ruby.git/test/openssl/test_asn1.rb, branch v3_4_9 The Ruby Programming Language asn1: fix ObjectId#== 2024-11-14T02:21:39+00:00 Kazuki Yamaguchi k@rhe.jp 2024-08-24T04:29:50+00:00 a0f1f161452e9a8c3d017ffbfce5744c775b668f Compare by the dotted decimal notation rather than the NID. OpenSSL::ASN1::ObjectId can store OIDs that are not registered in OpenSSL's internal table. NID is not defined for such an OID, but it is not an error. The == method also should not raise TypeError if the other object is not an instance of OpenSSL::ASN1::ObjectId. Fixes: https://github.com/ruby/openssl/issues/791 
Compare by the dotted decimal notation rather than the NID.

OpenSSL::ASN1::ObjectId can store OIDs that are not registered in
OpenSSL's internal table. NID is not defined for such an OID, but it is
not an error.

The == method also should not raise TypeError if the other object is
not an instance of OpenSSL::ASN1::ObjectId.

Fixes: https://github.com/ruby/openssl/issues/791
[ruby/openssl] test_asn1.rb: Remove the assertions of the time string format without second. 2024-03-13T15:19:40+00:00 Jun Aruga jaruga@redhat.com 2024-03-12T13:39:05+00:00 dd5e625d7bcb7dc849fdbc2ad8053f9c2724efb4 This commit fixes the following errors in the tests. Because the OpenSSL project changed the code to make the time string format without second invalid. So, we drop the assertions. ``` 1) Error: test_generalizedtime(OpenSSL::TestASN1): OpenSSL::ASN1::ASN1Error: generalizedtime is too short /home/runner/work/ruby-openssl/ruby-openssl/test/openssl/test_asn1.rb:698:in `decode' /home/runner/work/ruby-openssl/ruby-openssl/test/openssl/test_asn1.rb:698:in `decode_test' /home/runner/work/ruby-openssl/ruby-openssl/test/openssl/test_asn1.rb:433:in `test_generalizedtime' 430: OpenSSL::ASN1::GeneralizedTime.new(Time.utc(9999, 9, 8, 23, 43, 39)) 431: # LibreSSL 3.6.0 requires the seconds element 432: return if libressl? => 433: decode_test B(%w{ 18 0D }) + "201612081934Z".b, 434: OpenSSL::ASN1::GeneralizedTime.new(Time.utc(2016, 12, 8, 19, 34, 0)) 435: # not implemented 436: # decode_test B(%w{ 18 13 }) + "https://github.com/ruby/openssl/commit/201612081934+0930".b, 2) Error: test_utctime(OpenSSL::TestASN1): OpenSSL::ASN1::ASN1Error: utctime is too short /home/runner/work/ruby-openssl/ruby-openssl/test/openssl/test_asn1.rb:698:in `decode' /home/runner/work/ruby-openssl/ruby-openssl/test/openssl/test_asn1.rb:698:in `decode_test' /home/runner/work/ruby-openssl/ruby-openssl/test/openssl/test_asn1.rb:411:in `test_utctime' 408: end 409: # Seconds is omitted. LibreSSL 3.6.0 requires it 410: return if libressl? => 411: decode_test B(%w{ 17 0B }) + "1609082343Z".b, 412: OpenSSL::ASN1::UTCTime.new(Time.utc(2016, 9, 8, 23, 43, 0)) 413: # not implemented 414: # decode_test B(%w{ 17 11 }) + "https://github.com/ruby/openssl/commit/500908234339+0930".b, ``` https://github.com/ruby/openssl/commit/2e826d5715 
This commit fixes the following errors in the tests.
Because the OpenSSL project changed the code to make the time string format
without second invalid. So, we drop the assertions.

```
1) Error: test_generalizedtime(OpenSSL::TestASN1): OpenSSL::ASN1::ASN1Error: generalizedtime is too short
/home/runner/work/ruby-openssl/ruby-openssl/test/openssl/test_asn1.rb:698:in `decode'
/home/runner/work/ruby-openssl/ruby-openssl/test/openssl/test_asn1.rb:698:in `decode_test'
/home/runner/work/ruby-openssl/ruby-openssl/test/openssl/test_asn1.rb:433:in `test_generalizedtime'
     430:       OpenSSL::ASN1::GeneralizedTime.new(Time.utc(9999, 9, 8, 23, 43, 39))
     431:     # LibreSSL 3.6.0 requires the seconds element
     432:     return if libressl?
  => 433:     decode_test B(%w{ 18 0D }) + "201612081934Z".b,
     434:       OpenSSL::ASN1::GeneralizedTime.new(Time.utc(2016, 12, 8, 19, 34, 0))
     435:     # not implemented
     436:     # decode_test B(%w{ 18 13 }) + "https://github.com/ruby/openssl/commit/201612081934+0930".b,

2) Error: test_utctime(OpenSSL::TestASN1): OpenSSL::ASN1::ASN1Error: utctime is too short
/home/runner/work/ruby-openssl/ruby-openssl/test/openssl/test_asn1.rb:698:in `decode'
/home/runner/work/ruby-openssl/ruby-openssl/test/openssl/test_asn1.rb:698:in `decode_test'
/home/runner/work/ruby-openssl/ruby-openssl/test/openssl/test_asn1.rb:411:in `test_utctime'
     408:     end
     409:     # Seconds is omitted. LibreSSL 3.6.0 requires it
     410:     return if libressl?
  => 411:     decode_test B(%w{ 17 0B }) + "1609082343Z".b,
     412:       OpenSSL::ASN1::UTCTime.new(Time.utc(2016, 9, 8, 23, 43, 0))
     413:     # not implemented
     414:     # decode_test B(%w{ 17 11 }) + "https://github.com/ruby/openssl/commit/500908234339+0930".b,
```

