build(deps-dev): bump openssl from 3.3.2 to 4.0.1

[dependabot]

Bumps openssl from 3.3.2 to 4.0.1.

Release notes

Sourced from openssl's releases.

v4.0.1

What's Changed

• cipher: remove incorrect assertion in Cipher#update by @​rhenium in ruby/openssl#991
• Improve Argument Error Message in EC:Group.new by @​aguspe in ruby/openssl#992
• Fix test_cipher.rb in FIPS. by @​junaruga in ruby/openssl#994
• Fix test_digest.rb in FIPS. by @​junaruga in ruby/openssl#995
• Use assert_ruby_status if no assertion by @​hsbt in ruby/openssl#999
• CI: Upgrade LibreSSL versions by @​junaruga in ruby/openssl#998
• Add sync_close kwarg to SSLSocket.new by @​noteflakes in ruby/openssl#996
• ssl: refactor errno access by @​rhenium in ruby/openssl#980
• ssl: update tests for SSLContext#servername_cb callback by @​rhenium in ruby/openssl#1001
• Fix test_pkcs12.rb in FIPS. by @​junaruga in ruby/openssl#997
• ocsp: fix uninitialized variables in BasicResponse#status by @​swhitt in ruby/openssl#1004
• Ruby/OpenSSL 4.0.1 by @​rhenium in ruby/openssl#1006

New Contributors

• @​aguspe made their first contribution in ruby/openssl#992
• @​noteflakes made their first contribution in ruby/openssl#996
• @​swhitt made their first contribution in ruby/openssl#1004

Full Changelog: ruby/openssl@v4.0.0...v4.0.1

v4.0.0

A high-level overview is available in History.md: https://github.com/ruby/openssl/blob/master/History.md#version-400

Merged Pull Requests

• pkey: Use openssl generated pkcs8 key instead by @​samuel40791765 in ruby/openssl#830
• Various cleanups in pkey tests by @​rhenium in ruby/openssl#834
• Reduce OpenSSL::Buffering#do_write overhead by @​byroot in ruby/openssl#831
• Require LibreSSL 3.9 or later (Drop support for 3.1-3.8) by @​rhenium in ruby/openssl#836
• Require OpenSSL 1.1.0 or later (Drop support for 1.0.2) by @​rhenium in ruby/openssl#839
• Require OpenSSL 1.1.1 or later (Drop support for 1.1.0) by @​rhenium in ruby/openssl#841
• Use X509_ALGOR_get0() accessor for X509_ALGOR by @​botovq in ruby/openssl#687
• pkey: change PKey::{RSA,DSA,DH}#params to use nil for missing parameters by @​rhenium in ruby/openssl#774
• ts: use TS_VERIFY_CTX_set0_{store,certs}() on OpenSSL 3.4 by @​rhenium in ruby/openssl#842
• ssl: separate SSLContext#min_version= and #max_version= by @​rhenium in ruby/openssl#849
• pkey/ec: remove deprecated PKey::EC::Point#mul(ary, ary [, bn]) form by @​rhenium in ruby/openssl#843
• test_ssl.rb: Test respecting system default min. by @​junaruga in ruby/openssl#851
• Cleanups in SSL tests by @​rhenium in ruby/openssl#853
• Add build support for AWS-LC by @​samuel40791765 in ruby/openssl#852
• Avoid calling sk_*() with NULL by @​rhenium in ruby/openssl#854
• ssl: remove cert_store from start_server test helper by @​rhenium in ruby/openssl#858
• Patch and enable tests with AWS-LC by @​samuel40791765 in ruby/openssl#855
• Use ENV["TEST_RUBY_OPENSSL_FIPS_ENABLED"] instead of OpenSSL::OPENSSL_FIPS. by @​junaruga in ruby/openssl#862
• ssl: manually craft invalid SAN extensions in tests by @​rhenium in ruby/openssl#861
• digest: always run SHA-3 and truncated SHA-2 tests by @​rhenium in ruby/openssl#864
• ssl: refactor check_supported_protocol_versions by @​rhenium in ruby/openssl#866
• ssl: fix tests using TLS 1.1 or older by @​rhenium in ruby/openssl#867
• Improve AWS-LC tests by @​junaruga in ruby/openssl#863
• Improve document of initialize_copy by @​midnight-wonderer in ruby/openssl#869

... (truncated)

Changelog

Sourced from openssl's changelog.

Version 4.0.1

Notable changes

• Add sync_close keyword argument to OpenSSL::SSL::SSLSocket.new as a short-hand for setting sync_close attribute on the created SSLSocket instance. [[GitHub #955]](ruby/openssl#955) [[GitHub #996]](ruby/openssl#996)

Bug fixes

• Fix uninitialized variables in OpenSSL::OCSP::BasicResponse#status. [[GitHub #1004]](ruby/openssl#1004)

Version 4.0.0

Compatibility

• Ruby >= 2.7
• OpenSSL >= 1.1.1, LibreSSL >= 3.9, and AWS-LC 1.66.0
  • Removed support for OpenSSL 1.0.2-1.1.0 and LibreSSL 3.1-3.8. [[GitHub #835]](ruby/openssl#835)
  • Added support for AWS-LC. [[GitHub #833]](ruby/openssl#833)

Notable changes

• OpenSSL::SSL
  • Reduce overhead when writing to OpenSSL::SSL::SSLSocket. #syswrite no longer creates a temporary String object. [[GitHub #831]](ruby/openssl#831)
  • Make OpenSSL::SSL::SSLContext#min_version= and #max_version= wrap the corresponding OpenSSL APIs directly, and remove the fallback to SSL options. [[GitHub #849]](ruby/openssl#849)
  • Add OpenSSL::SSL::SSLContext#sigalgs= and #client_sigalgs= for specifying signature algorithms to use for connections. [[GitHub #895]](ruby/openssl#895)
  • Rename OpenSSL::SSL::SSLContext#ecdh_curves= to #groups= following the underlying OpenSSL API rename. This method is no longer specific to ECDHE. The old method remains as an alias.

... (truncated)

Commits

• 38a1a4a Ruby/OpenSSL 4.0.1
• ff90193 Merge pull request #1003 from ruby/dependabot/github_actions/step-security/ha...
• 93d79fc Merge pull request #1004 from swhitt/fix-ocsp-basic-response-uninitialized-re...
• 667ce07 ocsp: fix uninitialized variables in BasicResponse#status
• 2ff55dc build(deps): bump step-security/harden-runner from 2.14.1 to 2.14.2
• f9429bd Merge pull request #997 from junaruga/wip/fips-test-pkcs12
• d86270d Update the steps to generate the base64-based examples.
• 2aa6d97 Fix test_pkcs12.rb in FIPS.
• b814041 Merge pull request #1002 from ruby/dependabot/github_actions/step-security/ha...
• 1aeac77 build(deps): bump step-security/harden-runner from 2.14.0 to 2.14.1
• Additional commits viewable in compare view

Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

[rwaffen]

@dependabot rebase

[bastelfreak]

@dependabot rebase

[bastelfreak]

@dependabot rebase