usr/bin/ruby",
           "{}"
         ]
       },
       "ruby-1.8.7": {
         "version": "ruby 1.8.7 (2008-05-31 patchlevel 0) [x86_64-linux]",
-        "version_command": "/opt/bin/ruby -v",
+        "version_command": "/usr/bin/ruby -v",
         "commandline": [
-          "/opt/bin/ruby",
-          "{}"
-        ]
-      },
-      "ruby-1.8.6-p420": {
-        "version": "ruby 1.8.6 (2010-09-02 patchlevel 420) [x86_64-linux]",
-        "version_command": "/opt/bin/ruby -v",
-        "commandline": [
-          "/opt/bin/ruby",
+          "/usr/bin/ruby",
           "{}"
         ]
       },
       "ruby-1.8.6": {
         "version": "ruby 1.8.6 (2007-03-13 patchlevel 0) [x86_64-linux]",
-        "version_command": "/opt/bin/ruby -v",
+        "version_command": "/usr/bin/ruby -v",
         "commandline": [
-          "/opt/bin/ruby",
+          "/usr/bin/ruby",
           "{}"
         ]
       },
       "ruby-1.8.5": {
         "version": "ruby 1.8.5 (2006-08-25) [x86_64-linux]",
-        "version_command": "/opt/bin/ruby -v",
+        "version_command": "/usr/bin/ruby -v",
         "commandline": [
-          "/opt/bin/ruby",
+          "/usr/bin/ruby",
           "{}"
         ]
       },
       "ruby-1.8.4": {
         "version": "ruby 1.8.4 (2005-12-24) [x86_64-linux]",
-        "version_command": "/opt/bin/ruby -v",
+        "version_command": "/usr/bin/ruby -v",
         "commandline": [
-          "/opt/bin/ruby",
+          "/usr/bin/ruby",
           "{}"
         ]
       },
       "ruby-1.8.3": {
         "version": "ruby 1.8.3 (2005-09-21) [x86_64-linux]",
-        "version_command": "/opt/bin/ruby -v",
+        "version_command": "/usr/bin/ruby -v",
         "commandline": [
-          "/opt/bin/ruby",
+          "/usr/bin/ruby",
           "{}"
         ]
       },
       "ruby-1.8.2": {
         "version": "ruby 1.8.2 (2004-12-25) [x86_64-linux]",
-        "version_command": "/opt/bin/ruby -v",
+        "version_command": "/usr/bin/ruby -v",
         "commandline": [
-          "/opt/bin/ruby",
+          "/usr/bin/ruby",
           "{}"
         ]
       },
       "ruby-1.8.1": {
         "version": "ruby 1.8.1 (2003-12-25) [x86_64-linux]",
-        "version_command": "/opt/bin/ruby -v",
+        "version_command": "/usr/bin/ruby -v",
         "commandline": [
-          "/opt/bin/ruby",
+          "/usr/bin/ruby",
           "{}"
         ]
       },
       "ruby-1.8.0": {
         "version": "ruby 1.8.0 (2003-08-04) [x86_64-linux]",
-        "version_command": "/opt/bin/ruby -v",
+        "version_command": "/usr/bin/ruby -v",
         "commandline": [
-          "/opt/bin/ruby",
+          "/usr/bin/ruby",
           "{}"
         ]
-      }
-    },
-    "php": {
-      "php-7.0.3": {
-        "version": "PHP 7.0.3 (cli) (built: Mar  1 2016 00:37:44) ( NTS )\nCopyright (c) 1997-2016 The PHP Group\nZend Engine v3.0.0, Copyright (c) 1998-2016 Zend Technologies",
-        "version_command": "/opt/bin/php -v",
+      },
+      "ruby-1.6.8": {
+        "version": "ruby 1.6.8 (2002-12-24) [x86_64-linux]",
+        "version_command": "/usr/bin/ruby -v",
         "commandline": [
-          "/opt/bin/php",
+          "/usr/bin/ruby",
+          "{}"
+        ]
+      },
+      "ruby-1.6.5": {
+        "version": "ruby 1.6.5 (2001-09-19) [x86_64-linux]",
+        "version_command": "/usr/bin/ruby -v",
+        "commandline": [
+          "/usr/bin/ruby",
           "{}"
         ]
       }
+    },
+    "php": {
     }
   }
 }
diff --git a/patches/ruby/disable-tcltklib-165.patch b/patches/ruby/disable-tcltklib-165.patch
new file mode 100644
index 0000000..2ee997d
--- /dev/null
+++ b/patches/ruby/disable-tcltklib-165.patch
@@ -0,0 +1,11 @@
+diff --git a/ext/tcltklib/extconf.rb b/ext/tcltklib/extconf.rb
+index f732c16..fab2029 100644
+--- a/ext/tcltklib/extconf.rb
++++ b/ext/tcltklib/extconf.rb
+@@ -68,5 +68,5 @@ if have_header("tcl.h") && have_header("tk.h") &&
+     find_tk(tklib, stubs)
+   $CPPFLAGS += ' -DUSE_TCL_STUBS -DUSE_TK_STUBS' if stubs
+   $CPPFLAGS += ' -D_WIN32' if /cygwin/ =~ RUBY_PLATFORM
+-  create_makefile("tcltklib")
++  create_makefile("tcltklib") if false
+ end
diff --git a/patches/ruby/disable-tcltklib-180.patch b/patches/ruby/disable-tcltklib-180.patch
new file mode 100644
index 0000000..35b5c50
--- /dev/null
+++ b/patches/ruby/disable-tcltklib-180.patch
@@ -0,0 +1,11 @@
++++ a/ext/tcltklib/extconf.rb	2016-04-07 22:16:29.834363113 +0900
+--- b/ext/tcltklib/extconf.rb	2016-04-07 22:16:46.291204334 +0900
+@@ -2,6 +2,8 @@
+ 
+ require 'mkmf'
+ 
++exit
++
+ if RUBY_PLATFORM !~ /mswin32|mingw|cygwin|bccwin32/
+   have_library("nsl", "t_open")
+   have_library("socket", "socket")
diff --git a/patches/ruby/eval-64bit-fix-165.patch b/patches/ruby/eval-64bit-fix-165.patch
new file mode 100644
index 0000000..6910b56
--- /dev/null
+++ b/patches/ruby/eval-64bit-fix-165.patch
@@ -0,0 +1,22 @@
+diff --git a/eval.c b/eval.c
+This fixes variable length argument SEGV on 64bit platform, but I'm not sure
+--- a/eval.c
++++ b/eval.c
+@@ -4425,7 +4425,7 @@ rb_call0(klass, recv, id, argc, argv, body, nosuper)
+ 			rb_raise(rb_eArgError, "wrong # of arguments(%d for %d)",
+ 				 argc, i);
+ 		    }
+-		    if (node->nd_rest == -1) {
++		    if ((int)node->nd_rest == -1) {
+ 			int opt = i;
+ 			NODE *optnode = node->nd_opt;
+ 
+@@ -4457,7 +4457,7 @@ rb_call0(klass, recv, id, argc, argv, body, nosuper)
+ 			    }
+ 			    rb_eval(recv, opt);
+ 			}
+-			if (node->nd_rest >= 0) {
++			if ((int)node->nd_rest >= 0) {
+ 			    VALUE v;
+ 
+ 			    if (argc > 0)
diff --git a/patches/ruby/r16422-New-OpenSSL-180.patch b/patches/ruby/r16422-New-OpenSSL-180.patch
new file mode 100644
index 0000000..170950d
--- /dev/null
+++ b/patches/ruby/r16422-New-OpenSSL-180.patch
@@ -0,0 +1,156 @@
+diff --git a/ext/openssl/openssl_missing.c b/ext/openssl/openssl_missing.c
+index f77731e..724f36b 100644
+--- a/ext/openssl/openssl_missing.c
++++ b/ext/openssl/openssl_missing.c
+@@ -14,25 +14,15 @@
+ #include <openssl/hmac.h>
+ 
+ #if !defined(HAVE_HMAC_CTX_COPY)
+-int
++void
+ HMAC_CTX_copy(HMAC_CTX *out, HMAC_CTX *in)
+ {
+-    if (!out || !in) {
+-	/* HMACerr(HMAC_CTX_COPY,HMAC_R_INPUT_NOT_INITIALIZED); */
+-	return 0;
+-    }
++    if (!out || !in) return;
+     memcpy(out, in, sizeof(HMAC_CTX));
+ 
+-    if (!EVP_MD_CTX_copy(&out->md_ctx, &in->md_ctx)) {
+-	return 0;
+-    }
+-    if (!EVP_MD_CTX_copy(&out->i_ctx, &in->i_ctx)) {
+-	return 0;
+-    }
+-    if (!EVP_MD_CTX_copy(&out->o_ctx, &in->o_ctx)) {
+-	return 0;
+-    }
+-    return 1;
++    EVP_MD_CTX_copy(&out->md_ctx, &in->md_ctx);
++    EVP_MD_CTX_copy(&out->i_ctx, &in->i_ctx);
++    EVP_MD_CTX_copy(&out->o_ctx, &in->o_ctx);
+ }
+ #endif /* HAVE_HMAC_CTX_COPY */
+ #endif /* NO_HMAC */
+diff --git a/ext/openssl/openssl_missing.h b/ext/openssl/openssl_missing.h
+for Ruby 1.8.0
+--- a/ext/openssl/openssl_missing.h
++++ b/ext/openssl/openssl_missing.h
+@@ -56,12 +56,33 @@
+ 	(char *(*)())d2i_PKCS7_RECIP_INFO, (char *)ri)
+ #endif
+ 
+-int HMAC_CTX_copy(HMAC_CTX *out, HMAC_CTX *in);
+-void *X509_STORE_get_ex_data(X509_STORE *str, int idx);
+-int X509_STORE_set_ex_data(X509_STORE *str, int idx, void *data);
++#if !defined(HAVE_EVP_MD_CTX_INIT)
++void HMAC_CTX_init(HMAC_CTX *ctx);
++#endif
++
++#if !defined(HAVE_HMAC_CTX_COPY)
++void HMAC_CTX_copy(HMAC_CTX *out, HMAC_CTX *in);
++#endif
++
++#if !defined(HAVE_HMAC_CTX_CLEANUP)
++void HMAC_CTX_cleanup(HMAC_CTX *ctx);
