Permalink
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Browse files
Correctly verify abbreviated IPv6 SANs
IPv6 SAN-verification accommodates ["zero-compression"](https://tools.ietf.org/html/rfc5952#section-2.2). It also accommodates non-compressed addresses. Previously the verification of IPv6 addresses would fail unless the address syntax matched a specific format (no zero-compression, no leading zeroes). As an example, the IPv6 loopback address, if represented as `::1`, would not verify. Nor would it verify if represented as `0000:0000:0000:0000:0000:0000:0000:0001`; however, both representations are valid, RFC-compliant representations. The library would only accept a very specific representation (i.e. `0:0:0:0:0:0:0:1`). This commit addresses that shortcoming, and ensures that any valid IPv6 representation will correctly verify.
- Loading branch information
Showing
with
12 additions
and 6 deletions.
- +6 −5 lib/openssl/ssl.rb
- +1 −0 openssl.gemspec
- +5 −1 test/test_ssl.rb
@@ -17,6 +17,7 @@ Gem::Specification.new do |spec| | ||
|
||
spec.required_ruby_version = ">= 2.3.0" | ||
|
||
spec.add_runtime_dependency "ipaddr" | ||
This comment has been minimized.
This comment has been minimized.
cunnie
Author
Contributor
|
||
spec.add_development_dependency "rake" | ||
spec.add_development_dependency "rake-compiler" | ||
spec.add_development_dependency "test-unit", "~> 3.0" | ||
@cunnie why was this dependency added here? Why can't we rely on the stdlib one?