X509Cert.set_serial breaks for Certificate SerialNumbers with MSB=1 #823

Closed
sclasen opened this Issue Jun 24, 2013 · 7 comments

Projects

None yet

3 participants

@sclasen
Contributor
sclasen commented Jun 24, 2013

This was posted 2 years ago on the jruby-ossl repo, but that looks like the wrong place

See jruby/jruby-ossl#7

 Java::JavaLang::IllegalArgumentException:
       serial number must be a positive integer
     # org.bouncycastle.x509.X509V3CertificateGenerator.setSerialNumber(Unknown Source)
     # org.jruby.ext.openssl.X509Cert.set_serial(X509Cert.java:304)
     # org.jruby.ext.openssl.X509Cert.initialize(X509Cert.java:167)
@sclasen
Contributor
sclasen commented Jun 24, 2013

BTW I am seeing this on JRuby 1.7.4

@headius
Member
headius commented Jun 24, 2013

You are correct; issues should be filed here (for now... we may move code back).

The patch for this provided in jruby/jruby-ossl#7 is as follows (based on current JRuby master):

diff --git a/src/org/jruby/ext/openssl/X509Cert.java b/src/org/jruby/ext/openssl/X509Cert.java
index d147ec4..f681b71 100644
--- a/src/org/jruby/ext/openssl/X509Cert.java
+++ b/src/org/jruby/ext/openssl/X509Cert.java
@@ -301,7 +301,7 @@ public class X509Cert extends RubyObject {
         } else {
             bi = new BigInteger(s);
         }
-        generator.setSerialNumber(bi);
+        generator.setSerialNumber(new BigInteger(1, bi.toByteArray()));
         return num;
     }

Do you have a way to test this patch from your end? I am not an expert in this code, so I'm reluctant to just change it...but if it's erroring for any "negative" serial numbers right now, this seems like it can only be a net win.

@sclasen
Contributor
sclasen commented Jun 24, 2013

Let me give it a shot. Is there a quick way to tell ruby-build/rbenv to use a local build?

@headius
Member
headius commented Jun 24, 2013

I don't know how make anything but rvm use a local build, unfortunately.

Feel free to toss this into a PR if it looks good on your end!

@headius headius pushed a commit that closed this issue Jun 24, 2013
@sclasen sclasen fix #823 b79bb74
@headius headius closed this in b79bb74 Jun 24, 2013
@headius
Member
headius commented Jun 24, 2013

We could perhaps spin a release of jruby-openssl for this. @sclasen: I assume you're running JRuby 1.7.x?

@sclasen
Contributor
sclasen commented Jun 24, 2013

Yep, Im on 1.7.4

On Mon, Jun 24, 2013 at 3:44 PM, Charles Oliver Nutter <
notifications@github.com> wrote:

We could perhaps spin a release of jruby-openssl for this. @sclasenhttps://github.com/sclasen:
I assume you're running JRuby 1.7.x?


Reply to this email directly or view it on GitHubhttps://github.com/jruby/jruby/issues/823#issuecomment-19941461
.

@delwaterman

seeing this in jruby 9.0.5.0 (2.2.3) 2016-01-26 7bee00d Java HotSpot(TM) 64-Bit Server VM 25.74-b02 on 1.8.0_74-b02 +jit [darwin-x86_64]

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment