* Make Ruby's OpenSSL library compatible with OpenSSL 1.0.0 and later,

focusing to PR pkg/41829.
* Add comments to patches.

Bump PKGREVISION.

lang/ruby18-base/Makefile

@@ -1,11 +1,11 @@
-# $NetBSD: Makefile,v 1.51 2009/08/04 19:47:16 hasso Exp $
+# $NetBSD: Makefile,v 1.52 2009/08/11 14:26:58 taca Exp $
 #
 
 DISTNAME=	${RUBY_DISTNAME}
 PKGNAME=	${RUBY_PKGPREFIX}-base-${RUBY_VERSION_SUFFIX}
 CATEGORIES=	lang ruby
 MASTER_SITES=	${MASTER_SITE_RUBY}
-PKGREVISION=	1
+PKGREVISION=	2
 
 MAINTAINER=	taca@NetBSD.org
 HOMEPAGE=	${RUBY_HOMEPAGE}
@@ -28,7 +28,7 @@ TEST_TARGET=	test
 CONFIGURE_ARGS+= --enable-shared \
 		--with-ssl-include="${BUILDLINK_PREFIX.openssl}/include" \
 		--with-ssl-lib="${BUILDLINK_PREFIX.openssl}/lib"
-CONFIGURE_ENV+=		PREFIX=${PREFIX:Q}
+CONFIGURE_ENV+=		PREFIX=${PREFIX}
 WRKSRC=		${RUBY_WRKSRC}
 
 .include "../../mk/compiler.mk"

lang/ruby18-base/distinfo

@@ -1,8 +1,23 @@
-$NetBSD: distinfo,v 1.39 2009/06/16 15:08:38 taca Exp $
+$NetBSD: distinfo,v 1.40 2009/08/11 14:26:58 taca Exp $
 
 SHA1 (ruby-1.8.7-p174.tar.bz2) = 9e84b49ad545ad54b8e7dc3c227eaaefeb1041aa
 RMD160 (ruby-1.8.7-p174.tar.bz2) = f854d456003af1e31d50330c88c3cb152c434249
 Size (ruby-1.8.7-p174.tar.bz2) = 4144807 bytes
-SHA1 (patch-aa) = 59f4462dada7e7b00c7a773c8a95454f3dc4f994
-SHA1 (patch-ab) = 239872c5faf95c05d2a94fe5f40af5b8541423c7
-SHA1 (patch-ac) = eb4dd068729ba2a2c7d4d659f6bcdb1410227f3b
+SHA1 (patch-aa) = 88e4a338c4ca40b32f9e3748eb825769631c3e76
+SHA1 (patch-ab) = 93a3dc95ee5e5cd6c7584240a285fa39b6f21efd
+SHA1 (patch-ac) = 77c3ba81bb65d13475bf7ea64328fbc35fe788bf
+SHA1 (patch-bd) = fb1a6a6724210c2fd84464d028932e78890ad7da
+SHA1 (patch-be) = 79cd592267068820fa2225242034819ba38aa0b1
+SHA1 (patch-dj) = 436c3c0704b878427d947b2e27e5ce0a057eebeb
+SHA1 (patch-dk) = 2d436ac4089aa7d818b337de81f405fc5836c9af
+SHA1 (patch-dl) = 687803dc966594479467fc4b5e7bd45e767daa2b
+SHA1 (patch-dm) = ab3063fecee241420a66d5d6f4ef8bf37440e70d
+SHA1 (patch-dn) = f63e0cb7dbd86b4a2c022156fddd22c1ccdd5666
+SHA1 (patch-do) = f9eda9e784da02dff203fd47e8f1ee6871a6a9d4
+SHA1 (patch-dp) = 0b50909072159937c62944a38763fd18ce3181db
+SHA1 (patch-dq) = f5a605c49afb29b2c3963a82d844ff4cdf3a8846
+SHA1 (patch-dr) = e0fa1dc8674c6412d73bc4ccd2cfc8b4acad744a
+SHA1 (patch-ds) = 5344a63980b88d83e279cee50398312b90d5c2da
+SHA1 (patch-dt) = 3dd34a91cbffcb8e432d926c9490372f238e7f2e
+SHA1 (patch-du) = 55f021e2eb780743e35ecf70141f7738b04f4b62
+SHA1 (patch-dv) = 25e779444c16717c7aaf800ebf68988878ed636f

lang/ruby18-base/patches/patch-aa

@@ -1,4 +1,6 @@
-$NetBSD: patch-aa,v 1.12 2008/06/20 15:39:29 taca Exp $
+$NetBSD: patch-aa,v 1.13 2009/08/11 14:26:58 taca Exp $
+
+* Adding Interix support.
 