++#endif
++
++#if !defined(HAVE_EVP_MD_CTX_CREATE)
+ EVP_MD_CTX *EVP_MD_CTX_create(void);
++#endif
++
++#if !defined(HAVE_EVP_MD_CTX_INIT)
++void EVP_MD_CTX_init(EVP_MD_CTX *ctx);
++#endif
++
++#if !defined(HAVE_EVP_MD_CTX_CLEANUP)
+ int EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx);
++#endif
++
++#if !defined(HAVE_EVP_MD_CTX_DESTROY)
+ void EVP_MD_CTX_destroy(EVP_MD_CTX *ctx);
++#endif
+ 
+ #if !defined(EVP_CIPHER_name)
+ #  define EVP_CIPHER_name(e) OBJ_nid2sn(EVP_CIPHER_nid(e))
+@@ -71,10 +92,6 @@
+ #  define EVP_MD_name(e) OBJ_nid2sn(EVP_MD_type(e))
+ #endif
+ 
+-void EVP_MD_CTX_init(EVP_MD_CTX *ctx);
+-void HMAC_CTX_init(HMAC_CTX *ctx);
+-void HMAC_CTX_cleanup(HMAC_CTX *ctx);
+-
+ #if !defined(PKCS7_is_detached)
+ #  define PKCS7_is_detached(p7) (PKCS7_type_is_signed(p7) && PKCS7_get_detached(p7))
+ #endif
+@@ -83,14 +100,42 @@
+ #  define PKCS7_type_is_encrypted(a) (OBJ_obj2nid((a)->type) == NID_pkcs7_encrypted)
+ #endif
+ 
++#if !defined(HAVE_X509_STORE_SET_EX_DATA)
++void *X509_STORE_get_ex_data(X509_STORE *str, int idx);
++int X509_STORE_set_ex_data(X509_STORE *str, int idx, void *data);
++#endif
++
++#if !defined(HAVE_X509_CRL_SET_VERSION)
+ int X509_CRL_set_version(X509_CRL *x, long version);
++#endif
++
++#if !defined(HAVE_X509_CRL_SET_ISSUER_NAME)
+ int X509_CRL_set_issuer_name(X509_CRL *x, X509_NAME *name);
++#endif
++
++#if !defined(HAVE_X509_CRL_SORT)
+ int X509_CRL_sort(X509_CRL *c);
++#endif
++
++#if !defined(HAVE_X509_CRL_ADD0_REVOKED)
+ int X509_CRL_add0_revoked(X509_CRL *crl, X509_REVOKED *rev);
++#endif
++
++#if !defined(HAVE_BN_MOD_SQR)
+ int BN_mod_sqr(BIGNUM *r, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx);
++#endif
++
++#if !defined(HAVE_BN_MOD_ADD)
+ int BN_mod_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m, BN_CTX *ctx);
++#endif
++
++#if !defined(HAVE_BN_MOD_SUB)
+ int BN_mod_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m, BN_CTX *ctx);
++#endif
++
++#if !defined(HAVE_CONF_GET1_DEFAULT_CONFIG_FILE)
+ char *CONF_get1_default_config_file(void);
++#endif
+ 
+ #if !defined(HAVE_PEM_DEF_CALLBACK)
+ int PEM_def_callback(char *buf, int num, int w, void *key);
+diff --git a/ext/openssl/ossl_hmac.c b/ext/openssl/ossl_hmac.c
+index ba85f52..ef77d6c 100644
+--- a/ext/openssl/ossl_hmac.c
++++ b/ext/openssl/ossl_hmac.c
+@@ -87,9 +87,7 @@ ossl_hmac_copy(VALUE self, VALUE other)
+     GetHMAC(self, ctx1);
+     SafeGetHMAC(other, ctx2);
+ 
+-    if (!HMAC_CTX_copy(ctx1, ctx2)) {
+-	ossl_raise(eHMACError, NULL);
+-    }
++    HMAC_CTX_copy(ctx1, ctx2);
+     return self;
+ }
+ 
+@@ -115,9 +113,7 @@ hmac_final(HMAC_CTX *ctx, char **buf, int *buf_len)
+ {
+     HMAC_CTX final;
+ 
+-    if (!HMAC_CTX_copy(&final, ctx)) {
+-	ossl_raise(eHMACError, NULL);
+-    }
++    HMAC_CTX_copy(&final, ctx);
+     if (!(*buf = OPENSSL_malloc(HMAC_size(&final)))) {
+ 	HMAC_CTX_cleanup(&final);
+ 	OSSL_Debug("Allocating %d mem", HMAC_size(&final));
diff --git a/patches/ruby/r16422-New-OpenSSL-181.patch b/patches/ruby/r16422-New-OpenSSL-181.patch
new file mode 100644
index 0000000..a5606ad
--- /dev/null
+++ b/patches/ruby/r16422-New-OpenSSL-181.patch
@@ -0,0 +1,149 @@
+diff --git a/ext/openssl/openssl_missing.c b/ext/openssl/openssl_missing.c
+index f77731e..724f36b 100644
+--- a/ext/openssl/openssl_missing.c
++++ b/ext/openssl/openssl_missing.c
+@@ -22,17 +22,15 @@
+ #include "openssl_missing.h"
+ 
+ #if !defined(HAVE_HMAC_CTX_COPY)
+-int
++void
+ HMAC_CTX_copy(HMAC_CTX *out, HMAC_CTX *in)
+ {
+-    if (!out || !in) return 0;
++    if (!out || !in) return;
+     memcpy(out, in, sizeof(HMAC_CTX));
+ 
+-    if (!EVP_MD_CTX_copy(&out->md_ctx, &in->md_ctx)
+-	    || !EVP_MD_CTX_copy(&out->i_ctx, &in->i_ctx)
+-	    || !EVP_MD_CTX_copy(&out->o_ctx, &in->o_ctx))
+-	return 0;
+-    return 1;
++    EVP_MD_CTX_copy(&out->md_ctx, &in->md_ctx);
++    EVP_MD_CTX_copy(&out->i_ctx, &in->i_ctx);
++    EVP_MD_CTX_copy(&out->o_ctx, &in->o_ctx);
+ }
+ #endif /* HAVE_HMAC_CTX_COPY */
+ #endif /* NO_HMAC */
+diff --git a/ext/openssl/openssl_missing.h b/ext/openssl/openssl_missing.h
+for Ruby 1.8.1 or older
+--- a/ext/openssl/openssl_missing.h
++++ b/ext/openssl/openssl_missing.h
+@@ -56,12 +56,33 @@
+ 	(char *(*)())d2i_PKCS7_RECIP_INFO, (char *)ri)
+ #endif
+ 
+-int HMAC_CTX_copy(HMAC_CTX *out, HMAC_CTX *in);
+-void *X509_STORE_get_ex_data(X509_STORE *str, int idx);
+-int X509_STORE_set_ex_data(X509_STORE *str, int idx, void *data);
++#if !defined(HAVE_EVP_MD_CTX_INIT)
++void HMAC_CTX_init(HMAC_CTX *ctx);
++#endif
++
++#if !defined(HAVE_HMAC_CTX_COPY)
++void HMAC_CTX_copy(HMAC_CTX *out, HMAC_CTX *in);
++#endif
++
++#if !defined(HAVE_HMAC_CTX_CLEANUP)
++void HMAC_CTX_cleanup(HMAC_CTX *ctx);
++#endif
++
++#if !defined(HAVE_EVP_MD_CTX_CREATE)
+ EVP_MD_CTX *EVP_MD_CTX_create(void);
++#endif
++
++#if !defined(HAVE_EVP_MD_CTX_INIT)
++void EVP_MD_CTX_init(EVP_MD_CTX *ctx);
++#endif
++
++#if !defined(HAVE_EVP_MD_CTX_CLEANUP)
+ int EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx);
++#endif
++
++#if !defined(HAVE_EVP_MD_CTX_DESTROY)
+ void EVP_MD_CTX_destroy(EVP_MD_CTX *ctx);
++#endif
+ 
+ #if !defined(EVP_CIPHER_name)
+ #  define EVP_CIPHER_name(e) OBJ_nid2sn(EVP_CIPHER_nid(e))
+@@ -83,17 +104,54 @@
+ #  define PKCS7_type_is_encrypted(a) (OBJ_obj2nid((a)->type) == NID_pkcs7_encrypted)
+ #endif
+ 
++#if !defined(HAVE_X509_STORE_SET_EX_DATA)
++void *X509_STORE_get_ex_data(X509_STORE *str, int idx);
++int X509_STORE_set_ex_data(X509_STORE *str, int idx, void *data);
++#endif
++
++#if !defined(HAVE_X509_CRL_SET_VERSION)
+ int X509_CRL_set_version(X509_CRL *x, long version);
++#endif
++
++#if !defined(HAVE_X509_CRL_SET_ISSUER_NAME)
+ int X509_CRL_set_issuer_name(X509_CRL *x, X509_NAME *name);
++#endif
++
++#if !defined(HAVE_X509_CRL_SORT)
+ int X509_CRL_sort(X509_CRL *c);
++#endif
++
++#if !defined(HAVE_X509_CRL_ADD0_REVOKED)
+ int X509_CRL_add0_revoked(X509_CRL *crl, X509_REVOKED *rev);
++#endif
++
++#if !defined(HAVE_BN_MOD_SQR)
+ int BN_mod_sqr(BIGNUM *r, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx);
++#endif
++
++#if !defined(HAVE_BN_MOD_ADD)
+ int BN_mod_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m, BN_CTX *ctx);
++#endif
++
++#if !defined(HAVE_BN_MOD_SUB)
+ int BN_mod_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m, BN_CTX *ctx);
++#endif
++
++#if !defined(HAVE_BN_RAND_RANGE)
+ int BN_rand_range(BIGNUM *r, BIGNUM *range);
++#endif
++
++#if !defined(HAVE_BN_PSEUDO_RAND_RANGE)
+ int BN_pseudo_rand_range(BIGNUM *r, BIGNUM *range);
++#endif
++
++#if !defined(HAVE_CONF_GET1_DEFAULT_CONFIG_FILE)
+ char *CONF_get1_default_config_file(void);
++#endif
++
++#if !defined(HAVE_PEM_DEF_CALLBACK)
+ int PEM_def_callback(char *buf, int num, int w, void *key);
++#endif
+ 
+ #if defined(__cplusplus)
+ }
+diff --git a/ext/openssl/ossl_hmac.c b/ext/openssl/ossl_hmac.c
+index ba85f52..ef77d6c 100644
+--- a/ext/openssl/ossl_hmac.c
++++ b/ext/openssl/ossl_hmac.c
+@@ -87,9 +87,7 @@ ossl_hmac_copy(VALUE self, VALUE other)
+     GetHMAC(self, ctx1);
+     SafeGetHMAC(other, ctx2);
+ 
+-    if (!HMAC_CTX_copy(ctx1, ctx2)) {
+-	ossl_raise(eHMACError, NULL);
+-    }
++    HMAC_CTX_copy(ctx1, ctx2);
+     return self;
+ }
+ 
+@@ -115,9 +113,7 @@ hmac_final(HMAC_CTX *ctx, char **buf, int *buf_len)
+ {
+     HMAC_CTX final;
+ 
+-    if (!HMAC_CTX_copy(&final, ctx)) {
+-	ossl_raise(eHMACError, NULL);
+-    }
++    HMAC_CTX_copy(&final, ctx);
+     if (!(*buf = OPENSSL_malloc(HMAC_size(&final)))) {
