[ruby/openssl] x509cert: handle invalid validity periods in Certificate#inspect

In a newly allocated OpenSSL X509 object, the notBefore and notAfter fields contain an ASN1_STRING object with type V_ASN1_UNDEF rather than an ASN1_TIME. Commit https://github.com/ruby/openssl/commit/73484f67949a made asn1time_to_time() stricter and it now raises an exception if the argument is not an ASN1_TIME. Previously, it would print a verbose-mode warning and return nil. OpenSSL::X509::Certificate#inspect should work even when the certificate is invalid. Let's handle this. https://github.com/ruby/openssl/commit/18c283f2b6
author: Kazuki Yamaguchi <k@rhe.jp> 2025-12-06 03:33:12 +0900
committer: git <svn-admin@ruby-lang.org> 2025-12-05 18:40:02 +0000
commit: 8c4f79d5f30fb2fe647c4f3fd262a5fdeacaeca2 (patch)
tree: a05f9480dbfafd5c9aabd1cb502f76c7248aea84 /ext/openssl/lib
parent: 00b91c727fdd0dd3bcd970dd4bc6c2b598cf4e1b (diff)
1 files changed, 9 insertions, 0 deletions
diff --git a/ext/openssl/lib/openssl/x509.rb b/ext/openssl/lib/openssl/x509.rb
index 6459d37b12..66765ffeab 100644
--- a/ext/openssl/lib/openssl/x509.rb
+++ b/ext/openssl/lib/openssl/x509.rb
@@ -346,6 +346,15 @@ module OpenSSL
       include Extension::CRLDistributionPoints
       include Extension::AuthorityInfoAccess
 
+      def inspect
+        "#<#{self.class}: " \
+          "subject=#{subject.inspect}, " \
+          "issuer=#{issuer.inspect}, " \
+          "serial=#{serial.inspect}, " \
+          "not_before=#{not_before.inspect rescue "(error)"}, " \
+          "not_after=#{not_after.inspect rescue "(error)"}>"
+      end
+
       def pretty_print(q)
         q.object_group(self) {
           q.breakable
author	Kazuki Yamaguchi <k@rhe.jp>	2025-12-06 03:33:12 +0900
committer	git <svn-admin@ruby-lang.org>	2025-12-05 18:40:02 +0000
commit	8c4f79d5f30fb2fe647c4f3fd262a5fdeacaeca2 (patch)
tree	a05f9480dbfafd5c9aabd1cb502f76c7248aea84 /ext/openssl/lib
parent	00b91c727fdd0dd3bcd970dd4bc6c2b598cf4e1b (diff)