 --- configure.in.orig	2008-06-09 03:23:46.000000000 +0900
 +++ configure.in

lang/ruby18-base/patches/patch-ab

@@ -1,4 +1,6 @@
-$NetBSD: patch-ab,v 1.12 2008/06/20 15:39:29 taca Exp $
+$NetBSD: patch-ab,v 1.13 2009/08/11 14:26:58 taca Exp $
+
+* Adding Interix support.
 
 --- configure.orig	2008-06-09 18:38:04.000000000 +0900
 +++ configure

lang/ruby18-base/patches/patch-ac

@@ -1,4 +1,6 @@
-$NetBSD: patch-ac,v 1.6 2007/10/28 02:33:24 taca Exp $
+$NetBSD: patch-ac,v 1.7 2009/08/11 14:26:58 taca Exp $
+
+* Accept db3 or db4 as include/library.
 
 --- ext/dbm/extconf.rb.orig	2007-02-13 08:01:19.000000000 +0900
 +++ ext/dbm/extconf.rb

lang/ruby18-base/patches/patch-bd

@@ -0,0 +1,33 @@
+$NetBSD: patch-bd,v 1.3 2009/08/11 14:26:58 taca Exp $
+
+* Use modern OpenSSL API to catch up OpenSSL 1.0.0 and later.
+
+--- ext/openssl/ossl.c.orig	2007-06-09 00:02:04.000000000 +0900
++++ ext/openssl/ossl.c
+@@ -92,7 +92,7 @@ ossl_x509_ary2sk(VALUE ary)
+ 
+ #define OSSL_IMPL_SK2ARY(name, type)	        \
+ VALUE						\
+-ossl_##name##_sk2ary(STACK *sk)			\
++ossl_##name##_sk2ary(STACK_OF(type) *sk)	\
+ {						\
+     type *t;					\
+     int i, num;					\
+@@ -102,7 +102,7 @@ ossl_##name##_sk2ary(STACK *sk)			\
+ 	OSSL_Debug("empty sk!");		\
+ 	return Qnil;				\
+     }						\
+-    num = sk_num(sk);				\
++    num = sk_##type##_num(sk);			\
+     if (num < 0) {				\
+ 	OSSL_Debug("items in sk < -1???");	\
+ 	return rb_ary_new();			\
+@@ -110,7 +110,7 @@ ossl_##name##_sk2ary(STACK *sk)			\
+     ary = rb_ary_new2(num);			\
+ 						\
+     for (i=0; i<num; i++) {			\
+-	t = (type *)sk_value(sk, i);		\
++	t = sk_##type##_value(sk, i);		\
+ 	rb_ary_push(ary, ossl_##name##_new(t));	\
+     }						\
+     return ary;					\

lang/ruby18-base/patches/patch-be

@@ -0,0 +1,24 @@
+$NetBSD: patch-be,v 1.3 2009/08/11 14:26:58 taca Exp $
+
+* Constify.
+
+--- ext/openssl/ossl_cipher.c.orig	2007-06-09 00:02:04.000000000 +0900
++++ ext/openssl/ossl_cipher.c
+@@ -186,7 +186,7 @@ ossl_cipher_init(int argc, VALUE *argv, 
+ 	 * We deprecated the arguments for this method, but we decided
+ 	 * keeping this behaviour for backward compatibility.
+ 	 */
+-	char *cname  = rb_class2name(rb_obj_class(self));
++	const char *cname  = rb_class2name(rb_obj_class(self));
+ 	rb_warn("argumtents for %s#encrypt and %s#decrypt were deprecated; "
+                 "use %s#pkcs5_keyivgen to derive key and IV",
+                 cname, cname, cname);
+@@ -307,7 +307,7 @@ ossl_cipher_pkcs5_keyivgen(int argc, VAL
+ static VALUE
+ ossl_cipher_update_deprecated(VALUE self, VALUE data)
+ {
+-    char *cname;
++    const char *cname;
+ 
+     cname = rb_class2name(rb_obj_class(self));
+     rb_warning("%s#<< is deprecated; use %s#update instead", cname, cname);

lang/ruby18-base/patches/patch-dj

@@ -0,0 +1,24 @@
+$NetBSD: patch-dj,v 1.4 2009/08/11 14:26:58 taca Exp $
+
+* Constify.
+
+--- ext/openssl/ossl_ocsp.c.orig	2009-03-09 20:59:27.000000000 +0900
++++ ext/openssl/ossl_ocsp.c
+@@ -103,7 +103,7 @@ static VALUE
+ ossl_ocspreq_initialize(int argc, VALUE *argv, VALUE self)
+ {
+     VALUE arg;
+-    unsigned char *p;
++    const unsigned char *p;
+ 
+     rb_scan_args(argc, argv, "01", &arg);
+     if(!NIL_P(arg)){
+@@ -310,7 +310,7 @@ static VALUE
+ ossl_ocspres_initialize(int argc, VALUE *argv, VALUE self)
+ {
+     VALUE arg;
+-    unsigned char *p;
++    const unsigned char *p;
+ 
+     rb_scan_args(argc, argv, "01", &arg);
+     if(!NIL_P(arg)){