+ 	HMAC_CTX_cleanup(&final);
+ 	OSSL_Debug("Allocating %d mem", HMAC_size(&final));
diff --git a/patches/ruby/r16422-New-OpenSSL-182.patch b/patches/ruby/r16422-New-OpenSSL-182.patch
new file mode 100644
index 0000000..1c94c42
--- /dev/null
+++ b/patches/ruby/r16422-New-OpenSSL-182.patch
@@ -0,0 +1,147 @@
+diff --git a/ext/openssl/openssl_missing.c b/ext/openssl/openssl_missing.c
+index f77731e..724f36b 100644
+--- a/ext/openssl/openssl_missing.c
++++ b/ext/openssl/openssl_missing.c
+@@ -22,17 +22,15 @@
+ #include "openssl_missing.h"
+ 
+ #if !defined(HAVE_HMAC_CTX_COPY)
+-int
++void
+ HMAC_CTX_copy(HMAC_CTX *out, HMAC_CTX *in)
+ {
+-    if (!out || !in) return 0;
++    if (!out || !in) return;
+     memcpy(out, in, sizeof(HMAC_CTX));
+ 
+-    if (!EVP_MD_CTX_copy(&out->md_ctx, &in->md_ctx)
+-	    || !EVP_MD_CTX_copy(&out->i_ctx, &in->i_ctx)
+-	    || !EVP_MD_CTX_copy(&out->o_ctx, &in->o_ctx))
+-	return 0;
+-    return 1;
++    EVP_MD_CTX_copy(&out->md_ctx, &in->md_ctx);
++    EVP_MD_CTX_copy(&out->i_ctx, &in->i_ctx);
++    EVP_MD_CTX_copy(&out->o_ctx, &in->o_ctx);
+ }
+ #endif /* HAVE_HMAC_CTX_COPY */
+ #endif /* NO_HMAC */
+diff --git a/ext/openssl/openssl_missing.h b/ext/openssl/openssl_missing.h
+index e8c75ca..3450b81 100644
+--- a/ext/openssl/openssl_missing.h
++++ b/ext/openssl/openssl_missing.h
+@@ -56,14 +56,33 @@ extern "C" {
+ 	(char *(*)())d2i_PKCS7_RECIP_INFO, (char *)ri)
+ #endif
+ 
++#if !defined(HAVE_EVP_MD_CTX_INIT)
+ void HMAC_CTX_init(HMAC_CTX *ctx);
+-int HMAC_CTX_copy(HMAC_CTX *out, HMAC_CTX *in);
++#endif
++
++#if !defined(HAVE_HMAC_CTX_COPY)
++void HMAC_CTX_copy(HMAC_CTX *out, HMAC_CTX *in);
++#endif
++
++#if !defined(HAVE_HMAC_CTX_CLEANUP)
+ void HMAC_CTX_cleanup(HMAC_CTX *ctx);
++#endif
+ 
++#if !defined(HAVE_EVP_MD_CTX_CREATE)
+ EVP_MD_CTX *EVP_MD_CTX_create(void);
++#endif
++
++#if !defined(HAVE_EVP_MD_CTX_INIT)
+ void EVP_MD_CTX_init(EVP_MD_CTX *ctx);
++#endif
++
++#if !defined(HAVE_EVP_MD_CTX_CLEANUP)
+ int EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx);
++#endif
++
++#if !defined(HAVE_EVP_MD_CTX_DESTROY)
+ void EVP_MD_CTX_destroy(EVP_MD_CTX *ctx);
++#endif
+ 
+ #if !defined(HAVE_EVP_CIPHER_CTX_COPY)
+ int EVP_CIPHER_CTX_copy(EVP_CIPHER_CTX *out, EVP_CIPHER_CTX *in);
+@@ -107,19 +126,54 @@ int EVP_CIPHER_CTX_copy(EVP_CIPHER_CTX *out, EVP_CIPHER_CTX *in);
+ #define OPENSSL_cleanse(p, l) memset(p, 0, l)
+ #endif
+ 
++#if !defined(HAVE_X509_STORE_SET_EX_DATA)
+ void *X509_STORE_get_ex_data(X509_STORE *str, int idx);
+ int X509_STORE_set_ex_data(X509_STORE *str, int idx, void *data);
++#endif
++
++#if !defined(HAVE_X509_CRL_SET_VERSION)
+ int X509_CRL_set_version(X509_CRL *x, long version);
++#endif
++
++#if !defined(HAVE_X509_CRL_SET_ISSUER_NAME)
+ int X509_CRL_set_issuer_name(X509_CRL *x, X509_NAME *name);
++#endif
++
++#if !defined(HAVE_X509_CRL_SORT)
+ int X509_CRL_sort(X509_CRL *c);
++#endif
++
++#if !defined(HAVE_X509_CRL_ADD0_REVOKED)
+ int X509_CRL_add0_revoked(X509_CRL *crl, X509_REVOKED *rev);
++#endif
++
++#if !defined(HAVE_BN_MOD_SQR)
+ int BN_mod_sqr(BIGNUM *r, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx);
++#endif
++
++#if !defined(HAVE_BN_MOD_ADD)
+ int BN_mod_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m, BN_CTX *ctx);
++#endif
++
++#if !defined(HAVE_BN_MOD_SUB)
+ int BN_mod_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m, BN_CTX *ctx);
++#endif
++
++#if !defined(HAVE_BN_RAND_RANGE)
+ int BN_rand_range(BIGNUM *r, BIGNUM *range);
++#endif
++
++#if !defined(HAVE_BN_PSEUDO_RAND_RANGE)
+ int BN_pseudo_rand_range(BIGNUM *r, BIGNUM *range);
++#endif
++
++#if !defined(HAVE_CONF_GET1_DEFAULT_CONFIG_FILE)
+ char *CONF_get1_default_config_file(void);
++#endif
++
++#if !defined(HAVE_PEM_DEF_CALLBACK)
+ int PEM_def_callback(char *buf, int num, int w, void *key);
++#endif
+ 
+ #if defined(__cplusplus)
+ }
+diff --git a/ext/openssl/ossl_hmac.c b/ext/openssl/ossl_hmac.c
+index ba85f52..ef77d6c 100644
+--- a/ext/openssl/ossl_hmac.c
++++ b/ext/openssl/ossl_hmac.c
+@@ -87,9 +87,7 @@ ossl_hmac_copy(VALUE self, VALUE other)
+     GetHMAC(self, ctx1);
+     SafeGetHMAC(other, ctx2);
+ 
+-    if (!HMAC_CTX_copy(ctx1, ctx2)) {
+-	ossl_raise(eHMACError, NULL);
+-    }
++    HMAC_CTX_copy(ctx1, ctx2);
+     return self;
+ }
+ 
+@@ -115,9 +113,7 @@ hmac_final(HMAC_CTX *ctx, char **buf, int *buf_len)
+ {
+     HMAC_CTX final;
+ 
+-    if (!HMAC_CTX_copy(&final, ctx)) {
+-	ossl_raise(eHMACError, NULL);
+-    }
++    HMAC_CTX_copy(&final, ctx);
+     if (!(*buf = OPENSSL_malloc(HMAC_size(&final)))) {
+ 	HMAC_CTX_cleanup(&final);
+ 	OSSL_Debug("Allocating %d mem", HMAC_size(&final));
diff --git a/patches/ruby/r16422-New-OpenSSL.patch b/patches/ruby/r16422-New-OpenSSL.patch
deleted file mode 100644
index 969ce83..0000000
--- a/patches/ruby/r16422-New-OpenSSL.patch
+++ /dev/null
@@ -1,243 +0,0 @@
-diff --git a/ext/openssl/openssl_missing.c b/ext/openssl/openssl_missing.c
-index f77731e..724f36b 100644
---- a/ext/openssl/openssl_missing.c
-+++ b/ext/openssl/openssl_missing.c
-@@ -22,17 +22,15 @@
- #include "openssl_missing.h"
- 
- #if !defined(HAVE_HMAC_CTX_COPY)
--int
-+void
- HMAC_CTX_copy(HMAC_CTX *out, HMAC_CTX *in)
- {
--    if (!out || !in) return 0;
-+    if (!out || !in) return;
-     memcpy(out, in, sizeof(HMAC_CTX));
- 
--    if (!EVP_MD_CTX_copy(&out->md_ctx, &in->md_ctx)
--	    || !EVP_MD_CTX_copy(&out->i_ctx, &in->i_ctx)
--	    || !EVP_MD_CTX_copy(&out->o_ctx, &in->o_ctx))
--	return 0;
--    return 1;
-+    EVP_MD_CTX_copy(&out->md_ctx, &in->md_ctx);
-+    EVP_MD_CTX_copy(&out->i_ctx, &in->i_ctx);
-+    EVP_MD_CTX_copy(&out->o_ctx, &in->o_ctx);
- }
- #endif /* HAVE_HMAC_CTX_COPY */
- #endif /* NO_HMAC */
-diff --git a/ext/openssl/openssl_missing.h b/ext/openssl/openssl_missing.h
-for Ruby 1.8.1 or older
---- a/ext/openssl/openssl_missing.h
-+++ b/ext/openssl/openssl_missing.h
-@@ -56,12 +56,33 @@
- 	(char *(*)())d2i_PKCS7_RECIP_INFO, (char *)ri)
- #endif
- 
--int HMAC_CTX_copy(HMAC_CTX *out, HMAC_CTX *in);
--void *X509_STORE_get_ex_data(X509_STORE *str, int idx);
--int X509_STORE_set_ex_data(X509_STORE *str, int idx, void *data);
-+#if !defined(HAVE_EVP_MD_CTX_INIT)
-+void HMAC_CTX_init(HMAC_CTX *ctx);
-+#endif
-+
-+#if !defined(HAVE_HMAC_CTX_COPY)
-+void HMAC_CTX_copy(HMAC_CTX *out, HMAC_CTX *in);
-+#endif
-+
-+#if !defined(HAVE_HMAC_CTX_CLEANUP)
-+void HMAC_CTX_cleanup(HMAC_CTX *ctx);
-+#endif
-+
-+#if !defined(HAVE_EVP_MD_CTX_CREATE)
- EVP_MD_CTX *EVP_MD_CTX_create(void);
-+#endif
-+
-+#if !defined(HAVE_EVP_MD_CTX_INIT)
-+void EVP_MD_CTX_init(EVP_MD_CTX *ctx);
-+#endif
-+
-+#if !defined(HAVE_EVP_MD_CTX_CLEANUP)
- int EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx);
-+#endif
-+
-+#if !defined(HAVE_EVP_MD_CTX_DESTROY)
- void EVP_MD_CTX_destroy(EVP_MD_CTX *ctx);
-+#endif
- 
- #if !defined(EVP_CIPHER_name)
- #  define EVP_CIPHER_name(e) OBJ_nid2sn(EVP_CIPHER_nid(e))
-@@ -83,17 +104,54 @@
- #  define PKCS7_type_is_encrypted(a) (OBJ_obj2nid((a)->type) == NID_pkcs7_encrypted)
- #endif
- 
-+#if !defined(HAVE_X509_STORE_SET_EX_DATA)
-+void *X509_STORE_get_ex_data(X509_STORE *str, int idx);
-+int X509_STORE_set_ex_data(X509_STORE *str, int idx, void *data);
-+#endif
-+
-+#if !defined(HAVE_X509_CRL_SET_VERSION)
- int X509_CRL_set_version(X509_CRL *x, long version);
-+#endif
-+
-+#if !defined(HAVE_X509_CRL_SET_ISSUER_NAME)
- int X509_CRL_set_issuer_name(X509_CRL *x, X509_NAME *name);
-+#endif
-+
-+#if !defined(HAVE_X509_CRL_SORT)
- int X509_CRL_sort(X509_CRL *c);
