ssl: temporarily remove SSLContext#add_certificate_chain_file

Let's revert the changes for now, as it cannot be included in the 2.2.0
release.

My comment on #257:

> A blocker is OpenSSL::SSL::SSLContext#add_certificate_chain_file. It
> has a pending change and I don't want to include it in an incomplete
> state.
>
> The initial implementation in commit 46e4bdb was not really
> useful. The issue is described in #305. #309 extended it
> to take the corresponding private key together. However, the new
> implementation was incompatible on Windows and was reverted by #320 to
> the initial one.
>
> (The prerequisite to implement it in) an alternative way is #288, and
> it's still cooking.

This effectively reverts the following commits:

 - dacd089 ("ssl: suppress test failure with SSLContext#add_certificate_chain_file", 2020-03-09)
 - 46e4bdb ("Add support for SSL_CTX_use_certificate_chain_file. Fixes #254.", 2019-06-13)

Author: rhenium

ext/openssl/ossl_ssl.c

@@ -1329,21 +1329,6 @@ ossl_sslctx_add_certificate(int argc, VALUE *argv, VALUE self)
     return self;
 }
 
-static VALUE
-ossl_sslctx_add_certificate_chain_file(VALUE self, VALUE path)
-{
-    SSL_CTX *ctx;
-    int ret;
-
-    GetSSLCTX(self, ctx);
-    StringValueCStr(path);
-    ret = SSL_CTX_use_certificate_chain_file(ctx, RSTRING_PTR(path));
-    if (ret != 1)
-        ossl_raise(eSSLError, "SSL_CTX_use_certificate_chain_file");
-
-    return Qtrue;
-}
-
 /*
  *  call-seq:
  *     ctx.session_add(session) -> true | false
@@ -2795,7 +2780,6 @@ Init_ossl_ssl(void)
     rb_define_method(cSSLContext, "enable_fallback_scsv", ossl_sslctx_enable_fallback_scsv, 0);
 #endif
     rb_define_method(cSSLContext, "add_certificate", ossl_sslctx_add_certificate, -1);
-    rb_define_method(cSSLContext, "add_certificate_chain_file", ossl_sslctx_add_certificate_chain_file, 1);
 
     rb_define_method(cSSLContext, "setup", ossl_sslctx_setup, 0);
     rb_define_alias(cSSLContext, "freeze", "setup");

test/openssl/test_ssl.rb

@@ -189,34 +189,6 @@ def test_add_certificate_multiple_certs
     end
   end
 
-  def test_add_certificate_chain_file
-    # Create chain certificates file
-    certs = Tempfile.open { |f| f << @svr_cert.to_pem << @ca_cert.to_pem; f }
-    pkey = Tempfile.open { |f| f << @svr_key.to_pem; f }
-
-    ctx_proc = -> ctx {
-      # FIXME: This is a temporary test case written just to match the current
-      # state. ctx.add_certificate_chain_file should take two arguments.
-      ctx.add_certificate_chain_file(certs.path)
-      # # Unset values set by start_server
-      # ctx.cert = ctx.key = ctx.extra_chain_cert = nil
-      # assert_nothing_raised { ctx.add_certificate_chain_file(certs.path, pkey.path) }
-    }
-
-    start_server(ctx_proc: ctx_proc) { |port|
-      server_connect(port) { |ssl|
-        assert_equal @svr_cert.subject, ssl.peer_cert.subject
-        assert_equal [@svr_cert.subject, @ca_cert.subject],
-          ssl.peer_cert_chain.map(&:subject)
-
-        ssl.puts "abc"; assert_equal "abc\n", ssl.gets
-      }
-    }
-  ensure
-    certs&.unlink
-    pkey&.unlink
-  end
-
   def test_sysread_and_syswrite
     start_server { |port|
       server_connect(port) { |ssl|