diff --git a/.travis.yml b/.travis.yml
index c770d989b..1476daf6a 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -17,11 +17,12 @@ script:
 matrix:
   fast_finish: true
   include:
-    - env: RUBY_VERSION=ruby-2.3 OPENSSL_VERSION=openssl-1.0.0 OSSL_MDEBUG=1
-    - env: RUBY_VERSION=ruby-2.3 OPENSSL_VERSION=openssl-1.0.1 OSSL_MDEBUG=1
-    - env: RUBY_VERSION=ruby-2.3 OPENSSL_VERSION=openssl-1.0.2 OSSL_MDEBUG=1
-    - env: RUBY_VERSION=ruby-2.3 OPENSSL_VERSION=openssl-1.1.0 OSSL_MDEBUG=1
-    - env: RUBY_VERSION=ruby-2.3 OPENSSL_VERSION=libressl-2.3
-    - env: RUBY_VERSION=ruby-2.3 OPENSSL_VERSION=libressl-2.4
-    - env: RUBY_VERSION=ruby-2.3 OPENSSL_VERSION=libressl-2.5
+    - env: RUBY_VERSION=ruby-2.3 OPENSSL_VERSION=openssl-1.0.2
+    - env: RUBY_VERSION=ruby-2.4 OPENSSL_VERSION=openssl-1.0.0
+    - env: RUBY_VERSION=ruby-2.4 OPENSSL_VERSION=openssl-1.0.1
+    - env: RUBY_VERSION=ruby-2.4 OPENSSL_VERSION=openssl-1.0.2
+    - env: RUBY_VERSION=ruby-2.4 OPENSSL_VERSION=openssl-1.1.0
+    - env: RUBY_VERSION=ruby-2.4 OPENSSL_VERSION=libressl-2.3
+    - env: RUBY_VERSION=ruby-2.4 OPENSSL_VERSION=libressl-2.4
+    - env: RUBY_VERSION=ruby-2.4 OPENSSL_VERSION=libressl-2.5
   allow_failures:
diff --git a/appveyor.yml b/appveyor.yml
index c3e9c303a..bd72cedeb 100644
--- a/appveyor.yml
+++ b/appveyor.yml
@@ -2,9 +2,9 @@
 clone_depth: 10
 install:
   - SET PATH=C:\Ruby%ruby_version%\bin;%PATH%
-  - appveyor DownloadFile http://dl.bintray.com/oneclick/OpenKnapsack/x64/openssl-1.0.1m-x64-windows.tar.lzma
-  - 7z e openssl-1.0.1m-x64-windows.tar.lzma
-  - 7z x -y -oC:\Ruby%ruby_version% openssl-1.0.1m-x64-windows.tar
+  - appveyor DownloadFile http://dl.bintray.com/oneclick/OpenKnapsack/x64/openssl-1.0.2j-x64-windows.tar.lzma
+  - 7z e openssl-1.0.2j-x64-windows.tar.lzma
+  - 7z x -y -oC:\Ruby%ruby_version% openssl-1.0.2j-x64-windows.tar
   - ruby -S rake install_dependencies
 build_script:
   - rake -rdevkit compile -- --with-openssl-dir=C:\Ruby%ruby_version%
diff --git a/ext/openssl/extconf.rb b/ext/openssl/extconf.rb
index 7033b0e20..60bd518e1 100644
--- a/ext/openssl/extconf.rb
+++ b/ext/openssl/extconf.rb
@@ -37,6 +37,12 @@
 Logging::message "=== Checking for required stuff... ===\n"
 result = pkg_config("openssl") && have_header("openssl/ssl.h")
 unless result
+  if $mswin || $mingw
+    # required for static OpenSSL libraries
+    have_library("gdi32") # OpenSSL <= 1.0.2 (for RAND_screen())
+    have_library("crypt32")
+  end
+
   result = have_header("openssl/ssl.h")
   result &&= %w[crypto libeay32].any? {|lib| have_library(lib, "CRYPTO_malloc")}
   result &&= %w[ssl ssleay32].any? {|lib| have_library(lib, "SSL_new")}
diff --git a/ext/openssl/ossl_asn1.c b/ext/openssl/ossl_asn1.c
index 534796f52..1d3ee4ac1 100644
--- a/ext/openssl/ossl_asn1.c
+++ b/ext/openssl/ossl_asn1.c
@@ -1291,7 +1291,7 @@ ossl_asn1cons_to_der(VALUE self)
 static VALUE
 ossl_asn1cons_each(VALUE self)
 {
-    rb_funcall(ossl_asn1_get_value(self), id_each, 0);
+    rb_block_call(ossl_asn1_get_value(self), id_each, 0, 0, 0, 0);
 