-+#endif
-+
-+#if !defined(HAVE_X509_CRL_ADD0_REVOKED)
- int X509_CRL_add0_revoked(X509_CRL *crl, X509_REVOKED *rev);
-+#endif
-+
-+#if !defined(HAVE_BN_MOD_SQR)
- int BN_mod_sqr(BIGNUM *r, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx);
-+#endif
-+
-+#if !defined(HAVE_BN_MOD_ADD)
- int BN_mod_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m, BN_CTX *ctx);
-+#endif
-+
-+#if !defined(HAVE_BN_MOD_SUB)
- int BN_mod_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m, BN_CTX *ctx);
-+#endif
-+
-+#if !defined(HAVE_BN_RAND_RANGE)
- int BN_rand_range(BIGNUM *r, BIGNUM *range);
-+#endif
-+
-+#if !defined(HAVE_BN_PSEUDO_RAND_RANGE)
- int BN_pseudo_rand_range(BIGNUM *r, BIGNUM *range);
-+#endif
-+
-+#if !defined(HAVE_CONF_GET1_DEFAULT_CONFIG_FILE)
- char *CONF_get1_default_config_file(void);
-+#endif
-+
-+#if !defined(HAVE_PEM_DEF_CALLBACK)
- int PEM_def_callback(char *buf, int num, int w, void *key);
-+#endif
- 
- #if defined(__cplusplus)
- }
-diff --git a/ext/openssl/openssl_missing.h b/ext/openssl/openssl_missing.h
-index e8c75ca..3450b81 100644
---- a/ext/openssl/openssl_missing.h
-+++ b/ext/openssl/openssl_missing.h
-@@ -56,14 +56,33 @@ extern "C" {
- 	(char *(*)())d2i_PKCS7_RECIP_INFO, (char *)ri)
- #endif
- 
-+#if !defined(HAVE_EVP_MD_CTX_INIT)
- void HMAC_CTX_init(HMAC_CTX *ctx);
--int HMAC_CTX_copy(HMAC_CTX *out, HMAC_CTX *in);
-+#endif
-+
-+#if !defined(HAVE_HMAC_CTX_COPY)
-+void HMAC_CTX_copy(HMAC_CTX *out, HMAC_CTX *in);
-+#endif
-+
-+#if !defined(HAVE_HMAC_CTX_CLEANUP)
- void HMAC_CTX_cleanup(HMAC_CTX *ctx);
-+#endif
- 
-+#if !defined(HAVE_EVP_MD_CTX_CREATE)
- EVP_MD_CTX *EVP_MD_CTX_create(void);
-+#endif
-+
-+#if !defined(HAVE_EVP_MD_CTX_INIT)
- void EVP_MD_CTX_init(EVP_MD_CTX *ctx);
-+#endif
-+
-+#if !defined(HAVE_EVP_MD_CTX_CLEANUP)
- int EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx);
-+#endif
-+
-+#if !defined(HAVE_EVP_MD_CTX_DESTROY)
- void EVP_MD_CTX_destroy(EVP_MD_CTX *ctx);
-+#endif
- 
- #if !defined(HAVE_EVP_CIPHER_CTX_COPY)
- int EVP_CIPHER_CTX_copy(EVP_CIPHER_CTX *out, EVP_CIPHER_CTX *in);
-@@ -107,19 +126,54 @@ int EVP_CIPHER_CTX_copy(EVP_CIPHER_CTX *out, EVP_CIPHER_CTX *in);
- #define OPENSSL_cleanse(p, l) memset(p, 0, l)
- #endif
- 
-+#if !defined(HAVE_X509_STORE_SET_EX_DATA)
- void *X509_STORE_get_ex_data(X509_STORE *str, int idx);
- int X509_STORE_set_ex_data(X509_STORE *str, int idx, void *data);
-+#endif
-+
-+#if !defined(HAVE_X509_CRL_SET_VERSION)
- int X509_CRL_set_version(X509_CRL *x, long version);
-+#endif
-+
-+#if !defined(HAVE_X509_CRL_SET_ISSUER_NAME)
- int X509_CRL_set_issuer_name(X509_CRL *x, X509_NAME *name);
-+#endif
-+
-+#if !defined(HAVE_X509_CRL_SORT)
- int X509_CRL_sort(X509_CRL *c);
-+#endif
-+
-+#if !defined(HAVE_X509_CRL_ADD0_REVOKED)
- int X509_CRL_add0_revoked(X509_CRL *crl, X509_REVOKED *rev);
-+#endif
-+
-+#if !defined(HAVE_BN_MOD_SQR)
- int BN_mod_sqr(BIGNUM *r, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx);
-+#endif
-+
-+#if !defined(HAVE_BN_MOD_ADD)
- int BN_mod_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m, BN_CTX *ctx);
-+#endif
-+
-+#if !defined(HAVE_BN_MOD_SUB)
- int BN_mod_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m, BN_CTX *ctx);
-+#endif
-+
-+#if !defined(HAVE_BN_RAND_RANGE)
- int BN_rand_range(BIGNUM *r, BIGNUM *range);
-+#endif
-+
-+#if !defined(HAVE_BN_PSEUDO_RAND_RANGE)
- int BN_pseudo_rand_range(BIGNUM *r, BIGNUM *range);
-+#endif
-+
-+#if !defined(HAVE_CONF_GET1_DEFAULT_CONFIG_FILE)
- char *CONF_get1_default_config_file(void);
-+#endif
-+
-+#if !defined(HAVE_PEM_DEF_CALLBACK)
- int PEM_def_callback(char *buf, int num, int w, void *key);
-+#endif
- 
- #if defined(__cplusplus)
- }
-diff --git a/ext/openssl/ossl_hmac.c b/ext/openssl/ossl_hmac.c
-index ba85f52..ef77d6c 100644
---- a/ext/openssl/ossl_hmac.c
-+++ b/ext/openssl/ossl_hmac.c
-@@ -87,9 +87,7 @@ ossl_hmac_copy(VALUE self, VALUE other)
-     GetHMAC(self, ctx1);
-     SafeGetHMAC(other, ctx2);
- 
--    if (!HMAC_CTX_copy(ctx1, ctx2)) {
--	ossl_raise(eHMACError, NULL);
--    }
-+    HMAC_CTX_copy(ctx1, ctx2);
-     return self;
- }
- 
-@@ -115,9 +113,7 @@ hmac_final(HMAC_CTX *ctx, char **buf, int *buf_len)
- {
-     HMAC_CTX final;
- 
--    if (!HMAC_CTX_copy(&final, ctx)) {
--	ossl_raise(eHMACError, NULL);
--    }
-+    HMAC_CTX_copy(&final, ctx);
-     if (!(*buf = OPENSSL_malloc(HMAC_size(&final)))) {
- 	HMAC_CTX_cleanup(&final);
- 	OSSL_Debug("Allocating %d mem", HMAC_size(&final));
diff --git a/patches/ruby/r16478-pkcs5-typo.patch b/patches/ruby/r16478-pkcs5-typo.patch
new file mode 100644
index 0000000..8a4b929
--- /dev/null
+++ b/patches/ruby/r16478-pkcs5-typo.patch
@@ -0,0 +1,13 @@
+diff --git a/ext/openssl/ossl_pkcs5.c b/ext/openssl/ossl_pkcs5.c
+index ca02a18..007889f 100644
+--- a/ext/openssl/ossl_pkcs5.c
++++ b/ext/openssl/ossl_pkcs5.c
+@@ -27,7 +27,7 @@ ossl_pkcs5_pbkdf2_hmac(VALUE self, VALUE pass, VALUE salt, VALUE iter, VALUE key
+ {
+ #ifdef HAVE_PKCS5_PBKDF2_HMAC
+     VALUE str;
+-    const EVP_MD md;
++    const EVP_MD *md;
+     int len = NUM2INT(keylen);
+ 
+     StringValue(pass);
diff --git a/patches/ruby/r26781-OpenSSL10-180.patch b/patches/ruby/r26781-OpenSSL10-180.patch
new file mode 100644
index 0000000..b78589c
--- /dev/null
+++ b/patches/ruby/r26781-OpenSSL10-180.patch
@@ -0,0 +1,71 @@
+diff --git a/ext/openssl/ossl.c b/ext/openssl/ossl.c
+index d4a2dc1..85ba654 100644
+--- a/ext/openssl/ossl.c
++++ b/ext/openssl/ossl.c
+@@ -92,7 +92,7 @@ ossl_x509_ary2sk(VALUE ary)
+ 
+ #define OSSL_IMPL_SK2ARY(name, type)	        \
+ VALUE						\
+-ossl_##name##_sk2ary(STACK *sk)			\
++ossl_##name##_sk2ary(STACK_OF(type) *sk)	\
+ {						\
+     type *t;					\
+     int i, num;					\
+@@ -102,7 +102,7 @@ ossl_##name##_sk2ary(STACK *sk)			\
+ 	OSSL_Debug("empty sk!");		\
+ 	return Qnil;				\
+     }						\
+-    num = sk_num(sk);				\
++    num = sk_##type##_num(sk);			\
+     if (num < 0) {				\
+ 	OSSL_Debug("items in sk < -1???");	\
+ 	return rb_ary_new();			\
+@@ -110,7 +110,7 @@ ossl_##name##_sk2ary(STACK *sk)			\
+     ary = rb_ary_new2(num);			\
+ 						\
+     for (i=0; i<num; i++) {			\
+-	t = (type *)sk_value(sk, i);		\
++	t = sk_##type##_value(sk, i);		\
+ 	rb_ary_push(ary, ossl_##name##_new(t));	\
+     }						\
+     return ary;					\
+diff --git a/ext/openssl/ossl.h b/ext/openssl/ossl.h
+index 9ac1525..4bb18d5 100644
+--- a/ext/openssl/ossl.h
++++ b/ext/openssl/ossl.h
+@@ -104,6 +104,13 @@ extern VALUE eOSSLError;
+ } while (0)
+ 
+ /*
++ * Compatibility
++ */
++#if OPENSSL_VERSION_NUMBER >= 0x10000000L
++#define STACK _STACK
++#endif
++
++/*
+  * String to HEXString conversion
+  */
+ int string2hex(const unsigned char *, int, char **, int *);
+diff --git a/ext/openssl/ossl_x509crl.c b/ext/openssl/ossl_x509crl.c
+index 1be9640..818fdba 100644
+--- a/ext/openssl/ossl_x509crl.c
++++ b/ext/openssl/ossl_x509crl.c
+@@ -264,7 +264,7 @@ ossl_x509crl_get_revoked(VALUE self)
+     VALUE ary, revoked;
+ 
+     GetX509CRL(self, crl);
+-    num = sk_X509_CRL_num(X509_CRL_get_REVOKED(crl));
++    num = sk_X509_REVOKED_num(X509_CRL_get_REVOKED(crl));
+     if (num < 0) {
+ 	OSSL_Debug("num < 0???");
+ 	return rb_ary_new();
+@@ -272,7 +272,7 @@ ossl_x509crl_get_revoked(VALUE self)
+     ary = rb_ary_new2(num);
+     for(i=0; i<num; i++) {
+ 	/* NO DUP - don't free! */
+-	rev = (X509_REVOKED *)sk_X509_CRL_value(X509_CRL_get_REVOKED(crl), i);
++	rev = sk_X509_REVOKED_value(X509_CRL_get_REVOKED(crl), i);
+ 	revoked = ossl_x509revoked_new(rev);
