diff options
| author | Job Snijders <job@sobornost.net> | 2024-03-25 12:20:13 +0000 |
|---|---|---|
| committer | Hiroshi SHIBATA <hsbt@ruby-lang.org> | 2024-11-20 10:18:27 +0900 |
| commit | c78721f718d1004182b36a6610d32b1a158808be (patch) | |
| tree | 13c0f3089b17ef45695a3b9d14d265d4133d10ab /test/ruby/test_rubyoptions.rb | |
| parent | 068fb26c0862e10f892e89ad7b6bb31e548fde0c (diff) | |
[ruby/openssl] Only CSR version 1 (encoded as 0) is allowed by PKIX standards
RFC 2986, section 4.1 only defines version 1 for CSRs. This version
is encoded as a 0. Starting with OpenSSL 3.3, setting the CSR version
to anything but 1 fails.
Do not attempt to generate a CSR with invalid version (which now fails)
and invalidate the CSR in test_sign_and_verify_rsa_sha1 by changing its
subject rather than using an invalid version.
This commit fixes the following error.
```
2) Error: test_version(OpenSSL::TestX509Request): OpenSSL::X509::RequestError:
X509_REQ_set_version: passed invalid argument
/home/runner/work/openssl/openssl/test/openssl/test_x509req.rb:18:in `version='
/home/runner/work/openssl/openssl/test/openssl/test_x509req.rb:18:in `issue_csr'
/home/runner/work/openssl/openssl/test/openssl/test_x509req.rb:43:in
`test_version'
40: req = OpenSSL::X509::Request.new(req.to_der)
41: assert_equal(0, req.version)
42:
=> 43: req = issue_csr(1, @dn, @rsa1024, OpenSSL::Digest.new('SHA256'))
44: assert_equal(1, req.version)
45: req = OpenSSL::X509::Request.new(req.to_der)
46: assert_equal(1, req.version)
```
https://github.com/ruby/openssl/commit/c06fdeb091
Diffstat (limited to 'test/ruby/test_rubyoptions.rb')
0 files changed, 0 insertions, 0 deletions