     return self;
 }
diff --git a/ext/openssl/ossl_version.h b/ext/openssl/ossl_version.h
index d1bd7bc4b..b98533f48 100644
--- a/ext/openssl/ossl_version.h
+++ b/ext/openssl/ossl_version.h
@@ -10,6 +10,6 @@
 #if !defined(_OSSL_VERSION_H_)
 #define _OSSL_VERSION_H_
 
-#define OSSL_VERSION "2.0.2"
+#define OSSL_VERSION "2.0.3"
 
 #endif /* _OSSL_VERSION_H_ */
diff --git a/ext/openssl/ossl_x509name.c b/ext/openssl/ossl_x509name.c
index 4523e0d71..ac98c1b94 100644
--- a/ext/openssl/ossl_x509name.c
+++ b/ext/openssl/ossl_x509name.c
@@ -375,7 +375,7 @@ ossl_x509name_eql(VALUE self, VALUE other)
     if (!rb_obj_is_kind_of(other, cX509Name))
 	return Qfalse;
 
-    return ossl_x509name_cmp0(self, other) ? Qtrue : Qfalse;
+    return ossl_x509name_cmp0(self, other) == 0 ? Qtrue : Qfalse;
 }
 
 /*
diff --git a/lib/openssl/buffering.rb b/lib/openssl/buffering.rb
index 7fd647caa..b0dffefd3 100644
--- a/lib/openssl/buffering.rb
+++ b/lib/openssl/buffering.rb
@@ -189,7 +189,7 @@ def read_nonblock(maxlen, buf=nil, exception: true)
   end
 
   ##
-  # Reads the next "line+ from the stream.  Lines are separated by +eol+.  If
+  # Reads the next "line" from the stream.  Lines are separated by +eol+.  If
   # +limit+ is provided the result will not be longer than the given number of
   # bytes.
   #
@@ -344,7 +344,7 @@ def write(s)
   end
 
   ##
-  # Writes +str+ in the non-blocking manner.
+  # Writes +s+ in the non-blocking manner.
   #
   # If there is buffered data, it is flushed first.  This may block.
   #
diff --git a/openssl.gemspec b/openssl.gemspec
index c637080c8..da7a17659 100644
--- a/openssl.gemspec
+++ b/openssl.gemspec
@@ -1,6 +1,6 @@
 Gem::Specification.new do |spec|
   spec.name          = "openssl"
-  spec.version       = "2.0.2"
+  spec.version       = "2.0.3"
   spec.authors       = ["Martin Bosslet", "SHIBATA Hiroshi", "Zachary Scott", "Kazuki Yamaguchi"]
   spec.email         = ["ruby-core@ruby-lang.org"]
   spec.summary       = %q{OpenSSL provides SSL, TLS and general purpose cryptography.}
diff --git a/test/envutil.rb b/test/envutil.rb
index da3041028..89332b355 100644
--- a/test/envutil.rb
+++ b/test/envutil.rb
@@ -1,6 +1,7 @@
 # -*- coding: us-ascii -*-
 require "timeout"
 require "rbconfig"
+require "pp"
 
 module EnvUtil
   def rubybin
@@ -259,6 +260,10 @@ def assert_join_threads(threads, message = nil)
         values
       end
 
