diff options
| author | Kazuki Yamaguchi <k@rhe.jp> | 2025-12-06 03:33:12 +0900 |
|---|---|---|
| committer | git <svn-admin@ruby-lang.org> | 2025-12-05 18:40:02 +0000 |
| commit | 8c4f79d5f30fb2fe647c4f3fd262a5fdeacaeca2 (patch) | |
| tree | a05f9480dbfafd5c9aabd1cb502f76c7248aea84 /ext/openssl | |
| parent | 00b91c727fdd0dd3bcd970dd4bc6c2b598cf4e1b (diff) | |
[ruby/openssl] x509cert: handle invalid validity periods in Certificate#inspect
In a newly allocated OpenSSL X509 object, the notBefore and notAfter
fields contain an ASN1_STRING object with type V_ASN1_UNDEF rather than
an ASN1_TIME.
Commit https://github.com/ruby/openssl/commit/73484f67949a made asn1time_to_time() stricter and it now raises
an exception if the argument is not an ASN1_TIME. Previously, it would
print a verbose-mode warning and return nil.
OpenSSL::X509::Certificate#inspect should work even when the certificate
is invalid. Let's handle this.
https://github.com/ruby/openssl/commit/18c283f2b6
Diffstat (limited to 'ext/openssl')
| -rw-r--r-- | ext/openssl/lib/openssl/x509.rb | 9 | ||||
| -rw-r--r-- | ext/openssl/ossl_x509cert.c | 15 |
2 files changed, 9 insertions, 15 deletions
diff --git a/ext/openssl/lib/openssl/x509.rb b/ext/openssl/lib/openssl/x509.rb index 6459d37b12..66765ffeab 100644 --- a/ext/openssl/lib/openssl/x509.rb +++ b/ext/openssl/lib/openssl/x509.rb @@ -346,6 +346,15 @@ module OpenSSL include Extension::CRLDistributionPoints include Extension::AuthorityInfoAccess + def inspect + "#<#{self.class}: " \ + "subject=#{subject.inspect}, " \ + "issuer=#{issuer.inspect}, " \ + "serial=#{serial.inspect}, " \ + "not_before=#{not_before.inspect rescue "(error)"}, " \ + "not_after=#{not_after.inspect rescue "(error)"}>" + end + def pretty_print(q) q.object_group(self) { q.breakable diff --git a/ext/openssl/ossl_x509cert.c b/ext/openssl/ossl_x509cert.c index b1e82a2790..4d69008fdd 100644 --- a/ext/openssl/ossl_x509cert.c +++ b/ext/openssl/ossl_x509cert.c @@ -665,20 +665,6 @@ ossl_x509_add_extension(VALUE self, VALUE extension) return extension; } -static VALUE -ossl_x509_inspect(VALUE self) -{ - return rb_sprintf("#<%"PRIsVALUE": subject=%+"PRIsVALUE", " - "issuer=%+"PRIsVALUE", serial=%+"PRIsVALUE", " - "not_before=%+"PRIsVALUE", not_after=%+"PRIsVALUE">", - rb_obj_class(self), - ossl_x509_get_subject(self), - ossl_x509_get_issuer(self), - ossl_x509_get_serial(self), - ossl_x509_get_not_before(self), - ossl_x509_get_not_after(self)); -} - /* * call-seq: * cert1 == cert2 -> true | false @@ -1013,7 +999,6 @@ Init_ossl_x509cert(void) rb_define_method(cX509Cert, "extensions", ossl_x509_get_extensions, 0); rb_define_method(cX509Cert, "extensions=", ossl_x509_set_extensions, 1); rb_define_method(cX509Cert, "add_extension", ossl_x509_add_extension, 1); - rb_define_method(cX509Cert, "inspect", ossl_x509_inspect, 0); rb_define_method(cX509Cert, "==", ossl_x509_eq, 1); rb_define_method(cX509Cert, "tbs_bytes", ossl_x509_tbs_bytes, 0); } |