From OpenBSD: https://cvsweb.openbsd.org/cgi-bin/cvsweb/ports/lang/ruby/3.0/patches/patch-ext_openssl_ossl_ocsp_c Fix build with opaque OCSP_BASICRESP in LibreSSL 3.5. The bug this works around should be fixed since LibreSSL 2.4.2 as far as I can tell. Index: ext/openssl/ossl_ocsp.c --- a/ext/openssl/ossl_ocsp.c.orig +++ b/ext/openssl/ossl_ocsp.c @@ -1093,7 +1093,7 @@ ossl_ocspbres_verify(int argc, VALUE *argv, VALUE self * exists in LibreSSL 2.1.10, 2.2.9, 2.3.6, 2.4.1. */ if (!(flg & (OCSP_NOCHAIN | OCSP_NOVERIFY)) && - sk_X509_num(x509s) && sk_X509_num(bs->certs)) { + sk_X509_num(x509s) && sk_X509_num(OCSP_resp_get0_certs(bs))) { int i; bs = ASN1_item_dup(ASN1_ITEM_rptr(OCSP_BASICRESP), bs); From OpenBSD: https://cvsweb.openbsd.org/cgi-bin/cvsweb/ports/lang/ruby/3.0/patches/patch-ext_openssl_extconf_rb Make sure the TS_VERIFY_CTS_set_certs() macro gets picked up correctly. It is a function in OpenSSL 1.1 and a macro in LibreSSL and OpenSSL 3. Index: ext/openssl/extconf.rb --- a/ext/openssl/extconf.rb.orig +++ b/ext/openssl/extconf.rb @@ -176,7 +176,7 @@ have_func("SSL_SESSION_get_protocol_version") have_func("TS_STATUS_INFO_get0_status") have_func("TS_STATUS_INFO_get0_text") have_func("TS_STATUS_INFO_get0_failure_info") -have_func("TS_VERIFY_CTS_set_certs") +have_func("TS_VERIFY_CTS_set_certs(NULL, NULL)", "openssl/ts.h") have_func("TS_VERIFY_CTX_set_store") have_func("TS_VERIFY_CTX_add_flags") have_func("TS_RESP_CTX_set_time_cb") From OpenBSD: https://github.com/openbsd/ports/commit/42d3003b55a9ace1f489aa93297aafaf7d03e8c4#diff-8c76a3fac72e780ffe364114da7bc68a1e78cb6b825d51795ca5e02bdde95cc8 LibreSSL 3.8 dropped support for EC_GFp_nist_method() Index: ext/openssl/ossl_pkey_ec.c --- a/ext/openssl/ossl_pkey_ec.c.orig +++ b/ext/openssl/ossl_pkey_ec.c @@ -743,7 +743,7 @@ static VALUE ossl_ec_group_initialize(int argc, VALUE } else if (id == s_GFp_mont) { method = EC_GFp_mont_method(); } else if (id == s_GFp_nist) { - method = EC_GFp_nist_method(); + method = NULL; #if !defined(OPENSSL_NO_EC2M) } else if (id == s_GF2m_simple) { method = EC_GF2m_simple_method();