lang/ruby18-base/patches/patch-dk

@@ -0,0 +1,68 @@
+$NetBSD: patch-dk,v 1.1 2009/08/11 14:26:58 taca Exp $
+
+* Decrease warning from Ruby's repositry.
+
+--- ext/openssl/openssl_missing.h.orig	2008-08-04 13:44:17.000000000 +0900
++++ ext/openssl/openssl_missing.h
+@@ -18,6 +18,9 @@ extern "C" {
+ #ifndef TYPEDEF_D2I_OF
+ typedef char *d2i_of_void();
+ #endif
++#ifndef TYPEDEF_I2D_OF
++typedef int i2d_of_void();
++#endif
+ 
+ /*
+  * These functions are not included in headers of OPENSSL <= 0.9.6b
+@@ -25,39 +28,39 @@ typedef char *d2i_of_void();
+ 
+ #if !defined(PEM_read_bio_DSAPublicKey)
+ # define PEM_read_bio_DSAPublicKey(bp,x,cb,u) (DSA *)PEM_ASN1_read_bio( \
+-        (char *(*)())d2i_DSAPublicKey,PEM_STRING_DSA_PUBLIC,bp,(char **)x,cb,u)
++        (d2i_of_void *)d2i_DSAPublicKey,PEM_STRING_DSA_PUBLIC,bp,x,cb,u)
+ #endif
+ 
+ #if !defined(PEM_write_bio_DSAPublicKey)
+ # define PEM_write_bio_DSAPublicKey(bp,x) \
+-	PEM_ASN1_write_bio((int (*)())i2d_DSAPublicKey,\
++	PEM_ASN1_write_bio((i2d_of_void *)i2d_DSAPublicKey,\
+ 		PEM_STRING_DSA_PUBLIC,\
+ 		bp,(char *)x, NULL, NULL, 0, NULL, NULL)
+ #endif
+ 
+ #if !defined(DSAPrivateKey_dup)
+-# define DSAPrivateKey_dup(dsa) (DSA *)ASN1_dup((int (*)())i2d_DSAPrivateKey, \
+-	(char *(*)())d2i_DSAPrivateKey,(char *)dsa)
++# define DSAPrivateKey_dup(dsa) (DSA *)ASN1_dup((i2d_of_void *)i2d_DSAPrivateKey, \
++	(d2i_of_void *)d2i_DSAPrivateKey,(char *)dsa)
+ #endif
+ 
+ #if !defined(DSAPublicKey_dup)
+-# define DSAPublicKey_dup(dsa) (DSA *)ASN1_dup((int (*)())i2d_DSAPublicKey, \
+-	(char *(*)())d2i_DSAPublicKey,(char *)dsa)
++# define DSAPublicKey_dup(dsa) (DSA *)ASN1_dup((i2d_of_void *)i2d_DSAPublicKey, \
++	(d2i_of_void *)d2i_DSAPublicKey,(char *)dsa)
+ #endif
+ 
+ #if !defined(X509_REVOKED_dup)
+-# define X509_REVOKED_dup(rev) (X509_REVOKED *)ASN1_dup((int (*)())i2d_X509_REVOKED, \
+-	(char *(*)())d2i_X509_REVOKED, (char *)rev)
++# define X509_REVOKED_dup(rev) (X509_REVOKED *)ASN1_dup((i2d_of_void *)i2d_X509_REVOKED, \
++	(d2i_of_void *)d2i_X509_REVOKED, (char *)rev)
+ #endif
+ 
+ #if !defined(PKCS7_SIGNER_INFO_dup)
+-#  define PKCS7_SIGNER_INFO_dup(si) (PKCS7_SIGNER_INFO *)ASN1_dup((int (*)())i2d_PKCS7_SIGNER_INFO, \
+-	(char *(*)())d2i_PKCS7_SIGNER_INFO, (char *)si)
++#  define PKCS7_SIGNER_INFO_dup(si) (PKCS7_SIGNER_INFO *)ASN1_dup((i2d_of_void *)i2d_PKCS7_SIGNER_INFO, \
++	(d2i_of_void *)d2i_PKCS7_SIGNER_INFO, (char *)si)
+ #endif
+ 
+ #if !defined(PKCS7_RECIP_INFO_dup)
+-#  define PKCS7_RECIP_INFO_dup(ri) (PKCS7_RECIP_INFO *)ASN1_dup((int (*)())i2d_PKCS7_RECIP_INFO, \
+-	(char *(*)())d2i_PKCS7_RECIP_INFO, (char *)ri)
++#  define PKCS7_RECIP_INFO_dup(ri) (PKCS7_RECIP_INFO *)ASN1_dup((i2d_of_void *)i2d_PKCS7_RECIP_INFO, \
++	(d2i_of_void *)d2i_PKCS7_RECIP_INFO, (char *)ri)
+ #endif
+ 
+ #if !defined(HAVE_EVP_MD_CTX_INIT)

