Skip to content

Commit

Permalink
Provide distinguished name which will be correctly parsed.
Browse files Browse the repository at this point in the history
It seems that since ruby openssl 2.1.0 [[1]], the distinguished name
submitted to `OpenSSL::X509::Name.parse` is not correctly parsed if it
does not contain the first slash:

~~~
$ ruby -v
ruby 3.0.2p107 (2021-07-07 revision 0db68f0233) [x86_64-linux]

$ gem list | grep openssl
openssl (default: 2.2.0)

$ irb -r openssl
irb(main):001:0> OpenSSL::X509::Name.parse("CN=nobody/DC=example").to_s(OpenSSL::X509::Name::ONELINE)
=> "CN = nobody/DC=example"
irb(main):002:0> OpenSSL::X509::Name.parse("/CN=nobody/DC=example").to_s(OpenSSL::X509::Name::ONELINE)
=> "CN = nobody, DC = example"
~~~

Instead, use `OpenSSL::X509::Name.new` directly as suggested by upstream
maintainer.

[1]: ruby/openssl@19c67cd

Co-authored-by: Kazuki Yamaguchi <k@rhe.jp>
  • Loading branch information
2 people authored and deivid-rodriguez committed Dec 1, 2021
1 parent 8360ad0 commit 09ca0c2
Show file tree
Hide file tree
Showing 2 changed files with 5 additions and 4 deletions.
7 changes: 4 additions & 3 deletions lib/rubygems/security.rb
Original file line number Diff line number Diff line change
Expand Up @@ -510,9 +510,10 @@ def self.email_to_name(email_address)

dcs = dcs.split '.'

name = "CN=#{cn}/#{dcs.map {|dc| "DC=#{dc}" }.join '/'}"

OpenSSL::X509::Name.parse name
OpenSSL::X509::Name.new([
["CN", cn],
*dcs.map {|dc| ["DC", dc] },
])
end

##
Expand Down
2 changes: 1 addition & 1 deletion test/rubygems/test_gem_security.rb
Original file line number Diff line number Diff line change
Expand Up @@ -196,7 +196,7 @@ def test_class_reset

def test_class_sign
issuer = PUBLIC_CERT.subject
signee = OpenSSL::X509::Name.parse "/CN=signee/DC=example"
signee = OpenSSL::X509::Name.new([["CN", "signee"], ["DC", "example"]])

key = PRIVATE_KEY
cert = OpenSSL::X509::Certificate.new
Expand Down

0 comments on commit 09ca0c2

Please sign in to comment.