Skip to content
Library packaging and distribution for Ruby.
Latest commit c20b1e7 May 25, 2016 @homu homu Auto merge of #1611 - rhenium:topic/regenerate-test-certificates, r=s…

Regenerate test CA certificates with appropriate extensions

# Description:

The upcoming OpenSSL 1.1.0 release[1] will break rubygems tests. Ruby trunk doesn't yet include OpenSSL 1.1.0 support, but it will be merged soon[2].



Fix util/create_certs.rb and regenerate test certificates located under test/rubygems with it.

According to RFC 5280[1], a CA certificate must include the basic constraints extension with cA bit set to TRUE. However the test certificates in test/rubygems, generated by util/create_certs.rb script, don't include the extension. The current versions (<= 1.0.2) of OpenSSL allow the error for trusted certificates, but OpenSSL 1.1.0 no longer allows it[2].

This patch also adds other extensions, such as key usage, subject key identifier and authority key identifier. It looks like OpenSSL doesn't actually require them, but the RFC[1] says they must be included, and adding them shouldn't be harm.


Note: The script also regenerates the private keys. To regenerate only certificates, I used this tweak:

diff --git a/util/create_certs.rb b/util/create_certs.rb
index 516924f..313a724 100644
--- a/util/create_certs.rb
+++ b/util/create_certs.rb
@@ -83,7 +83,7 @@ class CertificateBuilder
     keys = {}

     names.each do |name|
-      keys[name] = create_key
+      keys[name] ="test/rubygems/#{name}_key.pem")



I will abide by the [code of conduct](
Failed to load latest commit information.
.github Correct spelling of environment in Issue template Apr 25, 2016
bin Revert "+ Introduce a deprecate_quiet that respects $VERBOSE. Use in … May 31, 2011
hide_lib_for_update Ensure hide_lib_for_update appears in tarfiles Feb 10, 2010
lib Auto merge of #1576 - copiousfreetime:fully-remove-extensions-on-rein… May 22, 2016
test/rubygems Auto merge of #1611 - rhenium:topic/regenerate-test-certificates, r=s… May 25, 2016
util Regenerate test CA certificates with appropriate extensions May 10, 2016
.autotest Fix autotest matching Jan 21, 2014
.document Fix .document for RDoc/hoe Jun 22, 2009
.gitignore You should not have .gemspec lying around May 22, 2014
.travis.yml [Travis] Install rake 10.x Mar 11, 2016 Add the Contributor Covenant CoC Aug 18, 2015
CONTRIBUTING.rdoc Fix one typo in CONTRIBUTING.rdoc May 25, 2016
CVE-2013-4287.txt Improve wording in CVE-2013-4287 Sep 9, 2013
CVE-2013-4363.txt Fix CVE-2013-4363, remove regexp backtracking Sep 24, 2013
CVE-2015-3900.txt Fix version number affected May 14, 2015
History.txt Version 2.6.4 with updated history Apr 26, 2016
LICENSE.txt Remove reference to missing LICENSE file Jan 15, 2012
MAINTAINERS.txt isn't actually markdown. Mar 30, 2016
MIT.txt Update MIT credits for near-identical bundler code Nov 13, 2013
Manifest.txt Auto merge of #1583 - RochesterinNYC:update-bundled-ca-certificates-s… May 4, 2016
POLICIES.rdoc Merge pull request #1518 from segiddins/seg-policies-prs Mar 27, 2016
README.rdoc Made Setup instructions more intuitive. Feb 19, 2016
Rakefile skip uploading duplicate .gem file Mar 13, 2016
UPGRADING.rdoc Update UPGRADING to mention the 1.5.1 and 1.5.2 breakage Feb 10, 2011
appveyor.yml Set TEST_SSL instead of TRAVIS. May 21, 2016
setup.rb Support running with frozen string literals Jan 30, 2016










RubyGems is a package management framework for Ruby.

This gem is an update for the RubyGems software. You must have an installation of RubyGems before this update can be applied.

See Gem for information on RubyGems (or `ri Gem`)

To upgrade to the latest RubyGems, run:

$ gem update --system  # you might need to be an administrator or root

See UPGRADING.rdoc for more details and alternative instructions.

If you don't have RubyGems installed, you can still do it manually:

  • Download from:, unpack, and cd there

  • OR clone this repository and cd there

  • Install with: ruby setup.rb # you may need admin/root privilege

For more details and other options, see:

ruby setup.rb --help


Support Requests

Are you unsure of how to use RubyGems? Do you think you've found a bug and you're not sure? If that is the case, the best place for you is to file a support request at

Filing Tickets

Got a bug and you're not sure? You're sure you have a bug, but don't know what to do next? In any case, let us know about it! The best place for letting the RubyGems team know about bugs or problems you're having is on the RubyGems issues page at GitHub.

Bundler Compatibility

See for known issues.

Something went wrong with that request. Please try again.