+ 	rb_ary_push(ary, revoked);
+     }
diff --git a/patches/ruby/r26781-OpenSSL10-181.patch b/patches/ruby/r26781-OpenSSL10-181.patch
new file mode 100644
index 0000000..9484c37
--- /dev/null
+++ b/patches/ruby/r26781-OpenSSL10-181.patch
@@ -0,0 +1,201 @@
+diff --git a/ext/openssl/ossl.c b/ext/openssl/ossl.c
+index d4a2dc1..85ba654 100644
+--- a/ext/openssl/ossl.c
++++ b/ext/openssl/ossl.c
+@@ -92,7 +92,7 @@ ossl_x509_ary2sk(VALUE ary)
+ 
+ #define OSSL_IMPL_SK2ARY(name, type)	        \
+ VALUE						\
+-ossl_##name##_sk2ary(STACK *sk)			\
++ossl_##name##_sk2ary(STACK_OF(type) *sk)	\
+ {						\
+     type *t;					\
+     int i, num;					\
+@@ -102,7 +102,7 @@ ossl_##name##_sk2ary(STACK *sk)			\
+ 	OSSL_Debug("empty sk!");		\
+ 	return Qnil;				\
+     }						\
+-    num = sk_num(sk);				\
++    num = sk_##type##_num(sk);			\
+     if (num < 0) {				\
+ 	OSSL_Debug("items in sk < -1???");	\
+ 	return rb_ary_new();			\
+@@ -110,7 +110,7 @@ ossl_##name##_sk2ary(STACK *sk)			\
+     ary = rb_ary_new2(num);			\
+ 						\
+     for (i=0; i<num; i++) {			\
+-	t = (type *)sk_value(sk, i);		\
++	t = sk_##type##_value(sk, i);		\
+ 	rb_ary_push(ary, ossl_##name##_new(t));	\
+     }						\
+     return ary;					\
+diff --git a/ext/openssl/ossl.h b/ext/openssl/ossl.h
+index 9ac1525..4bb18d5 100644
+--- a/ext/openssl/ossl.h
++++ b/ext/openssl/ossl.h
+@@ -104,6 +104,13 @@ extern VALUE eOSSLError;
+ } while (0)
+ 
+ /*
++ * Compatibility
++ */
++#if OPENSSL_VERSION_NUMBER >= 0x10000000L
++#define STACK _STACK
++#endif
++
++/*
+  * String to HEXString conversion
+  */
+ int string2hex(const unsigned char *, int, char **, int *);
+diff --git a/ext/openssl/ossl_pkcs7.c b/ext/openssl/ossl_pkcs7.c
+index fe1ef7c..b0cc656 100644
+--- a/ext/openssl/ossl_pkcs7.c
++++ b/ext/openssl/ossl_pkcs7.c
+@@ -572,12 +572,11 @@ ossl_pkcs7_add_certificate(VALUE self, VALUE cert)
+     return self;
+ }
+ 
+-static STACK *
+-pkcs7_get_certs_or_crls(VALUE self, int want_certs)
++static STACK_OF(X509) *
++pkcs7_get_certs(VALUE self)
+ {
+     PKCS7 *pkcs7;
+     STACK_OF(X509) *certs;
+-    STACK_OF(X509_CRL) *crls;
+     int i;
+ 
+     GetPKCS7(self, pkcs7);
+@@ -585,17 +584,38 @@ pkcs7_get_certs_or_crls(VALUE self, int want_certs)
+     switch(i){
+     case NID_pkcs7_signed:
+         certs = pkcs7->d.sign->cert;
+-        crls = pkcs7->d.sign->crl;
+         break;
+     case NID_pkcs7_signedAndEnveloped:
+         certs = pkcs7->d.signed_and_enveloped->cert;
++        break;
++    default:
++        certs = NULL;
++    }
++
++    return certs;
++}
++
++static STACK_OF(X509_CRL) *
++pkcs7_get_crls(VALUE self)
++{
++    PKCS7 *pkcs7;
++    STACK_OF(X509_CRL) *crls;
++    int i;
++
++    GetPKCS7(self, pkcs7);
++    i = OBJ_obj2nid(pkcs7->type);
++    switch(i){
++    case NID_pkcs7_signed:
++        crls = pkcs7->d.sign->crl;
++        break;
++    case NID_pkcs7_signedAndEnveloped:
+         crls = pkcs7->d.signed_and_enveloped->crl;
+         break;
+     default:
+-        certs = crls = NULL;
++        crls = NULL;
+     }
+ 
+-    return want_certs ? certs : crls;
++    return crls;
+ }
+ 
+ static VALUE
+@@ -610,7 +630,7 @@ ossl_pkcs7_set_certificates(VALUE self, VALUE ary)
+     STACK_OF(X509) *certs;
+     X509 *cert;
+ 
+-    certs = pkcs7_get_certs_or_crls(self, 1);
++    certs = pkcs7_get_certs(self);
+     while((cert = sk_X509_pop(certs))) X509_free(cert);
+     rb_block_call(ary, rb_intern("each"), 0, 0, ossl_pkcs7_set_certs_i, self);
+ 
+@@ -620,7 +640,7 @@ ossl_pkcs7_set_certificates(VALUE self, VALUE ary)
+ static VALUE
+ ossl_pkcs7_get_certificates(VALUE self)
+ {
+-    return ossl_x509_sk2ary(pkcs7_get_certs_or_crls(self, 1));
++    return ossl_x509_sk2ary(pkcs7_get_certs(self));
+ }
+ 
+ static VALUE
+@@ -650,7 +670,7 @@ ossl_pkcs7_set_crls(VALUE self, VALUE ary)
+     STACK_OF(X509_CRL) *crls;
+     X509_CRL *crl;
+ 
+-    crls = pkcs7_get_certs_or_crls(self, 0);
++    crls = pkcs7_get_crls(self);
+     while((crl = sk_X509_CRL_pop(crls))) X509_CRL_free(crl);
+     rb_block_call(ary, rb_intern("each"), 0, 0, ossl_pkcs7_set_crls_i, self);
+ 
+@@ -660,7 +680,7 @@ ossl_pkcs7_set_crls(VALUE self, VALUE ary)
+ static VALUE
+ ossl_pkcs7_get_crls(VALUE self)
+ {
+-    return ossl_x509crl_sk2ary(pkcs7_get_certs_or_crls(self, 0));
++    return ossl_x509crl_sk2ary(pkcs7_get_crls(self));
+ }
+ 
+ static VALUE
+diff --git a/ext/openssl/ossl_ssl.c b/ext/openssl/ossl_ssl.c
+index 97c5583..fe6e74f 100644
+--- a/ext/openssl/ossl_ssl.c
++++ b/ext/openssl/ossl_ssl.c
+@@ -1403,10 +1403,10 @@ ossl_ssl_get_peer_cert_chain(VALUE self)
+     }
+     chain = SSL_get_peer_cert_chain(ssl);
+     if(!chain) return Qnil;
+-    num = sk_num(chain);
++    num = sk_X509_num(chain);
+     ary = rb_ary_new2(num);
+     for (i = 0; i < num; i++){
+-	cert = (X509*)sk_value(chain, i);
++	cert = sk_X509_value(chain, i);
+ 	rb_ary_push(ary, ossl_x509_new(cert));
+     }
+ 
+diff --git a/ext/openssl/ossl_x509attr.c b/ext/openssl/ossl_x509attr.c
+index 1f817cd..2a4c481 100644
+--- a/ext/openssl/ossl_x509attr.c
++++ b/ext/openssl/ossl_x509attr.c
+@@ -218,8 +218,9 @@ ossl_x509attr_get_value(VALUE self)
+ 	ossl_str_adjust(str, p);
+     }
+     else{
+-	length = i2d_ASN1_SET_OF_ASN1_TYPE(attr->value.set, NULL,
+-			i2d_ASN1_TYPE, V_ASN1_SET, V_ASN1_UNIVERSAL, 0);
++	length = i2d_ASN1_SET_OF_ASN1_TYPE(attr->value.set,
++			(unsigned char **) NULL, i2d_ASN1_TYPE,
++			V_ASN1_SET, V_ASN1_UNIVERSAL, 0);
+ 	str = rb_str_new(0, length);
+ 	p = (unsigned char *)RSTRING_PTR(str);
+ 	i2d_ASN1_SET_OF_ASN1_TYPE(attr->value.set, &p,
+diff --git a/ext/openssl/ossl_x509crl.c b/ext/openssl/ossl_x509crl.c
+index 1be9640..818fdba 100644
+--- a/ext/openssl/ossl_x509crl.c
++++ b/ext/openssl/ossl_x509crl.c
+@@ -264,7 +264,7 @@ ossl_x509crl_get_revoked(VALUE self)
+     VALUE ary, revoked;
+ 
+     GetX509CRL(self, crl);
+-    num = sk_X509_CRL_num(X509_CRL_get_REVOKED(crl));
++    num = sk_X509_REVOKED_num(X509_CRL_get_REVOKED(crl));
+     if (num < 0) {
+ 	OSSL_Debug("num < 0???");
+ 	return rb_ary_new();
+@@ -272,7 +272,7 @@ ossl_x509crl_get_revoked(VALUE self)
+     ary = rb_ary_new2(num);
+     for(i=0; i<num; i++) {
+ 	/* NO DUP - don't free! */
+-	rev = (X509_REVOKED *)sk_X509_CRL_value(X509_CRL_get_REVOKED(crl), i);
++	rev = sk_X509_REVOKED_value(X509_CRL_get_REVOKED(crl), i);
+ 	revoked = ossl_x509revoked_new(rev);
+ 	rb_ary_push(ary, revoked);
+     }
diff --git a/patches/ruby/r26781-OpenSSL10.patch b/patches/ruby/r26781-OpenSSL10.patch
deleted file mode 100644
index 9484c37..0000000
--- a/patches/ruby/r26781-OpenSSL10.patch
+++ /dev/null
@@ -1,201 +0,0 @@
-diff --git a/ext/openssl/ossl.c b/ext/openssl/ossl.c
-index d4a2dc1..85ba654 100644
---- a/ext/openssl/ossl.c
-+++ b/ext/openssl/ossl.c
-@@ -92,7 +92,7 @@ ossl_x509_ary2sk(VALUE ary)
- 
- #define OSSL_IMPL_SK2ARY(name, type)	        \
- VALUE						\
--ossl_##name##_sk2ary(STACK *sk)			\
-+ossl_##name##_sk2ary(STACK_OF(type) *sk)	\
- {						\
-     type *t;					\
-     int i, num;					\
-@@ -102,7 +102,7 @@ ossl_##name##_sk2ary(STACK *sk)			\
- 	OSSL_Debug("empty sk!");		\
- 	return Qnil;				\
-     }						\
--    num = sk_num(sk);				\
-+    num = sk_##type##_num(sk);			\
-     if (num < 0) {				\
- 	OSSL_Debug("items in sk < -1???");	\
- 	return rb_ary_new();			\
-@@ -110,7 +110,7 @@ ossl_##name##_sk2ary(STACK *sk)			\
-     ary = rb_ary_new2(num);			\
- 						\
-     for (i=0; i<num; i++) {			\
--	t = (type *)sk_value(sk, i);		\