lang/ruby18-base/patches/patch-dl

@@ -0,0 +1,139 @@
+$NetBSD: patch-dl,v 1.1 2009/08/11 14:26:58 taca Exp $
+
+* Constify.
+
+--- ext/openssl/ossl_asn1.c.orig	2007-06-09 00:02:04.000000000 +0900
++++ ext/openssl/ossl_asn1.c
+@@ -304,10 +304,10 @@ obj_to_asn1derstr(VALUE obj)
+  * DER to Ruby converters
+  */
+ static VALUE
+-decode_bool(unsigned char* der, int length)
++decode_bool(const unsigned char* der, int length)
+ {
+     int bool;
+-    unsigned char *p;
++    const unsigned char *p;
+ 
+     p = der;
+     if((bool = d2i_ASN1_BOOLEAN(NULL, &p, length)) < 0)
+@@ -317,10 +317,10 @@ decode_bool(unsigned char* der, int leng
+ }
+ 
+ static VALUE
+-decode_int(unsigned char* der, int length)
++decode_int(const unsigned char* der, int length)
+ {
+     ASN1_INTEGER *ai;
+-    unsigned char *p;
++    const unsigned char *p;
+     VALUE ret; 
+     int status = 0;
+ 
+@@ -336,10 +336,11 @@ decode_int(unsigned char* der, int lengt
+ }
+ 
+ static VALUE
+-decode_bstr(unsigned char* der, int length, long *unused_bits)
++decode_bstr(const unsigned char* der, int length, long *unused_bits)
+ {
+     ASN1_BIT_STRING *bstr;
+-    unsigned char *p, *buf;
++    const unsigned char *p;
++    unsigned char *buf;
+     long len;
+     VALUE ret;
+ 
+@@ -362,10 +363,10 @@ decode_bstr(unsigned char* der, int leng
+ }
+ 
+ static VALUE
+-decode_enum(unsigned char* der, int length)
++decode_enum(const unsigned char* der, int length)
+ {
+     ASN1_ENUMERATED *ai;
+-    unsigned char *p;
++    const unsigned char *p;
+     VALUE ret; 
+     int status = 0;
+ 
+@@ -381,10 +382,10 @@ decode_enum(unsigned char* der, int leng
+ }
+ 
+ static VALUE
+-decode_null(unsigned char* der, int length)
++decode_null(const unsigned char* der, int length)
+ {
+     ASN1_NULL *null;
+-    unsigned char *p;
++    const unsigned char *p;
+ 
+     p = der;
+     if(!(null = d2i_ASN1_NULL(NULL, &p, length)))
+@@ -395,10 +396,10 @@ decode_null(unsigned char* der, int leng
+ }
+ 
+ static VALUE
+-decode_obj(unsigned char* der, int length)
++decode_obj(const unsigned char* der, int length)
+ {
+     ASN1_OBJECT *obj;
+-    unsigned char *p;
++    const unsigned char *p;
+     VALUE ret;
+     int nid;
+     BIO *bio;
+@@ -424,10 +425,10 @@ decode_obj(unsigned char* der, int lengt
+ }
+ 
+ static VALUE
+-decode_time(unsigned char* der, int length)
++decode_time(const unsigned char* der, int length)
+ {
+     ASN1_TIME *time;
+-    unsigned char *p;
++    const unsigned char *p;
+     VALUE ret;
+     int status = 0;
+ 
+@@ -712,10 +713,10 @@ ossl_asn1data_to_der(VALUE self)
+ }
+ 
+ static VALUE
+-ossl_asn1_decode0(unsigned char **pp, long length, long *offset, long depth,
+-		  int once, int yield)
++ossl_asn1_decode0(const unsigned char **pp, long length, long *offset,
++		  long depth, int once, int yield)
+ {
+-    unsigned char *start, *p;
++    const unsigned char *p, *start;
+     long len, off = *offset;
+     int hlen, tag, tc, j;
+     VALUE ary, asn1data, value, tag_class;
+@@ -818,7 +819,7 @@ ossl_asn1_decode0(unsigned char **pp, lo
+ static VALUE
+ ossl_asn1_traverse(VALUE self, VALUE obj)
+ {
+-    unsigned char *p;
++    const unsigned char *p;
+     long offset = 0;
+     volatile VALUE tmp;
+ 
+@@ -834,7 +835,7 @@ static VALUE
+ ossl_asn1_decode(VALUE self, VALUE obj)
+ {
+     VALUE ret, ary;
+-    unsigned char *p;
++    const unsigned char *p;
+     long offset = 0;
+     volatile VALUE tmp;
+ 
+@@ -851,7 +852,7 @@ static VALUE
+ ossl_asn1_decode_all(VALUE self, VALUE obj)
+ {
+     VALUE ret;
+-    unsigned char *p;
++    const unsigned char *p;
+     long offset = 0;
+     volatile VALUE tmp;
+ 

