chore(deps): update openssl requirement from ~> 3.1.0 to >= 3.1, < 3.4

[dependabot]

Updates the requirements on openssl to permit the latest version.

Release notes

Sourced from openssl's releases.

v3.3.1

What's Changed

• ssl: fix SSLSocket#sysread leaking locktmp String on timeout by @​rhenium in ruby/openssl#832
• Fix CI in maint-3.1 branch by @​rhenium in ruby/openssl#846
• pkey: avoid calling i2d_PUBKEY family on an incomplete key by @​rhenium in ruby/openssl#847
• Removed needless workaround again by @​hsbt in ruby/openssl#850
• test/openssl/test_bn.rb: use Ractor#value by @​rhenium in ruby/openssl#896
• ssl: remove OpenSSL::X509::V_FLAG_CRL_CHECK_ALL from the default store by @​rhenium in ruby/openssl#950

Full Changelog: ruby/openssl@v3.3.0...v3.3.1

v3.3.0

What's Changed

• Exact checks with assert_include by @​nobu in ruby/openssl#683
• Exact checks with assert_include by @​nobu in ruby/openssl#684
• CI: Upgrade OpenSSL and LibreSSL versions. by @​junaruga in ruby/openssl#689
• CONTRIBUTING.md: Update testing with debugging and FIPS use cases. [ci skip] by @​junaruga in ruby/openssl#688
• CI: Add OpenSSL 3.2.0. by @​junaruga in ruby/openssl#698
• History.md: Escape Markdown syntax Italic "*". [ci skip] by @​junaruga in ruby/openssl#697
• Use Markdown reference-style links in documents. [ci skip] by @​junaruga in ruby/openssl#696
• Fix test_pkey_dh.rb in FIPS. by @​junaruga in ruby/openssl#694
• Windows Ruby 3.3: Workaround: Set OPENSSL_MODULES to find providers. by @​junaruga in ruby/openssl#712
• CI: Added the rubyinstaller2 issue link that legacy provider is not loaded. by @​junaruga in ruby/openssl#713
• Add more methods to SocketForwarder. by @​ioquatix in ruby/openssl#708
• Only set min_version on OpenSSL < 1.1.0 by @​ekohl in ruby/openssl#710
• Add support for IO#timeout. by @​ioquatix in ruby/openssl#714
• test/openssl/test_ocsp.rb: fix flaky test by @​rhenium in ruby/openssl#702
• CI: Upgrade OpenSSL and LibreSSL versions. by @​junaruga in ruby/openssl#720
• omit tests related legacy provider by @​hsbt in ruby/openssl#718
• test_asn1.rb: Remove the assertions of the time string format without second. by @​junaruga in ruby/openssl#728
• test_provider.rb: Make a legacy provider test optional. by @​junaruga in ruby/openssl#721
• Revert openssl dir workaround on TruffleRuby by @​eregon in ruby/openssl#705
• Fix test_pkey_dsa.rb in FIPS. by @​junaruga in ruby/openssl#729
• Use www.rfc-editor.org for RFC text. by @​hsbt in ruby/openssl#737
• CI: Upgrade OpenSSL and LibreSSL versions. by @​junaruga in ruby/openssl#745
• Only CSR version 1 (encoded as 0) is allowed by PKIX standards by @​botovq in ruby/openssl#747
• Introduce basic support for close_read and close_write. by @​ioquatix in ruby/openssl#743
• CI: Remove workaround for Ruby-3.2 and 3.3 on Windows by @​larskanis in ruby/openssl#748
• Add OpenSSL::Digest.digests to get a list of available digests by @​bdewater in ruby/openssl#726
• Remove trailing space in test_ssl.rb by @​peterzhu2118 in ruby/openssl#750
• asn1: check error return from i2d_ASN1_TYPE() by @​rhenium in ruby/openssl#755
• read: don't clear buffer when nothing can be read by @​casperisfine in ruby/openssl#739
• Add to_text for PKCS7 and Timestamp::Response by @​segiddins in ruby/openssl#756
• [CI] test.yml - use bundle exec, use setup-ruby bundler-cache, fixes Windows issue by @​MSP-Greg in ruby/openssl#758
• Don't download OpenSSL from ftp.openssl.org anyomre by @​KJTsanaktsidis in ruby/openssl#763
• Fix test_create_with_mac_iter accidently setting keytype not maciter by @​KJTsanaktsidis in ruby/openssl#762
• Add X509::Certificate#tbs_bytes by @​segiddins in ruby/openssl#753
• Clarify license by @​rhenium in ruby/openssl#754
• Automatically update GitHub Pages from master branch by @​rhenium in ruby/openssl#764