-+	t = sk_##type##_value(sk, i);		\
- 	rb_ary_push(ary, ossl_##name##_new(t));	\
-     }						\
-     return ary;					\
-diff --git a/ext/openssl/ossl.h b/ext/openssl/ossl.h
-index 9ac1525..4bb18d5 100644
---- a/ext/openssl/ossl.h
-+++ b/ext/openssl/ossl.h
-@@ -104,6 +104,13 @@ extern VALUE eOSSLError;
- } while (0)
- 
- /*
-+ * Compatibility
-+ */
-+#if OPENSSL_VERSION_NUMBER >= 0x10000000L
-+#define STACK _STACK
-+#endif
-+
-+/*
-  * String to HEXString conversion
-  */
- int string2hex(const unsigned char *, int, char **, int *);
-diff --git a/ext/openssl/ossl_pkcs7.c b/ext/openssl/ossl_pkcs7.c
-index fe1ef7c..b0cc656 100644
---- a/ext/openssl/ossl_pkcs7.c
-+++ b/ext/openssl/ossl_pkcs7.c
-@@ -572,12 +572,11 @@ ossl_pkcs7_add_certificate(VALUE self, VALUE cert)
-     return self;
- }
- 
--static STACK *
--pkcs7_get_certs_or_crls(VALUE self, int want_certs)
-+static STACK_OF(X509) *
-+pkcs7_get_certs(VALUE self)
- {
-     PKCS7 *pkcs7;
-     STACK_OF(X509) *certs;
--    STACK_OF(X509_CRL) *crls;
-     int i;
- 
-     GetPKCS7(self, pkcs7);
-@@ -585,17 +584,38 @@ pkcs7_get_certs_or_crls(VALUE self, int want_certs)
-     switch(i){
-     case NID_pkcs7_signed:
-         certs = pkcs7->d.sign->cert;
--        crls = pkcs7->d.sign->crl;
-         break;
-     case NID_pkcs7_signedAndEnveloped:
-         certs = pkcs7->d.signed_and_enveloped->cert;
-+        break;
-+    default:
-+        certs = NULL;
-+    }
-+
-+    return certs;
-+}
-+
-+static STACK_OF(X509_CRL) *
-+pkcs7_get_crls(VALUE self)
-+{
-+    PKCS7 *pkcs7;
-+    STACK_OF(X509_CRL) *crls;
-+    int i;
-+
-+    GetPKCS7(self, pkcs7);
-+    i = OBJ_obj2nid(pkcs7->type);
-+    switch(i){
-+    case NID_pkcs7_signed:
-+        crls = pkcs7->d.sign->crl;
-+        break;
-+    case NID_pkcs7_signedAndEnveloped:
-         crls = pkcs7->d.signed_and_enveloped->crl;
-         break;
-     default:
--        certs = crls = NULL;
-+        crls = NULL;
-     }
- 
--    return want_certs ? certs : crls;
-+    return crls;
- }
- 
- static VALUE
-@@ -610,7 +630,7 @@ ossl_pkcs7_set_certificates(VALUE self, VALUE ary)
-     STACK_OF(X509) *certs;
-     X509 *cert;
- 
--    certs = pkcs7_get_certs_or_crls(self, 1);
-+    certs = pkcs7_get_certs(self);
-     while((cert = sk_X509_pop(certs))) X509_free(cert);
-     rb_block_call(ary, rb_intern("each"), 0, 0, ossl_pkcs7_set_certs_i, self);
- 
-@@ -620,7 +640,7 @@ ossl_pkcs7_set_certificates(VALUE self, VALUE ary)
- static VALUE
- ossl_pkcs7_get_certificates(VALUE self)
- {
--    return ossl_x509_sk2ary(pkcs7_get_certs_or_crls(self, 1));
-+    return ossl_x509_sk2ary(pkcs7_get_certs(self));
- }
- 
- static VALUE
-@@ -650,7 +670,7 @@ ossl_pkcs7_set_crls(VALUE self, VALUE ary)
-     STACK_OF(X509_CRL) *crls;
-     X509_CRL *crl;
- 
--    crls = pkcs7_get_certs_or_crls(self, 0);
-+    crls = pkcs7_get_crls(self);
-     while((crl = sk_X509_CRL_pop(crls))) X509_CRL_free(crl);
-     rb_block_call(ary, rb_intern("each"), 0, 0, ossl_pkcs7_set_crls_i, self);
- 
-@@ -660,7 +680,7 @@ ossl_pkcs7_set_crls(VALUE self, VALUE ary)
- static VALUE
- ossl_pkcs7_get_crls(VALUE self)
- {
--    return ossl_x509crl_sk2ary(pkcs7_get_certs_or_crls(self, 0));
-+    return ossl_x509crl_sk2ary(pkcs7_get_crls(self));
- }
- 
- static VALUE
-diff --git a/ext/openssl/ossl_ssl.c b/ext/openssl/ossl_ssl.c
-index 97c5583..fe6e74f 100644
---- a/ext/openssl/ossl_ssl.c
-+++ b/ext/openssl/ossl_ssl.c
-@@ -1403,10 +1403,10 @@ ossl_ssl_get_peer_cert_chain(VALUE self)
-     }
-     chain = SSL_get_peer_cert_chain(ssl);
-     if(!chain) return Qnil;
--    num = sk_num(chain);
-+    num = sk_X509_num(chain);
-     ary = rb_ary_new2(num);
-     for (i = 0; i < num; i++){
--	cert = (X509*)sk_value(chain, i);
-+	cert = sk_X509_value(chain, i);
- 	rb_ary_push(ary, ossl_x509_new(cert));
-     }
- 
-diff --git a/ext/openssl/ossl_x509attr.c b/ext/openssl/ossl_x509attr.c
-index 1f817cd..2a4c481 100644
---- a/ext/openssl/ossl_x509attr.c
-+++ b/ext/openssl/ossl_x509attr.c
-@@ -218,8 +218,9 @@ ossl_x509attr_get_value(VALUE self)
- 	ossl_str_adjust(str, p);
-     }
-     else{
--	length = i2d_ASN1_SET_OF_ASN1_TYPE(attr->value.set, NULL,
--			i2d_ASN1_TYPE, V_ASN1_SET, V_ASN1_UNIVERSAL, 0);
-+	length = i2d_ASN1_SET_OF_ASN1_TYPE(attr->value.set,
-+			(unsigned char **) NULL, i2d_ASN1_TYPE,
-+			V_ASN1_SET, V_ASN1_UNIVERSAL, 0);
- 	str = rb_str_new(0, length);
- 	p = (unsigned char *)RSTRING_PTR(str);
- 	i2d_ASN1_SET_OF_ASN1_TYPE(attr->value.set, &p,
-diff --git a/ext/openssl/ossl_x509crl.c b/ext/openssl/ossl_x509crl.c
-index 1be9640..818fdba 100644
---- a/ext/openssl/ossl_x509crl.c
-+++ b/ext/openssl/ossl_x509crl.c
-@@ -264,7 +264,7 @@ ossl_x509crl_get_revoked(VALUE self)
-     VALUE ary, revoked;
- 
-     GetX509CRL(self, crl);
--    num = sk_X509_CRL_num(X509_CRL_get_REVOKED(crl));
-+    num = sk_X509_REVOKED_num(X509_CRL_get_REVOKED(crl));
-     if (num < 0) {
- 	OSSL_Debug("num < 0???");
- 	return rb_ary_new();
-@@ -272,7 +272,7 @@ ossl_x509crl_get_revoked(VALUE self)
-     ary = rb_ary_new2(num);
-     for(i=0; i<num; i++) {
- 	/* NO DUP - don't free! */
--	rev = (X509_REVOKED *)sk_X509_CRL_value(X509_CRL_get_REVOKED(crl), i);
-+	rev = sk_X509_REVOKED_value(X509_CRL_get_REVOKED(crl), i);
- 	revoked = ossl_x509revoked_new(rev);
- 	rb_ary_push(ary, revoked);
-     }
diff --git a/patches/ruby/r31346-r31528-SSLv2-180.patch b/patches/ruby/r31346-r31528-SSLv2-180.patch
new file mode 100644
index 0000000..62f3fc1
--- /dev/null
+++ b/patches/ruby/r31346-r31528-SSLv2-180.patch
@@ -0,0 +1,31 @@
+diff --git a/ext/openssl/extconf.rb b/ext/openssl/extconf.rb
+index b1f2d88..1bd5a07 100644
+--- a/ext/openssl/extconf.rb
++++ b/ext/openssl/extconf.rb
+@@ -100,6 +100,9 @@
+ have_func("BN_rand_range")
+ have_func("BN_pseudo_rand_range")
+ have_func("CONF_get1_default_config_file")
++have_func("SSLv2_method")
++have_func("SSLv2_server_method")
++have_func("SSLv2_client_method")
+ if try_cpp("#define FOO(a, ...) foo(a, ##__VA_ARGS__)\n int x(){FOO(1,2);}\n")
+   $defs.push("-DHAVE_VA_ARGS_MACRO")
+ end
+diff --git a/ext/openssl/ossl_ssl.c b/ext/openssl/ossl_ssl.c
+index d8951fb..d750e95 100644
+--- a/ext/openssl/ossl_ssl.c
++++ b/ext/openssl/ossl_ssl.c
+@@ -107,9 +107,12 @@ struct {
+     OSSL_SSL_METHOD_ENTRY(TLSv1),
+     OSSL_SSL_METHOD_ENTRY(TLSv1_server),
+     OSSL_SSL_METHOD_ENTRY(TLSv1_client),
++#if defined(HAVE_SSLV2_METHOD) && defined(HAVE_SSLV2_SERVER_METHOD) && \
++        defined(HAVE_SSLV2_CLIENT_METHOD)
+     OSSL_SSL_METHOD_ENTRY(SSLv2),
+     OSSL_SSL_METHOD_ENTRY(SSLv2_server),
+     OSSL_SSL_METHOD_ENTRY(SSLv2_client),
++#endif
+     OSSL_SSL_METHOD_ENTRY(SSLv3),
+     OSSL_SSL_METHOD_ENTRY(SSLv3_server),
+     OSSL_SSL_METHOD_ENTRY(SSLv3_client),
diff --git a/patches/ruby/r31346-r31528-SSLv2-181.patch b/patches/ruby/r31346-r31528-SSLv2-181.patch
new file mode 100644
index 0000000..a038ebb
--- /dev/null
+++ b/patches/ruby/r31346-r31528-SSLv2-181.patch
@@ -0,0 +1,31 @@
+diff --git a/ext/openssl/extconf.rb b/ext/openssl/extconf.rb
+index b1f2d88..1bd5a07 100644
+--- a/ext/openssl/extconf.rb
++++ b/ext/openssl/extconf.rb
+@@ -100,6 +100,9 @@
+ have_func("BN_pseudo_rand_range")
+ have_func("CONF_get1_default_config_file")
+ have_func("X509V3_set_nconf")
++have_func("SSLv2_method")
++have_func("SSLv2_server_method")
++have_func("SSLv2_client_method")
+ if try_compile("#define FOO(a, ...) foo(a, ##__VA_ARGS__)\n int x(){FOO(1);FOO(1,2);FOO(1,2,3);}\n")
+   $defs.push("-DHAVE_VA_ARGS_MACRO")