lang/ruby18-base/patches/patch-dm

@@ -0,0 +1,116 @@
+$NetBSD: patch-dm,v 1.1 2009/08/11 14:26:58 taca Exp $
+
+* Take care for API of OpenSSL 1.0.0 and later.
+* Constify.
+
+--- ext/openssl/ossl_config.c.orig	2007-07-20 15:22:54.000000000 +0900
++++ ext/openssl/ossl_config.c
+@@ -294,8 +294,17 @@ ossl_config_get_section_old(VALUE self, 
+ 
+ #ifdef IMPLEMENT_LHASH_DOALL_ARG_FN
+ static void
+-get_conf_section(CONF_VALUE *cv, VALUE ary)
++#if OPENSSL_VERSION_NUMBER >= 0x10000000L
++get_conf_section_doall_arg(void *arg1, void *arg2)
++#else
++get_conf_section(void *arg1, void *arg2)
++#endif
+ {
++    CONF_VALUE *cv;
++    VALUE ary;
++
++    cv = arg1;
++    ary = (VALUE)arg2;
+     if(cv->name) return;
+     rb_ary_push(ary, rb_str_new2(cv->section));
+ }
+@@ -310,19 +319,31 @@ ossl_config_get_sections(VALUE self)
+ 
+     GetConfig(self, conf);
+     ary = rb_ary_new();
++#if OPENSSL_VERSION_NUMBER >= 0x10000000L
++    LHM_lh_doall_arg(CONF_VALUE, conf->data,
++		     LHASH_DOALL_ARG_FN(get_conf_section), void, (void*)ary);
++#else
+     lh_doall_arg(conf->data, LHASH_DOALL_ARG_FN(get_conf_section), (void*)ary);
++#endif
+ 
+     return ary;
+ }
+ 
+ static void
+-dump_conf_value(CONF_VALUE *cv, VALUE str)
++#if OPENSSL_VERSION_NUMBER >= 0x10000000L
++dump_conf_value_doall_arg(void *arg1, void *arg2)
++#else
++dump_conf_value(void *arg1, void *arg2)
++#endif
+ {
+     STACK_OF(CONF_VALUE) *sk;
+-    CONF_VALUE *v;
++    CONF_VALUE *cv, *v;
++    VALUE str;
+     int i, num;
+ 
++    cv = arg1;
+     if (cv->name) return;
++    str = (VALUE)arg2;
+     sk = (STACK_OF(CONF_VALUE)*)cv->value;
+     num = sk_CONF_VALUE_num(sk);
+     rb_str_cat2(str, "[ ");
+@@ -346,7 +367,12 @@ dump_conf(CONF *conf)
+     VALUE str;
+ 
+     str = rb_str_new(0, 0);
++#if OPENSSL_VERSION_NUMBER >= 0x10000000L
++    LHM_lh_doall_arg(CONF_VALUE, conf->data,
++		     LHASH_DOALL_ARG_FN(dump_conf_value), void, (void*)str);
++#else
+     lh_doall_arg(conf->data, LHASH_DOALL_ARG_FN(dump_conf_value), (void*)str);
++#endif
+ 
+     return str;
+ }
+@@ -362,13 +388,18 @@ ossl_config_to_s(VALUE self)
+ }
+ 
+ static void
+-each_conf_value(CONF_VALUE *cv, void* dummy)
++#if OPENSSL_VERSION_NUMBER >= 0x10000000L
++each_conf_value_doall_arg(void *arg1, void* dummy)
++#else
++each_conf_value(void *arg1, void* dummy)
++#endif
+ {
+     STACK_OF(CONF_VALUE) *sk;
+-    CONF_VALUE *v;
++    CONF_VALUE *cv, *v;
+     VALUE section, name, value, args;
+     int i, num;
+ 
++    cv = arg1;
+     if (cv->name) return;
+     sk = (STACK_OF(CONF_VALUE)*)cv->value;
+     num = sk_CONF_VALUE_num(sk);
+@@ -390,7 +421,12 @@ ossl_config_each(VALUE self)
+     CONF *conf;
+ 
+     GetConfig(self, conf);
++#if OPENSSL_VERSION_NUMBER >= 0x10000000L
++    LHM_lh_doall_arg(CONF_VALUE, conf->data,
++		     LHASH_DOALL_ARG_FN(each_conf_value), void, (void*)NULL);
++#else
+     lh_doall_arg(conf->data, LHASH_DOALL_ARG_FN(each_conf_value), (void*)NULL);
++#endif
+ 
+     return self;
+ }
+@@ -421,7 +457,7 @@ static VALUE
+ ossl_config_inspect(VALUE self)
+ {
+     VALUE str, ary = ossl_config_get_sections(self);
+-    char *cname = rb_class2name(rb_obj_class(self));
++    const char *cname = rb_class2name(rb_obj_class(self));
+ 
+     str = rb_str_new2("#<");
+     rb_str_cat2(str, cname);

