Enhance printing OpenSSL versions.

[junaruga]

This PR is to enhance the feature of printing OpenSSL versions. This is useful when running tests conditionally depending on OpenSSL and LibreSSL versions. In my case, it was useful to fix pending tests in FIPS case. See my working branch wip/fip-test-debug commits to fix pending tests. The last 4 commits are mine. And the 3rd newest commit is the same with this PR's commit.

For the OPENSSL_VERSION_NUMBER format, the OPENSSL_VERSION_NUMBER(3) documents were helpful for me. You can check each OpenSSL version's format by clicking the master, 3.1, 3.0, 1.1.1, 1.0.2 links. For adding the OpenSSL::LIBRESSL_VERSION_NUMBER, perhaps it is controversial. Because the test/openssl/utils.rb#libressl? doesn't depend on the LIBRESSL_VERSION_NUMBER. But I thought it was useful to debug C files.

---

• Updated the OpenSSL::OPENSSL_VERSION_NUMBER comment explaining the format.
• Added the OpenSSL::LIBRESSL_VERSION_NUMBER. It's useful to debug the C language code. Note test/openssl/utils.rb#libressl? is not using this value.
• Update rake debug to print OpenSSL::OPENSSL_VERSION_NUMBER and OpenSSL::LIBRESSL_VERSION_NUMBER.

[junaruga]

It is printed like this.
https://github.com/ruby/openssl/actions/runs/5858013666/job/15881113349?pr=662#step:13:25

[junaruga]

Rebased with updating the value of the OpenSSL::LIBRESSL_VERSION_NUMBER is nil in OpenSSL cases.

In the OpenSSL case, the OpenSSL::LIBRESSL_VERSION_NUMBER is printed as follows.
https://github.com/ruby/openssl/actions/runs/5866211628/job/15904567483?pr=662#step:13:33

OpenSSL::LIBRESSL_VERSION_NUMBER: nil

And in the LibreSSL case, the value is printed as follows.

https://github.com/ruby/openssl/actions/runs/5866211628/job/15904567048?pr=662#step:13:33

OpenSSL::LIBRESSL_VERSION_NUMBER: 3080000f

[junaruga]

@rhenium I got an idea. Right now the OpenSSL::OPENSSL_LIBRARY_VERSION is implemented below.

openssl/ext/openssl/ossl.c

Lines 1141 to 1148 in db633c5

	/*
	* Version of OpenSSL the ruby OpenSSL extension is running with
	*/
	#if !defined(LIBRESSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER >= 0x10100000
	rb_define_const(mOSSL, "OPENSSL_LIBRARY_VERSION", rb_str_new2(OpenSSL_version(OPENSSL_VERSION)));
	#else
	rb_define_const(mOSSL, "OPENSSL_LIBRARY_VERSION", rb_str_new2(SSLeay_version(SSLEAY_VERSION)));
	#endif

So, maybe we can implement as follows, removing the the implementatio n of the OpenSSL::LIBRESSL_VERSION_NUMBER. Because I thought we don't want to expose the OpenSSL::LIBRESSL_FOO, the keyword "LIBRESSL" as our Ruby OpenSSL API. And if the OpenSSL::OPENSSL_VERSION_NUMBER is always 0x20000000 in the LibreSSL versions, it's not meaningful to print the value.

    /*   
     * Version number of OpenSSL the ruby OpenSSL extension was built with
     * (base 16)
     *
     * OpenSSL 3: 0xMNN00PP0 (major minor 00 patch 0)
     * OpenSSL 1: 0xMNNFFPPS (major minor fix patch status)
     * LibreSSL:  0xMNNFFPPS (major minor fix patch status)
     *
     * See also the man page OPENSSL_VERSION_NUMBER(3).
     */
#if defined(LIBRESSL_VERSION_NUMBER)
    rb_define_const(mOSSL, "OPENSSL_VERSION_NUMBER", INT2NUM(LIBRESSL_VERSION_NUMBER));
#else
    rb_define_const(mOSSL, "OPENSSL_VERSION_NUMBER", INT2NUM(OPENSSL_VERSION_NUMBER));
#endif

What do you think?

[rhenium]

IMO OpenSSL::OPENSSL_VERSION_NUMBER should stay as is even if it contains a nonsensical number. Changing this can create confusion.

I have no objection to adding OpenSSL::LIBRESSL_VERSION_NUMBER. Actually, libressl? in the test code would have been using it if we already had it.

[junaruga]

IMO OpenSSL::OPENSSL_VERSION_NUMBER should stay as is even if it contains a nonsensical number. Changing this can create confusion.

Right. If we change the value of the OpenSSL::OPENSSL_VERSION_NUMBER in LibreSSL case, this is a breaking change. I understand people may be confused.

I have no objection to adding OpenSSL::LIBRESSL_VERSION_NUMBER. Actually, libressl? in the test code would have been using it if we already had it.

All right!

So, let me fix this PR.

[junaruga]

Note the reason why the #if defined(LIBRESSL_VERSION_NUMBER) is above the comment, not below the comment is because Rdoc cannot parse the comment if #if defined(LIBRESSL_VERSION_NUMBER) is written below the comment.

[junaruga]

IMO OpenSSL::OPENSSL_VERSION_NUMBER should stay as is even if it contains a nonsensical number. Changing this can create confusion.

Right. If we change the value of the OpenSSL::OPENSSL_VERSION_NUMBER in LibreSSL case, this is a breaking change. I understand people may be confused.

I have no objection to adding OpenSSL::LIBRESSL_VERSION_NUMBER. Actually, libressl? in the test code would have been using it if we already had it.

All right!

So, let me fix this PR.

@rhenium I rebased this PR fixing the issues mentioned in the review. Now the OpenSSL::LIBRESSL_VERSION_NUMBER is only defined in LibreSSL cases. I checked the generated RDoc in both OpenSSL and LibreSSL cases on local. So, what do you think?

OpenSSL case:
https://github.com/ruby/openssl/actions/runs/5868514268/job/15911539097?pr=662#step:13:32

OpenSSL::LIBRESSL_VERSION_NUMBER: undefined

LibreSSL case:
https://github.com/ruby/openssl/actions/runs/5868514268/job/15911538553?pr=662#step:13:32

OpenSSL::LIBRESSL_VERSION_NUMBER: 3080000f

[rhenium]

@rhenium I rebased this PR fixing the issues mentioned in the review. Now the OpenSSL::LIBRESSL_VERSION_NUMBER is only defined in LibreSSL cases. I checked the generated RDoc in both OpenSSL and LibreSSL cases on local. So, what do you think?

Everything looks good to me!

[junaruga]

Thanks for reviewing!