+ end
+diff --git a/ext/openssl/ossl_ssl.c b/ext/openssl/ossl_ssl.c
+index d8951fb..d750e95 100644
+--- a/ext/openssl/ossl_ssl.c
++++ b/ext/openssl/ossl_ssl.c
+@@ -107,9 +107,12 @@ struct {
+     OSSL_SSL_METHOD_ENTRY(TLSv1),
+     OSSL_SSL_METHOD_ENTRY(TLSv1_server),
+     OSSL_SSL_METHOD_ENTRY(TLSv1_client),
++#if defined(HAVE_SSLV2_METHOD) && defined(HAVE_SSLV2_SERVER_METHOD) && \
++        defined(HAVE_SSLV2_CLIENT_METHOD)
+     OSSL_SSL_METHOD_ENTRY(SSLv2),
+     OSSL_SSL_METHOD_ENTRY(SSLv2_server),
+     OSSL_SSL_METHOD_ENTRY(SSLv2_client),
++#endif
+     OSSL_SSL_METHOD_ENTRY(SSLv3),
+     OSSL_SSL_METHOD_ENTRY(SSLv3_server),
+     OSSL_SSL_METHOD_ENTRY(SSLv3_client),
diff --git a/patches/ruby/r31346-r31528-SSLv2-182.patch b/patches/ruby/r31346-r31528-SSLv2-182.patch
new file mode 100644
index 0000000..09386e6
--- /dev/null
+++ b/patches/ruby/r31346-r31528-SSLv2-182.patch
@@ -0,0 +1,31 @@
+diff --git a/ext/openssl/extconf.rb b/ext/openssl/extconf.rb
+index b1f2d88..1bd5a07 100644
+--- a/ext/openssl/extconf.rb
++++ b/ext/openssl/extconf.rb
+@@ -100,6 +100,9 @@
+ have_func("X509_CRL_sort")
+ have_func("X509_STORE_get_ex_data")
+ have_func("X509_STORE_set_ex_data")
++have_func("SSLv2_method")
++have_func("SSLv2_server_method")
++have_func("SSLv2_client_method")
+ if try_compile("#define FOO(a, ...) foo(a, ##__VA_ARGS__)\n int x(){FOO(1);FOO(1,2);FOO(1,2,3);}\n")
+   $defs.push("-DHAVE_VA_ARGS_MACRO")
+ end
+diff --git a/ext/openssl/ossl_ssl.c b/ext/openssl/ossl_ssl.c
+index d8951fb..d750e95 100644
+--- a/ext/openssl/ossl_ssl.c
++++ b/ext/openssl/ossl_ssl.c
+@@ -107,9 +107,12 @@ struct {
+     OSSL_SSL_METHOD_ENTRY(TLSv1),
+     OSSL_SSL_METHOD_ENTRY(TLSv1_server),
+     OSSL_SSL_METHOD_ENTRY(TLSv1_client),
++#if defined(HAVE_SSLV2_METHOD) && defined(HAVE_SSLV2_SERVER_METHOD) && \
++        defined(HAVE_SSLV2_CLIENT_METHOD)
+     OSSL_SSL_METHOD_ENTRY(SSLv2),
+     OSSL_SSL_METHOD_ENTRY(SSLv2_server),
+     OSSL_SSL_METHOD_ENTRY(SSLv2_client),
++#endif
+     OSSL_SSL_METHOD_ENTRY(SSLv3),
+     OSSL_SSL_METHOD_ENTRY(SSLv3_server),
+     OSSL_SSL_METHOD_ENTRY(SSLv3_client),
diff --git a/patches/ruby/r31346-r31528-SSLv2-183.patch b/patches/ruby/r31346-r31528-SSLv2-183.patch
new file mode 100644
index 0000000..cb8e01f
--- /dev/null
+++ b/patches/ruby/r31346-r31528-SSLv2-183.patch
@@ -0,0 +1,31 @@
+diff --git a/ext/openssl/extconf.rb b/ext/openssl/extconf.rb
+index b1f2d88..1bd5a07 100644
+--- a/ext/openssl/extconf.rb
++++ b/ext/openssl/extconf.rb
+@@ -100,6 +100,9 @@
+ have_func("OBJ_NAME_do_all_sorted")
+ have_func("SSL_SESSION_get_id")
+ have_func("OPENSSL_cleanse")
++have_func("SSLv2_method")
++have_func("SSLv2_server_method")
++have_func("SSLv2_client_method")
+ if try_compile("#define FOO(a, ...) foo(a, ##__VA_ARGS__)\n int x(){FOO(1);FOO(1,2);FOO(1,2,3);}\n")
+   $defs.push("-DHAVE_VA_ARGS_MACRO")
+ end
+diff --git a/ext/openssl/ossl_ssl.c b/ext/openssl/ossl_ssl.c
+index d8951fb..d750e95 100644
+--- a/ext/openssl/ossl_ssl.c
++++ b/ext/openssl/ossl_ssl.c
+@@ -107,9 +107,12 @@ struct {
+     OSSL_SSL_METHOD_ENTRY(TLSv1),
+     OSSL_SSL_METHOD_ENTRY(TLSv1_server),
+     OSSL_SSL_METHOD_ENTRY(TLSv1_client),
++#if defined(HAVE_SSLV2_METHOD) && defined(HAVE_SSLV2_SERVER_METHOD) && \
++        defined(HAVE_SSLV2_CLIENT_METHOD)
+     OSSL_SSL_METHOD_ENTRY(SSLv2),
+     OSSL_SSL_METHOD_ENTRY(SSLv2_server),
+     OSSL_SSL_METHOD_ENTRY(SSLv2_client),
++#endif
+     OSSL_SSL_METHOD_ENTRY(SSLv3),
+     OSSL_SSL_METHOD_ENTRY(SSLv3_server),
+     OSSL_SSL_METHOD_ENTRY(SSLv3_client),
diff --git a/patches/ruby/r31346-r31528-SSLv2-192.patch b/patches/ruby/r31346-r31528-SSLv2-192.patch
new file mode 100644
index 0000000..71348ed
--- /dev/null
+++ b/patches/ruby/r31346-r31528-SSLv2-192.patch
@@ -0,0 +1,31 @@
+diff --git a/ext/openssl/extconf.rb b/ext/openssl/extconf.rb
+index b1f2d88..1bd5a07 100644
+--- a/ext/openssl/extconf.rb
++++ b/ext/openssl/extconf.rb
+@@ -100,6 +100,9 @@
+ have_func("SSL_SESSION_get_id")
+ have_func("SSL_SESSION_cmp")
+ have_func("OPENSSL_cleanse")
++have_func("SSLv2_method")
++have_func("SSLv2_server_method")
++have_func("SSLv2_client_method")
+ unless have_func("SSL_set_tlsext_host_name", ['openssl/ssl.h'])
+   have_macro("SSL_set_tlsext_host_name", ['openssl/ssl.h']) && $defs.push("-DHAVE_SSL_SET_TLSEXT_HOST_NAME")
+ end
+diff --git a/ext/openssl/ossl_ssl.c b/ext/openssl/ossl_ssl.c
+index d8951fb..d750e95 100644
+--- a/ext/openssl/ossl_ssl.c
++++ b/ext/openssl/ossl_ssl.c
+@@ -107,9 +107,12 @@ struct {
+     OSSL_SSL_METHOD_ENTRY(TLSv1),
+     OSSL_SSL_METHOD_ENTRY(TLSv1_server),
+     OSSL_SSL_METHOD_ENTRY(TLSv1_client),
++#if defined(HAVE_SSLV2_METHOD) && defined(HAVE_SSLV2_SERVER_METHOD) && \
++        defined(HAVE_SSLV2_CLIENT_METHOD)
+     OSSL_SSL_METHOD_ENTRY(SSLv2),
+     OSSL_SSL_METHOD_ENTRY(SSLv2_server),
+     OSSL_SSL_METHOD_ENTRY(SSLv2_client),
++#endif
+     OSSL_SSL_METHOD_ENTRY(SSLv3),
+     OSSL_SSL_METHOD_ENTRY(SSLv3_server),
+     OSSL_SSL_METHOD_ENTRY(SSLv3_client),
diff --git a/patches/ruby/r31346-r31528-SSLv2.patch b/patches/ruby/r31346-r31528-SSLv2.patch
deleted file mode 100644
index 6185bca..0000000
--- a/patches/ruby/r31346-r31528-SSLv2.patch
+++ /dev/null
@@ -1,45 +0,0 @@
-diff --git a/ext/openssl/extconf.rb b/ext/openssl/extconf.rb
-index b1f2d88..1bd5a07 100644
---- a/ext/openssl/extconf.rb
-+++ b/ext/openssl/extconf.rb
-@@ -100,6 +100,9 @@
- have_func("OBJ_NAME_do_all_sorted")
- have_func("SSL_SESSION_get_id")
- have_func("OPENSSL_cleanse")
-+have_func("SSLv2_method")
-+have_func("SSLv2_server_method")
-+have_func("SSLv2_client_method")
- if try_compile("#define FOO(a, ...) foo(a, ##__VA_ARGS__)\n int x(){FOO(1);FOO(1,2);FOO(1,2,3);}\n")
-   $defs.push("-DHAVE_VA_ARGS_MACRO")
- end
-diff --git a/ext/openssl/extconf.rb b/ext/openssl/extconf.rb
-index b1f2d88..1bd5a07 100644
---- a/ext/openssl/extconf.rb
-+++ b/ext/openssl/extconf.rb
-@@ -100,6 +100,9 @@
- have_func("SSL_SESSION_get_id")
- have_func("SSL_SESSION_cmp")
- have_func("OPENSSL_cleanse")
-+have_func("SSLv2_method")
-+have_func("SSLv2_server_method")
-+have_func("SSLv2_client_method")
- unless have_func("SSL_set_tlsext_host_name", ['openssl/ssl.h'])
-   have_macro("SSL_set_tlsext_host_name", ['openssl/ssl.h']) && $defs.push("-DHAVE_SSL_SET_TLSEXT_HOST_NAME")
- end
-diff --git a/ext/openssl/ossl_ssl.c b/ext/openssl/ossl_ssl.c
-index d8951fb..d750e95 100644
---- a/ext/openssl/ossl_ssl.c
-+++ b/ext/openssl/ossl_ssl.c
-@@ -107,9 +107,12 @@ struct {
-     OSSL_SSL_METHOD_ENTRY(TLSv1),
-     OSSL_SSL_METHOD_ENTRY(TLSv1_server),
-     OSSL_SSL_METHOD_ENTRY(TLSv1_client),
-+#if defined(HAVE_SSLV2_METHOD) && defined(HAVE_SSLV2_SERVER_METHOD) && \
-+        defined(HAVE_SSLV2_CLIENT_METHOD)      
-     OSSL_SSL_METHOD_ENTRY(SSLv2),
-     OSSL_SSL_METHOD_ENTRY(SSLv2_server),
-     OSSL_SSL_METHOD_ENTRY(SSLv2_client),
-+#endif
-     OSSL_SSL_METHOD_ENTRY(SSLv3),
-     OSSL_SSL_METHOD_ENTRY(SSLv3_server),
-     OSSL_SSL_METHOD_ENTRY(SSLv3_client),
diff --git a/patches/ruby/r51722-SSLv3-180.patch b/patches/ruby/r51722-SSLv3-180.patch
new file mode 100644
index 0000000..59f148f
--- /dev/null
+++ b/patches/ruby/r51722-SSLv3-180.patch
@@ -0,0 +1,31 @@
+diff --git a/ext/openssl/extconf.rb b/ext/openssl/extconf.rb
+for Ruby 1.8.0 to 1.9.1
+--- a/ext/openssl/extconf.rb
++++ b/ext/openssl/extconf.rb
+@@ -104,6 +104,9 @@
+ have_func("SSLv2_method")
+ have_func("SSLv2_server_method")
+ have_func("SSLv2_client_method")
