-
-
Notifications
You must be signed in to change notification settings - Fork 2k
Conversation
RubyGems seems to be full of legacy certs, we should clean them up sometime.
subdirectory structure for ssl certs
Added a commit to this that should fix the broken specs via changing them to expect the new subdirectory structure for ssl certs. |
@RochesterinNYC aha! thank you. :) @homu r+ |
📌 Commit 3ad737d has been approved by |
⚡ Test exempted - status |
Update HTTPS certificates Remove the certs we don't need, add the new cert for index.rubygems.org, and stop checking for equality with RubyGems certs because they're out of date now.
Organize and cleanup SSL certs /cc @indirect - Related to rubygems/bundler#4380
@indirect what is the mapping basis between the directories and certs? As in, what decides which cert goes into which directory (i.e Asking this because I need to create a PR to update this |
@RochesterinNYC I used each cert to validate an HTTPS session to each domain, and put the cert that actually worked into the directory named after that domain. 😅 |
It seems like the RubyGems script is certs that aren't needed—we don't need to save the certs that are returned by the server, we need to save the root cert that makes it possible to trust all the certs that are returned by the server. |
…cript, r=segiddins Update `update_bundled_ca_certificates` utility script for directory nesting - Also updates the ssl certs with the minimum certs needed and nests them in directories named for the hosts they can authenticate against. The arrangement of the certs changed/occurred because the ssl certs in Rubygems were modeled after the ssl cert arrangement in Bundler. However, this arrangement was produced through manual testing and configured/arranged in rubygems/bundler#4380 instead of programmatically. I'm unsure how I would go about writing or updating the `update_bundled_ca_certificates` script in a way that could reproduce this current manual arrangement. Hence, this PR includes a commit for rearranging of the ssl certs based off the programmatic utility script (instead of a manual process). - Related to discussion at #1555 cc: @segiddins @indirect
…bygems, r=segiddins Update Bundler ssl certs to match updated Rubygems ssl certs/structure This PR should only be merged if and after rubygems/rubygems#1583 is merged. Reasoning behind the PR is originally stated there but is as follows: The current arrangement of the ssl certs for Bundler (and Rubygems) was produced through manual testing and configured/arranged in #4380 instead of programmatically. rubygems/rubygems#1583 updates the Rubygems util script for updating the ssl certs to programmatically write the certs to the appropriate nested directories. This PR ensures Bundler's certs match Rubygems' after they are programmatically generated/arranged instead of manually.
Remove the certs we don't need, add the new cert for index.rubygems.org, and stop checking for equality with RubyGems certs because they're out of date now.