... (truncated)

Changelog

Sourced from openssl's changelog.

Version 3.3.1

Merged changes in 3.1.2 and 3.2.2.

Version 3.3.0

Compatibility

• Ruby version: 2.7 or later
• OpenSSL version: OpenSSL 1.0.2 or later, and LibreSSL 3.1 or later

Notable changes

• OpenSSL::SSL
  • OpenSSL::SSL::SSLSocket#set_params no longer sets #min_version= to TLS 1.0 except when OpenSSL 1.0.2 is used. This has been done to disable SSL 3.0, which is not supported by default in OpenSSL 1.1.0 or later, or in LibreSSL. This lets it respect the system default if the system-wide configuration file specifies a higher minimum protocol version. [[GitHub #710]](ruby/openssl#710)
  • OpenSSL::SSL::SSLSocket.new no longer enables the OpenSSL::SSL::OP_ALL SSL options by default and follows the system default. [[GitHub #767]](ruby/openssl#767)
  • Add the following IO methods to OpenSSL::SSL::SSLSocket, which will pass along to the underlying socket: #local_address, #remote_address, #close_on_exec=, #close_on_exec?, #wait, #wait_readable, and #wait_writable. [[GitHub #708]](ruby/openssl#708)
  • Update OpenSSL::SSL::SSLSocket#gets to take the chomp keyword argument. [[GitHub #708]](ruby/openssl#708)
  • Make OpenSSL::SSL::SSLSocket respect the IO#timeout value of the underlying socket on Ruby 3.2 or later. #timeout and #timeout= methods are also added. [[GitHub #714]](ruby/openssl#714)
  • Add OpenSSL::SSL::SSLSocket#close_read and #close_write. [[GitHub #743]](ruby/openssl#743)
  • Add OpenSSL::Digest.digests to get a list of all available digest algorithms. [[GitHub #726]](ruby/openssl#726)
  • Fix OpenSSL::SSL::SSLSocket#read_nonblock clearing the passed String buffer when nothing can be read from the connection. [[GitHub #739]](ruby/openssl#739)
• Add #to_text methods to OpenSSL::Timestamp::Response, OpenSSL::Timestamp::Request, OpenSSL::Timestamp::TokenInfo, and OpenSSL::PKCS7 to get a human-readable representation of the object.

... (truncated)

Commits

• 2b88a6d Ruby/OpenSSL 3.3.1
• 79e3483 Merge branch 'maint-3.2' into maint-3.3
• 17e8cd2 Ruby/OpenSSL 3.2.2
• dc2d706 Merge branch 'maint-3.1' into maint-3.2
• 2687f96 Ruby/OpenSSL 3.1.2
• 06592e4 Merge pull request #950 from rhenium/ky/ssl-set_params-remove-crl-check-all
• e8481cd ssl: remove OpenSSL::X509::V_FLAG_CRL_CHECK_ALL from the default store
• 8a948ef Merge branch 'maint-3.2' into maint-3.3
• 447898f Merge branch 'maint-3.1' into maint-3.2
• df17ae4 Merge pull request #896 from rhenium/ky/bn-test-fix-ractor-value
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[dependabot]

Superseded by #59.