Skip to content

Revert add_certificate_chain_file changes #320

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 9 commits into from
Feb 15, 2020
Merged

Revert add_certificate_chain_file changes #320

merged 9 commits into from
Feb 15, 2020

Conversation

@hsbt
Copy link
Member

@hsbt hsbt commented Feb 15, 2020

Unfortunately, add_certificate_chain_file changes were broken with vs2015 to vs2019 environments. I revert all of the related commits for releasing 2.2.0.

@ioquatix
Copy link
Member

ioquatix commented Feb 15, 2020

Why can’t we fix the issues? Because this is important use case.

@hsbt
Copy link
Member Author

hsbt commented Feb 15, 2020

If you did fix it with mswin environment, We can ship this feature.

You should care about all of the supported platforms before merge pull-request.

@hsbt
Copy link
Member Author

hsbt commented Feb 15, 2020

see https://ci.appveyor.com/project/ruby/ruby/builds/30800453/job/90f06gokx4q8th81

@hsbt hsbt mentioned this pull request Feb 15, 2020
Merged
@ioquatix
Copy link
Member

ioquatix commented Feb 15, 2020

You should care about all of the supported platforms before merge pull-request.

Completely agree. This PR was passing all tests at the time, so our test coverage in this repository is obviously not good enough. I'll see what I can do.

@hsbt hsbt mentioned this pull request Feb 15, 2020
Closed
@MSP-Greg
Copy link
Contributor

MSP-Greg commented Feb 15, 2020

@hsbt @ioquatix

Sometimes a problem cannot be associated with a particular 'space' in an organization, and hence, the blame falls on the whole organization.

Re this problem, in the past, I don't think any repos were tested against a Ruby mswin build. It wasn't needed back when the stdlib was integrated in Ruby. Now that much of it is separate (thanks to a lot of work by hsbt), that need exists.

The organization/community adapted, and now that CI is being done.

hsbt added 9 commits February 16, 2020 07:15
@hsbt
Revert "fix an incorrect method name"
2de031c 
This reverts commit 0da0dfa.
@hsbt
Revert "fix comment; Example"
304f0f6 
This reverts commit 8d12f0f.
@hsbt
Revert "rm GC.disable && add {certs,pkey}.unlink"
88da78a 
This reverts commit 49f42ad.
@hsbt
Revert "add X509_free and EVP_PKEY_free"
1c6373c 
This reverts commit 5ee295a.
@hsbt
Revert "check with EVP_PKEY_cmp in advance"
fd7b4f3 
This reverts commit 8b4fa5e.
@hsbt
Revert "modify ossl_sslctx_add_certificate_chain_file() to raise Erro…
caffcd4 
…r and to return self"

This reverts commit 443d13e.
@hsbt
Revert "modify test_add_certificate_chain_file to check ssl.peer_cert…
0dc8c7a 
… and ssl.peer_cert_chain"

This reverts commit 5d86603.
@hsbt
Revert "add pkey_path argument to ossl_sslctx_add_certificate_chain_f…
5af27fd 
…ile()"

This reverts commit f18559a.
@hsbt
Drop the entry for SSLContext#add_certificate_chain_file
36af4c0
@hsbt hsbt force-pushed the revert-certificate_chain_file branch from f82852b to 36af4c0 Compare February 15, 2020 22:15
@hsbt hsbt merged commit 23b0704 into master Feb 15, 2020
@hsbt hsbt deleted the revert-certificate_chain_file branch February 15, 2020 22:34
hsbt added a commit that referenced this pull request Feb 15, 2020
@hsbt
Revert "Revert add_certificate_chain_file changes (#320)"
74bbe0f 
This reverts commit 23b0704.
@ioquatix
Copy link
Member

ioquatix commented Feb 16, 2020

I think it was not a good idea to merge this... the correct solution should be to find out why Windows is failing and fix that. Because now the history is very messy and in order to move forward we do actually need to fix this.

@jdhollis
Copy link
Contributor

jdhollis commented Feb 17, 2020

If the original commit breaks the build, then reverting until it can be fixed seems right to me—failing commits don't belong in master. In the meantime, there's a lot of good changes ready to ship.

@rhenium rhenium mentioned this pull request May 10, 2020
Closed
rhenium added a commit to rhenium/ruby-openssl that referenced this pull request May 13, 2020
@rhenium
ssl: temporarily remove SSLContext#add_certificate_chain_file
ea92561 
Let's revert the changes for now, as it cannot be included in the 2.2.0
release.

My comment on ruby#257:

> A blocker is OpenSSL::SSL::SSLContext#add_certificate_chain_file. It
> has a pending change and I don't want to include it in an incomplete
> state.
>
> The initial implementation in commit 46e4bdb was not really
> useful. The issue is described in ruby#305. ruby#309 extended it
> to take the corresponding private key together. However, the new
> implementation was incompatible on Windows and was reverted by ruby#320 to
> the initial one.
>
> (The prerequisite to implement it in) an alternative way is ruby#288, and
> it's still cooking.

This effectively reverts the following commits:

 - dacd089 ("ssl: suppress test failure with SSLContext#add_certificate_chain_file", 2020-03-09)
 - 46e4bdb ("Add support for SSL_CTX_use_certificate_chain_file. Fixes ruby#254.", 2019-06-13)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@hsbt @ioquatix @MSP-Greg @jdhollis