READ BELOW BEFORE DELETING THIS PATCH
Fix based on changes from upstream Ruby 2.2.3 trunk:
https://github.com/ruby/ruby/commit/801e1fe46d83c856844ba18ae4751478c59af0d1#diff-86486e0194e938f8d5bc4f00dce7d99a
to fix issue 11376 Stop using SSLv3 methods:
However, we do not include changes to extconf.rb that check for
the SSLv3_* methods and set the HAVE_SSLV3*METHOD macros.
In openssl on Solaris these methods are defined
as stub functions, and we need to keep those macros undefined.
If these upstream changes get into a updated version of Ruby 2.1.x,
we'll need to comment out or remove the SSLv3_*method checks
--- ruby-2.1.6-orig/ext/openssl/ossl_ssl.c 2014-01-26 23:47:11.000000000 -0800
+++ ruby-2.1.6/ext/openssl/ossl_ssl.c 2015-10-06 13:31:34.347725117 -0700
@@ -134,9 +134,12 @@ struct {
OSSL_SSL_METHOD_ENTRY(SSLv2_server),
OSSL_SSL_METHOD_ENTRY(SSLv2_client),
#endif
+#if defined(HAVE_SSLV3_METHOD) && defined(HAVE_SSLV3_SERVER_METHOD) && \
+defined(HAVE_SSLV3_CLIENT_METHOD)
OSSL_SSL_METHOD_ENTRY(SSLv3),
OSSL_SSL_METHOD_ENTRY(SSLv3_server),
OSSL_SSL_METHOD_ENTRY(SSLv3_client),
+#endif
OSSL_SSL_METHOD_ENTRY(SSLv23),
OSSL_SSL_METHOD_ENTRY(SSLv23_server),
OSSL_SSL_METHOD_ENTRY(SSLv23_client),
--- ruby-2.1.6-orig/test/openssl/test_ssl.rb 2015-04-13 06:20:40.000000000 -0700
+++ ruby-2.1.6/test/openssl/test_ssl.rb 2015-10-06 13:33:35.995186798 -0700
@@ -609,7 +609,7 @@ class OpenSSL::TestSSL < OpenSSL::SSLTes
# that has been marked as forbidden, therefore either of these may be raised
HANDSHAKE_ERRORS = [OpenSSL::SSL::SSLError, Errno::ECONNRESET]
-if OpenSSL::SSL::SSLContext::METHODS.include? :TLSv1
+if OpenSSL::SSL::SSLContext::METHODS.include? :TLSv1 && OpenSSL::SSL::SSLContext::METHODS.include?(:SSLv3)
def test_forbid_ssl_v3_for_client
ctx_proc = Proc.new { |ctx| ctx.options = OpenSSL::SSL::OP_ALL | OpenSSL::SSL::OP_NO_SSLv3 }