+      def mu_pp(obj) #:nodoc:
+        obj.pretty_inspect.chomp
+      end
+
       # :call-seq:
       #   assert_raise_with_message(exception, expected, msg = nil, &block)
       #
diff --git a/test/test_asn1.rb b/test/test_asn1.rb
index a0ac1ddbf..91ae2cfd0 100644
--- a/test/test_asn1.rb
+++ b/test/test_asn1.rb
@@ -566,6 +566,13 @@ def test_decode_constructed_overread
     assert_equal 17, ret[0][6]
   end
 
+  def test_constructive_each
+    data = [OpenSSL::ASN1::Integer.new(0), OpenSSL::ASN1::Integer.new(1)]
+    seq = OpenSSL::ASN1::Sequence.new data
+
+    assert_equal data, seq.entries
+  end
+
   private
 
   def assert_universal(tag, asn1)
diff --git a/test/test_x509name.rb b/test/test_x509name.rb
index b30a02e64..60e8ddb8a 100644
--- a/test/test_x509name.rb
+++ b/test/test_x509name.rb
@@ -357,6 +357,16 @@ def test_hash
     assert_equal(expected, name_hash(name))
   end
 
+  def test_equality
+    name0 = OpenSSL::X509::Name.new([["DC", "org"], ["DC", "ruby-lang"], ["CN", "bar.ruby-lang.org"]])
+    name1 = OpenSSL::X509::Name.new([["DC", "org"], ["DC", "ruby-lang"], ["CN", "bar.ruby-lang.org"]])
+    name2 = OpenSSL::X509::Name.new([["DC", "org"], ["DC", "ruby-lang"], ["CN", "baz.ruby-lang.org"]])
+    assert_equal true, name0 == name1
+    assert_equal true, name0.eql?(name1)
+    assert_equal false, name0 == name2
+    assert_equal false, name0.eql?(name2)
+  end
+
   def test_dup
     name = OpenSSL::X509::Name.parse("/CN=ruby-lang.org")
     assert_equal(name.to_der, name.dup.to_der)
diff --git a/tool/ruby-openssl-docker/Dockerfile b/tool/ruby-openssl-docker/Dockerfile
index a1518a9c2..d22a7e43f 100644
--- a/tool/ruby-openssl-docker/Dockerfile
+++ b/tool/ruby-openssl-docker/Dockerfile
@@ -19,46 +19,46 @@ RUN apt-get update && apt-get install -y --no-install-recommends \
   xz-utils \
   zlib1g-dev
 
-# Supported OpenSSL versions: 1.0.0, 1.0.1, 1.0.2, 1.1.0
+# Supported OpenSSL versions: 1.0.1-
 RUN mkdir -p /build/openssl
 RUN curl -s https://www.openssl.org/source/openssl-1.0.0t.tar.gz | tar -C /build/openssl -xzf - && \
     cd /build/openssl/openssl-1.0.0t && \
     ./Configure \
       --openssldir=/opt/openssl/openssl-1.0.0 \
-      shared debug-linux-x86_64 && \
+      shared linux-x86_64 && \
     make && make install_sw
 
 RUN curl -s https://www.openssl.org/source/openssl-1.0.1u.tar.gz | tar -C /build/openssl -xzf - && \
     cd /build/openssl/openssl-1.0.1u && \
     ./Configure \
       --openssldir=/opt/openssl/openssl-1.0.1 \
-      shared debug-linux-x86_64 && \
+      shared linux-x86_64 && \
     make && make install_sw
 
-RUN curl -s https://www.openssl.org/source/openssl-1.0.2j.tar.gz | tar -C /build/openssl -xzf - && \
-    cd /build/openssl/openssl-1.0.2j && \
+RUN curl -s https://www.openssl.org/source/openssl-1.0.2k.tar.gz | tar -C /build/openssl -xzf - && \
+    cd /build/openssl/openssl-1.0.2k && \
     ./Configure \
       --openssldir=/opt/openssl/openssl-1.0.2 \
-      shared debug-linux-x86_64 && \
+      shared linux-x86_64 && \
     make && make install_sw
 