++have_func("SSLv3_method")
++have_func("SSLv3_server_method")
++have_func("SSLv3_client_method")
+ if try_cpp("#define FOO(a, ...) foo(a, ##__VA_ARGS__)\n int x(){FOO(1,2);}\n")
+   $defs.push("-DHAVE_VA_ARGS_MACRO")
+ end
+diff --git a/ext/openssl/ossl_ssl.c b/ext/openssl/ossl_ssl.c
+index f7cb7f0..47111f6 100644
+--- a/ext/openssl/ossl_ssl.c
++++ b/ext/openssl/ossl_ssl.c
+@@ -109,9 +109,12 @@ static const struct {
+     OSSL_SSL_METHOD_ENTRY(SSLv2_server),
+     OSSL_SSL_METHOD_ENTRY(SSLv2_client),
+ #endif
++#if defined(HAVE_SSLV3_METHOD) && defined(HAVE_SSLV3_SERVER_METHOD) && \
++        defined(HAVE_SSLV3_CLIENT_METHOD)
+     OSSL_SSL_METHOD_ENTRY(SSLv3),
+     OSSL_SSL_METHOD_ENTRY(SSLv3_server),
+     OSSL_SSL_METHOD_ENTRY(SSLv3_client),
++#endif
+     OSSL_SSL_METHOD_ENTRY(SSLv23),
+     OSSL_SSL_METHOD_ENTRY(SSLv23_server),
+     OSSL_SSL_METHOD_ENTRY(SSLv23_client),
diff --git a/patches/ruby/r51722-SSLv3-181.patch b/patches/ruby/r51722-SSLv3-181.patch
new file mode 100644
index 0000000..268740c
--- /dev/null
+++ b/patches/ruby/r51722-SSLv3-181.patch
@@ -0,0 +1,31 @@
+diff --git a/ext/openssl/extconf.rb b/ext/openssl/extconf.rb
+for Ruby 1.8.0 to 1.9.1
+--- a/ext/openssl/extconf.rb
++++ b/ext/openssl/extconf.rb
+@@ -104,6 +104,9 @@
+ have_func("SSLv2_method")
+ have_func("SSLv2_server_method")
+ have_func("SSLv2_client_method")
++have_func("SSLv3_method")
++have_func("SSLv3_server_method")
++have_func("SSLv3_client_method")
+ if try_compile("#define FOO(a, ...) foo(a, ##__VA_ARGS__)\n int x(){FOO(1);FOO(1,2);FOO(1,2,3);}\n")
+   $defs.push("-DHAVE_VA_ARGS_MACRO")
+ end
+diff --git a/ext/openssl/ossl_ssl.c b/ext/openssl/ossl_ssl.c
+index f7cb7f0..47111f6 100644
+--- a/ext/openssl/ossl_ssl.c
++++ b/ext/openssl/ossl_ssl.c
+@@ -109,9 +109,12 @@ static const struct {
+     OSSL_SSL_METHOD_ENTRY(SSLv2_server),
+     OSSL_SSL_METHOD_ENTRY(SSLv2_client),
+ #endif
++#if defined(HAVE_SSLV3_METHOD) && defined(HAVE_SSLV3_SERVER_METHOD) && \
++        defined(HAVE_SSLV3_CLIENT_METHOD)
+     OSSL_SSL_METHOD_ENTRY(SSLv3),
+     OSSL_SSL_METHOD_ENTRY(SSLv3_server),
+     OSSL_SSL_METHOD_ENTRY(SSLv3_client),
++#endif
+     OSSL_SSL_METHOD_ENTRY(SSLv23),
+     OSSL_SSL_METHOD_ENTRY(SSLv23_server),
+     OSSL_SSL_METHOD_ENTRY(SSLv23_client),
diff --git a/patches/ruby/r51722-SSLv3-192.patch b/patches/ruby/r51722-SSLv3-192.patch
new file mode 100644
index 0000000..e96ea2f
--- /dev/null
+++ b/patches/ruby/r51722-SSLv3-192.patch
@@ -0,0 +1,31 @@
+diff --git a/ext/openssl/extconf.rb b/ext/openssl/extconf.rb
+for Ruby 1.9.2 / 1.9.3
+--- a/ext/openssl/extconf.rb
++++ b/ext/openssl/extconf.rb
+@@ -104,6 +104,9 @@
+ have_func("SSLv2_method")
+ have_func("SSLv2_server_method")
+ have_func("SSLv2_client_method")
++have_func("SSLv3_method")
++have_func("SSLv3_server_method")
++have_func("SSLv3_client_method")
+ unless have_func("SSL_set_tlsext_host_name", ['openssl/ssl.h'])
+ 	have_macro("SSL_set_tlsext_host_name", ['openssl/ssl.h']) && $defs.push("-DHAVE_SSL_SET_TLSEXT_HOST_NAME")
+ end
+diff --git a/ext/openssl/ossl_ssl.c b/ext/openssl/ossl_ssl.c
+index f7cb7f0..47111f6 100644
+--- a/ext/openssl/ossl_ssl.c
++++ b/ext/openssl/ossl_ssl.c
+@@ -109,9 +109,12 @@ static const struct {
+     OSSL_SSL_METHOD_ENTRY(SSLv2_server),
+     OSSL_SSL_METHOD_ENTRY(SSLv2_client),
+ #endif
++#if defined(HAVE_SSLV3_METHOD) && defined(HAVE_SSLV3_SERVER_METHOD) && \
++        defined(HAVE_SSLV3_CLIENT_METHOD)
+     OSSL_SSL_METHOD_ENTRY(SSLv3),
+     OSSL_SSL_METHOD_ENTRY(SSLv3_server),
+     OSSL_SSL_METHOD_ENTRY(SSLv3_client),
++#endif
+     OSSL_SSL_METHOD_ENTRY(SSLv23),
+     OSSL_SSL_METHOD_ENTRY(SSLv23_server),
+     OSSL_SSL_METHOD_ENTRY(SSLv23_client),
diff --git a/patches/ruby/r51722-SSLv3-200.patch b/patches/ruby/r51722-SSLv3-200.patch
new file mode 100644
index 0000000..53a9cd7
--- /dev/null
+++ b/patches/ruby/r51722-SSLv3-200.patch
@@ -0,0 +1,31 @@
+diff --git a/ext/openssl/extconf.rb b/ext/openssl/extconf.rb
+for Ruby 2.0.0 / 2.1 / 2.2
+--- a/ext/openssl/extconf.rb
++++ b/ext/openssl/extconf.rb
+@@ -104,6 +104,9 @@
+ have_func("SSLv2_method")
+ have_func("SSLv2_server_method")
+ have_func("SSLv2_client_method")
++have_func("SSLv3_method")
++have_func("SSLv3_server_method")
++have_func("SSLv3_client_method")
+ have_func("TLSv1_1_method")
+ have_func("TLSv1_1_server_method")
+ have_func("TLSv1_1_client_method")
+diff --git a/ext/openssl/ossl_ssl.c b/ext/openssl/ossl_ssl.c
+index f7cb7f0..47111f6 100644
+--- a/ext/openssl/ossl_ssl.c
++++ b/ext/openssl/ossl_ssl.c
+@@ -109,9 +109,12 @@ static const struct {
+     OSSL_SSL_METHOD_ENTRY(SSLv2_server),
+     OSSL_SSL_METHOD_ENTRY(SSLv2_client),
+ #endif
++#if defined(HAVE_SSLV3_METHOD) && defined(HAVE_SSLV3_SERVER_METHOD) && \
++        defined(HAVE_SSLV3_CLIENT_METHOD)
+     OSSL_SSL_METHOD_ENTRY(SSLv3),
+     OSSL_SSL_METHOD_ENTRY(SSLv3_server),
+     OSSL_SSL_METHOD_ENTRY(SSLv3_client),
++#endif
+     OSSL_SSL_METHOD_ENTRY(SSLv23),
+     OSSL_SSL_METHOD_ENTRY(SSLv23_server),
+     OSSL_SSL_METHOD_ENTRY(SSLv23_client),
diff --git a/patches/ruby/r51722-SSLv3.patch b/patches/ruby/r51722-SSLv3.patch
deleted file mode 100644
index c5d70be..0000000
--- a/patches/ruby/r51722-SSLv3.patch
+++ /dev/null
@@ -1,59 +0,0 @@
-diff --git a/ext/openssl/extconf.rb b/ext/openssl/extconf.rb
-index 8c04cb5..132d803 100644
---- a/ext/openssl/extconf.rb
-+++ b/ext/openssl/extconf.rb
-@@ -104,6 +104,9 @@
- have_func("SSLv2_method")
- have_func("SSLv2_server_method")
- have_func("SSLv2_client_method")
-+have_func("SSLv3_method")
-+have_func("SSLv3_server_method")
-+have_func("SSLv3_client_method")
- if try_compile("#define FOO(a, ...) foo(a, ##__VA_ARGS__)\n int x(){FOO(1);FOO(1,2);FOO(1,2,3);}\n")
-   $defs.push("-DHAVE_VA_ARGS_MACRO")
- end
-diff --git a/ext/openssl/extconf.rb b/ext/openssl/extconf.rb
-index 8c04cb5..132d803 100644
---- a/ext/openssl/extconf.rb
-+++ b/ext/openssl/extconf.rb
-@@ -104,6 +104,9 @@
- have_func("SSLv2_method")
- have_func("SSLv2_server_method")
- have_func("SSLv2_client_method")
-+have_func("SSLv3_method")
-+have_func("SSLv3_server_method")
-+have_func("SSLv3_client_method")
- unless have_func("SSL_set_tlsext_host_name", ['openssl/ssl.h'])
- 	have_macro("SSL_set_tlsext_host_name", ['openssl/ssl.h']) && $defs.push("-DHAVE_SSL_SET_TLSEXT_HOST_NAME")
- end
-diff --git a/ext/openssl/extconf.rb b/ext/openssl/extconf.rb
-index 8c04cb5..132d803 100644
---- a/ext/openssl/extconf.rb
-+++ b/ext/openssl/extconf.rb
-@@ -104,6 +104,9 @@
- have_func("SSLv2_method")
- have_func("SSLv2_server_method")
- have_func("SSLv2_client_method")
-+have_func("SSLv3_method")
-+have_func("SSLv3_server_method")
-+have_func("SSLv3_client_method")
- have_func("TLSv1_1_method")
- have_func("TLSv1_1_server_method")
- have_func("TLSv1_1_client_method")
-diff --git a/ext/openssl/ossl_ssl.c b/ext/openssl/ossl_ssl.c
-index f7cb7f0..47111f6 100644
---- a/ext/openssl/ossl_ssl.c
-+++ b/ext/openssl/ossl_ssl.c
-@@ -109,9 +109,12 @@ static const struct {
-     OSSL_SSL_METHOD_ENTRY(SSLv2_server),
-     OSSL_SSL_METHOD_ENTRY(SSLv2_client),
- #endif
-+#if defined(HAVE_SSLV3_METHOD) && defined(HAVE_SSLV3_SERVER_METHOD) && \
-+        defined(HAVE_SSLV3_CLIENT_METHOD)
-     OSSL_SSL_METHOD_ENTRY(SSLv3),
-     OSSL_SSL_METHOD_ENTRY(SSLv3_server),
-     OSSL_SSL_METHOD_ENTRY(SSLv3_client),
-+#endif
-     OSSL_SSL_METHOD_ENTRY(SSLv23),
-     OSSL_SSL_METHOD_ENTRY(SSLv23_server),
-     OSSL_SSL_METHOD_ENTRY(SSLv23_client),
-- 
cgit v1.2.3