https://github.com/ruby/openssl/commit/2e826d5715
[ruby/openssl] test/openssl/test_asn1.rb: remove pend for unsupported LibreSSL versions 2022-12-23T00:39:15+00:00 Kazuki Yamaguchi k@rhe.jp 2022-10-17T07:50:10+00:00 7c073cc11221eb85ac0c55ec38ff4c9da22ca26c Commit https://github.com/ruby/openssl/commit/af895bc5596b ("asn1: avoid truncating OID in OpenSSL::ASN1::ObjectId#oid", 2016-12-15) added this test case. The OBJ_obj2txt() issue was fixed by LibreSSL 2.5.1 (released in 2017) and is no longer relevant today. https://github.com/ruby/openssl/commit/6a188f1a29 
Commit https://github.com/ruby/openssl/commit/af895bc5596b ("asn1: avoid truncating OID in
OpenSSL::ASN1::ObjectId#oid", 2016-12-15) added this test case.

The OBJ_obj2txt() issue was fixed by LibreSSL 2.5.1 (released in 2017)
and is no longer relevant today.

https://github.com/ruby/openssl/commit/6a188f1a29
[ruby/openssl] test/openssl/test_asn1.rb: skip failing tests on LibreSSL 3.6.0 2022-12-23T00:39:15+00:00 Kazuki Yamaguchi k@rhe.jp 2022-10-17T07:50:01+00:00 5591e4935da7b606f9d3047894eeea5d7e4a8864 LibreSSL 3.6.0 expects the seconds part in UTCTime and GeneralizedTime to be always present. LibreSSL 3.6.0 release note [1] says: > - The ASN.1 time parser has been refactored and rewritten using CBS. > It has been made stricter in that it now enforces the rules from > RFC 5280. [1] https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.6.0-relnotes.txt https://github.com/ruby/openssl/commit/bbc540fe83 
LibreSSL 3.6.0 expects the seconds part in UTCTime and GeneralizedTime
to be always present. LibreSSL 3.6.0 release note [1] says:

> - The ASN.1 time parser has been refactored and rewritten using CBS.
>   It has been made stricter in that it now enforces the rules from
>   RFC 5280.