-RUN curl -s https://www.openssl.org/source/openssl-1.1.0b.tar.gz | tar -C /build/openssl -xzf - && \
-    cd /build/openssl/openssl-1.1.0b && \
+RUN curl -s https://www.openssl.org/source/openssl-1.1.0d.tar.gz | tar -C /build/openssl -xzf - && \
+    cd /build/openssl/openssl-1.1.0d && \
     ./Configure \
       --prefix=/opt/openssl/openssl-1.1.0 \
       enable-crypto-mdebug enable-crypto-mdebug-backtrace \
-      debug-linux-x86_64 && \
+      linux-x86_64 && \
     make && make install_sw
 
-# Supported libressl versions: 2.3, 2.4, 2.5
-RUN curl -s http://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-2.3.8.tar.gz | tar -C /build/openssl -xzf -
-RUN cd /build/openssl/libressl-2.3.8 && \
+# Supported libressl versions: 2.3-
+RUN curl -s http://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-2.3.9.tar.gz | tar -C /build/openssl -xzf -
+RUN cd /build/openssl/libressl-2.3.9 && \
     ./configure \
       --prefix=/opt/openssl/libressl-2.3 && \
     make && make install
 
-RUN curl -s http://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-2.4.3.tar.gz | tar -C /build/openssl -xzf -
-RUN cd /build/openssl/libressl-2.4.3 && \
+RUN curl -s http://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-2.4.4.tar.gz | tar -C /build/openssl -xzf -
+RUN cd /build/openssl/libressl-2.4.4 && \
     ./configure \
       --prefix=/opt/openssl/libressl-2.4 && \
     make && make install
@@ -69,16 +69,24 @@ RUN cd /build/openssl/libressl-2.5.0 && \
       --prefix=/opt/openssl/libressl-2.5 && \
     make && make install
 
-# Supported Ruby versions: 2.3
+# Supported Ruby versions: 2.3-
 RUN mkdir -p /build/ruby
-RUN curl -s https://cache.ruby-lang.org/pub/ruby/2.3/ruby-2.3.1.tar.gz | tar -C /build/ruby -xzf - && \
-    cd /build/ruby/ruby-2.3.1 && \
+RUN curl -s https://cache.ruby-lang.org/pub/ruby/2.3/ruby-2.3.3.tar.gz | tar -C /build/ruby -xzf - && \
+    cd /build/ruby/ruby-2.3.3 && \
     autoconf && ./configure \
       --without-openssl \
       --prefix=/opt/ruby/ruby-2.3 \
       --disable-install-doc && \
     make && make install
 
+RUN curl -s https://cache.ruby-lang.org/pub/ruby/2.4/ruby-2.4.0.tar.gz | tar -C /build/ruby -xzf - && \
+    cd /build/ruby/ruby-2.4.0 && \
+    autoconf && ./configure \
+      --without-openssl \
+      --prefix=/opt/ruby/ruby-2.4 \
+      --disable-install-doc && \
+    make && make install
+
 ONBUILD ADD . /home/openssl/code
 ONBUILD WORKDIR /home/openssl/code
 
diff --git a/tool/ruby-openssl-docker/init.sh b/tool/ruby-openssl-docker/init.sh
index c4301482d..4d97e28c7 100755
--- a/tool/ruby-openssl-docker/init.sh
+++ b/tool/ruby-openssl-docker/init.sh
@@ -2,12 +2,12 @@
 
 if [[ "$RUBY_VERSION" = "" ]]
 then
-  RUBY_VERSION=ruby-2.3
+  RUBY_VERSION=ruby-2.4
 fi
 
 if [[ "$OPENSSL_VERSION" = "" ]]
 then
-  OPENSSL_VERSION=openssl-1.0.2
+  OPENSSL_VERSION=openssl-1.1.0
 fi
 
 echo "Using Ruby ${RUBY_VERSION} with OpenSSL ${OPENSSL_VERSION}."