This was disabled years ago while we were adding support for it,
but it has been working for some time now. This patch re-enables
hostname verification by default.

This addresses CVE-2025-46551 and GHSA-72qj-48g4-5xgx.

Users can work around this by applying this patch manually to their
own jruby-openssl and jruby installs, or by re-enabling hostname
verification with the following code early in application boot:

```ruby
require 'openssl'

OpenSSL::SSL::SSLContext::DEFAULT_PARAMS[:verify_hostname] = true
```

* to_der on ASN1Data should convert ruby strings into java strings before encoding

* handle string in asn1data

* unify how taggedobjects get decoded

When building an CRL from scratch, the `crl` member variable has no
value, and when calling `to_pem` on the object, the following value is
returned instead of the actual CRL:

```
-----BEGIN X509 CRL-----
MAA=
-----END X509 CRL-----
```

The function `getCRL()` return the `crl` member variable if it is
non-null, and generate the CRL and store it in this variable otherwise.
It seems adequate to use this getter function rather than accessing the
member variable directly.

Fixes #163

* uncommenting the last assertion of the application specific der test

* adding the basicdata tests from upstream ruby-openssl

excluding already the one that I know that I can't solve, as BC does not allow tag > 31 for UNIVERSAL tag class

* inlining getConstructiveTag logic, expand on the rest of the information in the tag segment

the tag segment also contains info about whether the payload is for a constructed DER, and whether it's indefinite length; this info was buried in the method, with no easy way to piggyback on, so it was easier to inline the logic (only used here anyway), and propagate the rest of the information, which allows setting the indefinite_length ivar for ASN1Data objects

it also raises exceptions where it couldn't (or shouldn't?)

* fixing encoding of arrays in ASN1Data structures as well as dealing with EOC

empty arrays on asn1data are encoded to BERSequences, which fixed some corner cases associated with asn1data

EOC isn't supported OOTB by bouncycastle, so these have to be ignored in the ASN1 part, since there's no way to use DERTaggedObject

some of the logic to add the EOC bytes are inlined based on the implemented from bouncycastle, which does not allow to compose on anything, as all entities are private and unextendable

* do not allow encoding asn1data with indefinite_length set and a value which is not an array

this is the behaviour from upstream

* making the EndOfContent class a subclass of ASN1Data

this is what upstream does

* fixed initialization of Primitive

the logic was unaligned with upstream (see ruby rewrite here: https://github.com/ruby/openssl/blob/master/lib/openssl/asn1.rb\#L107C40-L122)

* rewrote isEOC as a function of its data

ruby allows EOC objects to be built via ASN1Data initialization, so one has to use the info of tag and tag class instead

* implement logic to der-encode objects at the base class

since ruby does not have abstract classes, instances of root/intermediate classes may be instantiated, and args will determine how those objects really have to be handled

this follows the logic of upstream, which implements der-encode at the base class by outsourcing to specific impls based on ivar state

* loading EndOfContent class correctly

so overrides are correctly loaded

* adding basic constructive tests from upstream

commenting out the one I could only half port, as no BC parser supports random tagged objects