[1] https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.6.0-relnotes.txt

https://github.com/ruby/openssl/commit/bbc540fe83
[ruby/openssl] Use SHA256 instead of SHA1 where needed in tests. 2022-12-13T09:07:41+00:00 Jarek Prokop jprokop@redhat.com 2022-10-18T07:52:13+00:00 ce025a5cb4a7aea62629fcf8685e931671a0672d Systems such as RHEL 9 are moving away from SHA1 disabling it completely in default configuration. https://github.com/ruby/openssl/commit/32648da2f6 
Systems such as RHEL 9 are moving away from SHA1
disabling it completely in default configuration.

https://github.com/ruby/openssl/commit/32648da2f6
[ruby/openssl] Fix typos [ci skip] 2021-11-03T14:43:04+00:00 Nobuyoshi Nakada nobu@ruby-lang.org 2021-11-03T09:36:37+00:00 5b8d22ebe60267283a5ca4a1c2ddba507b3d8ba9 https://github.com/ruby/openssl/commit/708ebf2f7a 
https://github.com/ruby/openssl/commit/708ebf2f7a
[ruby/openssl] require OpenSSL >= 1.0.2 and LibreSSL >= 3.1 2021-07-18T08:44:41+00:00 Kazuki Yamaguchi k@rhe.jp 2020-08-04T14:14:44+00:00 cd002305f0db447b47b54b93e1ecb3c666d37c06 Clean up old version guards in preparation for the upcoming OpenSSL 3.0 support. OpenSSL 1.0.1 reached its EOL on 2016-12-31. At that time, we decided to keep 1.0.1 support because many major Linux distributions were still shipped with 1.0.1. Now, nearly 4 years later, most Linux distributions are reaching their EOL and it should be safe to assume nobody uses them anymore. Major ones that were using 1.0.1: - Ubuntu 14.04 is EOL since 2019-04-30 - RHEL 6 will reach EOL on 2020-11-30 LibreSSL 3.0 and older versions are no longer supported by the LibreSSL team as of October 2020. Note that OpenSSL 1.0.2 also reached EOL on 2019-12-31 and 1.1.0 also did on 2018-08-31. https://github.com/ruby/openssl/commit/c055938f4b 
Clean up old version guards in preparation for the upcoming OpenSSL 3.0
support.

OpenSSL 1.0.1 reached its EOL on 2016-12-31. At that time, we decided
to keep 1.0.1 support because many major Linux distributions were still
shipped with 1.0.1. Now, nearly 4 years later, most Linux distributions
are reaching their EOL and it should be safe to assume nobody uses them
anymore. Major ones that were using 1.0.1:

 - Ubuntu 14.04 is EOL since 2019-04-30
 - RHEL 6 will reach EOL on 2020-11-30

LibreSSL 3.0 and older versions are no longer supported by the LibreSSL
team as of October 2020.

Note that OpenSSL 1.0.2 also reached EOL on 2019-12-31 and 1.1.0 also
did on 2018-08-31.

https://github.com/ruby/openssl/commit/c055938f4b
[ruby/openssl] Look up digest by name instead of constant 2020-05-13T06:47:51+00:00 Bart de Water bartdewater@gmail.com 2020-04-19T15:14:36+00:00 0b2c70eaa1e8e41fcb6332b22b084dabb81e637c https://github.com/ruby/openssl/commit/b28fb2f05c 
https://github.com/ruby/openssl/commit/b28fb2f05c
Import openssl-2.2.0 (#2693) 2020-02-16T06:21:29+00:00 Hiroshi SHIBATA hsbt@ruby-lang.org 2020-02-16T06:21:29+00:00 b99775b163ce44079c1f8727ce9b4ed8bb03489d Import the master branch of ruby/openssl for preparing to release openssl-2.2.0 
Import the master branch of ruby/openssl for preparing to release openssl-2.2.0
Skip very time consuming test [Bug #16196] 2019-10-10T12:02:45+00:00 Nobuyoshi Nakada nobu@ruby-lang.org 2019-10-10T12:02:45+00:00 c144d7215b3444fa36d28d540b60170a5b30743d