lang/ruby18-base/patches/patch-dn

@@ -0,0 +1,15 @@
+$NetBSD: patch-dn,v 1.1 2009/08/11 14:26:59 taca Exp $
+
+* Constify.
+
+--- ext/openssl/ossl_engine.c.orig	2007-06-09 00:02:04.000000000 +0900
++++ ext/openssl/ossl_engine.c
+@@ -326,7 +326,7 @@ static VALUE
+ ossl_engine_inspect(VALUE self)
+ {
+     VALUE str;
+-    char *cname = rb_class2name(rb_obj_class(self));
++    const char *cname = rb_class2name(rb_obj_class(self));
+     
+     str = rb_str_new2("#<");
+     rb_str_cat2(str, cname);

lang/ruby18-base/patches/patch-do

@@ -0,0 +1,15 @@
+$NetBSD: patch-do,v 1.1 2009/08/11 14:26:59 taca Exp $
+
+* Constify.
+
+--- ext/openssl/ossl_ns_spki.c.orig	2007-06-09 00:02:04.000000000 +0900
++++ ext/openssl/ossl_ns_spki.c
+@@ -56,7 +56,7 @@ ossl_spki_initialize(int argc, VALUE *ar
+ {
+     NETSCAPE_SPKI *spki;
+     VALUE buffer;
+-    unsigned char *p;
++    const unsigned char *p;
+ 	
+     if (rb_scan_args(argc, argv, "01", &buffer) == 0) {
+ 	return self;

lang/ruby18-base/patches/patch-dp

@@ -0,0 +1,100 @@
+$NetBSD: patch-dp,v 1.1 2009/08/11 14:26:59 taca Exp $
+
+* Instead of returning different type of value thorugh generic type,
+  use separate functions for each type.
+
+--- ext/openssl/ossl_pkcs7.c.orig	2007-06-09 00:02:04.000000000 +0900
++++ ext/openssl/ossl_pkcs7.c
+@@ -570,12 +570,11 @@ ossl_pkcs7_add_certificate(VALUE self, V
+     return self;
+ }
+ 
+-static STACK *
+-pkcs7_get_certs_or_crls(VALUE self, int want_certs)
++static STACK_OF(X509) *
++pkcs7_get_certs(VALUE self)
+ {
+     PKCS7 *pkcs7;
+     STACK_OF(X509) *certs;
+-    STACK_OF(X509_CRL) *crls;
+     int i;
+ 
+     GetPKCS7(self, pkcs7);
+@@ -583,17 +582,38 @@ pkcs7_get_certs_or_crls(VALUE self, int 
+     switch(i){
+     case NID_pkcs7_signed:
+         certs = pkcs7->d.sign->cert;
+-        crls = pkcs7->d.sign->crl;
+         break;
+     case NID_pkcs7_signedAndEnveloped:
+         certs = pkcs7->d.signed_and_enveloped->cert;
++        break;
++    default:
++        certs = NULL;
++    }
++
++    return certs;
++}
++
++static STACK_OF(X509_CRL) *
++pkcs7_get_crls(VALUE self)
++{
++    PKCS7 *pkcs7;
++    STACK_OF(X509_CRL) *crls;
++    int i;
++
++    GetPKCS7(self, pkcs7);
++    i = OBJ_obj2nid(pkcs7->type);
++    switch(i){
++    case NID_pkcs7_signed:
++        crls = pkcs7->d.sign->crl;
++        break;
++    case NID_pkcs7_signedAndEnveloped:
+         crls = pkcs7->d.signed_and_enveloped->crl;
+         break;
+     default:
+-        certs = crls = NULL;
++        crls = NULL;
+     }
+ 
+-    return want_certs ? certs : crls;
++    return crls;
+ }
+ 
+ static VALUE
+@@ -608,7 +628,7 @@ ossl_pkcs7_set_certificates(VALUE self, 
+     STACK_OF(X509) *certs;
+     X509 *cert;
+ 
+-    certs = pkcs7_get_certs_or_crls(self, 1);
++    certs = pkcs7_get_certs(self);
+     while((cert = sk_X509_pop(certs))) X509_free(cert);
+     rb_block_call(ary, rb_intern("each"), 0, 0, ossl_pkcs7_set_certs_i, self);
+ 
+@@ -618,7 +638,7 @@ ossl_pkcs7_set_certificates(VALUE self, 
+ static VALUE
+ ossl_pkcs7_get_certificates(VALUE self)
+ {
+-    return ossl_x509_sk2ary(pkcs7_get_certs_or_crls(self, 1));
++    return ossl_x509_sk2ary(pkcs7_get_certs(self));
+ }
+ 
+ static VALUE
+@@ -648,7 +668,7 @@ ossl_pkcs7_set_crls(VALUE self, VALUE ar
+     STACK_OF(X509_CRL) *crls;
+     X509_CRL *crl;
+ 
+-    crls = pkcs7_get_certs_or_crls(self, 0);
++    crls = pkcs7_get_crls(self);
+     while((crl = sk_X509_CRL_pop(crls))) X509_CRL_free(crl);
+     rb_block_call(ary, rb_intern("each"), 0, 0, ossl_pkcs7_set_crls_i, self);
+ 
+@@ -658,7 +678,7 @@ ossl_pkcs7_set_crls(VALUE self, VALUE ar
+ static VALUE
+ ossl_pkcs7_get_crls(VALUE self)
+ {
+-    return ossl_x509crl_sk2ary(pkcs7_get_certs_or_crls(self, 0));
++    return ossl_x509crl_sk2ary(pkcs7_get_crls(self));
+ }
+ 
+ static VALUE

lang/ruby18-base/patches/patch-dq

@@ -0,0 +1,82 @@
+$NetBSD: patch-dq,v 1.1 2009/08/11 14:26:59 taca Exp $
+
+* Use modern OpenSSL API to catch up OpenSSL 1.0.0 and later.
+* Constify (some cases are depends on OpenSSL's version).
+
+--- ext/openssl/ossl_ssl.c.orig	2008-06-06 17:05:24.000000000 +0900
++++ ext/openssl/ossl_ssl.c
+@@ -26,6 +26,12 @@
+ #  define TO_SOCKET(s) s
+ #endif
+ 
++#if OPENSSL_VERSION_NUMBER >= 0x00909000L
++#define OSSL_CONST	const
++#else
++#define OSSL_CONST
++#endif
++
+ VALUE mSSL;
+ VALUE eSSLError;
+ VALUE cSSLContext;
+@@ -95,7 +101,7 @@ ID ID_callback_state;
+  */
+ struct {
+     const char *name;
+-    SSL_METHOD *(*func)(void);
++    OSSL_CONST SSL_METHOD *(*func)(void);
+ } ossl_ssl_method_tab[] = {
+ #define OSSL_SSL_METHOD_ENTRY(name) { #name, name##_method }
+     OSSL_SSL_METHOD_ENTRY(TLSv1),
+@@ -144,7 +150,7 @@ ossl_sslctx_s_alloc(VALUE klass)
+ static VALUE
+ ossl_sslctx_set_ssl_version(VALUE self, VALUE ssl_method)
+ {
+-    SSL_METHOD *method = NULL;
++    OSSL_CONST SSL_METHOD *method = NULL;
+     const char *s;
+     int i;
+ 
+@@ -585,7 +591,7 @@ ossl_sslctx_setup(VALUE self)
+ }
+ 
+ static VALUE
+-ossl_ssl_cipher_to_ary(SSL_CIPHER *cipher)
++ossl_ssl_cipher_to_ary(const SSL_CIPHER *cipher)
+ {
+     VALUE ary;
+     int bits, alg_bits;
+@@ -623,10 +629,10 @@ ossl_sslctx_get_ciphers(VALUE self)
+     if (!ciphers)
+         return rb_ary_new();
+ 
+-    num = sk_num((STACK*)ciphers);
++    num = sk_SSL_CIPHER_num(ciphers);
+     ary = rb_ary_new2(num);
+     for(i = 0; i < num; i++){
+-        cipher = (SSL_CIPHER*)sk_value((STACK*)ciphers, i);
++        cipher = sk_SSL_CIPHER_value(ciphers, i);
+         rb_ary_push(ary, ossl_ssl_cipher_to_ary(cipher));
+     }
+     return ary;
+@@ -1196,10 +1202,10 @@ ossl_ssl_get_peer_cert_chain(VALUE self)
+     }
+     chain = SSL_get_peer_cert_chain(ssl);
+     if(!chain) return Qnil;
+-    num = sk_num(chain);
++    num = sk_X509_num(chain);
+     ary = rb_ary_new2(num);
+     for (i = 0; i < num; i++){
+-	cert = (X509*)sk_value(chain, i);
++	cert = sk_X509_value(chain, i);
+ 	rb_ary_push(ary, ossl_x509_new(cert));
+     }
+ 
+@@ -1214,7 +1220,7 @@ static VALUE
+ ossl_ssl_get_cipher(VALUE self)
+ {
+     SSL *ssl;
+-    SSL_CIPHER *cipher;
++    const SSL_CIPHER *cipher;
+ 
+     Data_Get_Struct(self, SSL, ssl);
+     if (!ssl) {

lang/ruby18-base/patches/patch-dr

@@ -0,0 +1,15 @@
+$NetBSD: patch-dr,v 1.1 2009/08/11 14:26:59 taca Exp $
+
+* Constify.
+
+--- ext/openssl/ossl_x509attr.c.orig	2007-06-09 00:02:04.000000000 +0900
++++ ext/openssl/ossl_x509attr.c
+@@ -93,7 +93,7 @@ ossl_x509attr_initialize(int argc, VALUE
+ {
+     VALUE oid, value;
+     X509_ATTRIBUTE *attr;
+-    unsigned char *p;
++    const unsigned char *p;
+ 
+     GetX509Attr(self, attr);
+     if(rb_scan_args(argc, argv, "11", &oid, &value) == 1){

lang/ruby18-base/patches/patch-ds

@@ -0,0 +1,15 @@
+$NetBSD: patch-ds,v 1.1 2009/08/11 14:26:59 taca Exp $
+
+* Constify.
+
+--- ext/openssl/ossl_x509cert.c.orig	2007-06-09 00:02:04.000000000 +0900
++++ ext/openssl/ossl_x509cert.c
+@@ -690,7 +690,7 @@ static VALUE
+ ossl_x509_inspect(VALUE self)
+ {
+     VALUE str;
+-    char *cname = rb_class2name(rb_obj_class(self));
++    const char *cname = rb_class2name(rb_obj_class(self));
+ 
+     str = rb_str_new2("#<");
+     rb_str_cat2(str, cname);

lang/ruby18-base/patches/patch-dt

@@ -0,0 +1,24 @@
+$NetBSD: patch-dt,v 1.1 2009/08/11 14:26:59 taca Exp $
+
+* Use proper funcition assosiated type.
+
+--- ext/openssl/ossl_x509crl.c.orig	2007-06-09 00:02:04.000000000 +0900
++++ ext/openssl/ossl_x509crl.c
+@@ -262,7 +262,7 @@ ossl_x509crl_get_revoked(VALUE self)
+     VALUE ary, revoked;
+ 
+     GetX509CRL(self, crl);
+-    num = sk_X509_CRL_num(X509_CRL_get_REVOKED(crl));
++    num = sk_X509_REVOKED_num(X509_CRL_get_REVOKED(crl));
+     if (num < 0) {
+ 	OSSL_Debug("num < 0???");
+ 	return rb_ary_new();
+@@ -270,7 +270,7 @@ ossl_x509crl_get_revoked(VALUE self)
+     ary = rb_ary_new2(num);
+     for(i=0; i<num; i++) {
+ 	/* NO DUP - don't free! */
+-	rev = (X509_REVOKED *)sk_X509_CRL_value(X509_CRL_get_REVOKED(crl), i);
++	rev = sk_X509_REVOKED_value(X509_CRL_get_REVOKED(crl), i);
+ 	revoked = ossl_x509revoked_new(rev);
+ 	rb_ary_push(ary, revoked);
+     }

lang/ruby18-base/patches/patch-du

@@ -0,0 +1,15 @@
+$NetBSD: patch-du,v 1.1 2009/08/11 14:26:59 taca Exp $
+
+Constify.
+
+--- ext/openssl/ossl_x509ext.c.orig	2007-06-09 00:02:04.000000000 +0900
++++ ext/openssl/ossl_x509ext.c
+@@ -273,7 +273,7 @@ static VALUE
+ ossl_x509ext_initialize(int argc, VALUE *argv, VALUE self)
+ {
+     VALUE oid, value, critical;
+-    unsigned char *p;
++    const unsigned char *p;
+     X509_EXTENSION *ext;
+ 
+     GetX509Ext(self, ext);

lang/ruby18-base/patches/patch-dv

@@ -0,0 +1,15 @@
+$NetBSD: patch-dv,v 1.1 2009/08/11 14:26:59 taca Exp $
+
+Constify.
+
+--- ext/openssl/ossl_x509name.c.orig	2007-07-15 22:24:51.000000000 +0900
++++ ext/openssl/ossl_x509name.c
+@@ -135,7 +135,7 @@ ossl_x509name_initialize(int argc, VALUE
+ 	    rb_block_call(tmp, rb_intern("each"), 0, 0, ossl_x509name_init_i, args);
+ 	}
+ 	else{
+-	    unsigned char *p;
++	    const unsigned char *p;
+ 	    VALUE str = ossl_to_der_if_possible(arg);
+ 	    StringValue(str);
+ 	    p = RSTRING_PTR(str);