Add Marshal support to X509 objects #281
Conversation
bdewater
force-pushed
the
marshal-x509
branch
from
7216457
to
4d3e8de
Compare
|
Rather than tacking the specs onto existing ones, do you think it would be a good idea to make them separate? I don't really mind, just back at you - what do you think? |
bdewater
force-pushed
the
marshal-x509
branch
from
4d3e8de
to
ac90cbf
Compare
|
You're right, that is cleaner (and was a bit lazy on my part). Changed it! |
|
I only have one other question. Is it canonical to use two separate modules to do this? Are there any other examples of Ruby code which do the same thing? |
test/test_x509req.rb
Outdated
| @@ -151,6 +151,11 @@ def test_eq | |||
| assert_equal false, req1 == req3 | |||
| end | |||
|
|
|||
| def test_marshal | |||
| req = issue_csr(0, @dn, @rsa1024, "sha256") | |||
| assert_equal req, Marshal.load(Marshal.dump(req)) | |||
There was a problem hiding this comment.
Most tests are only testing that dump and load are reverse operations.
Would it help to have a test actually testing that it dumps to a string?
If not, you would have green tests by changing the implementation to anything that keeps operations reverse, like both being the "identity" operation e.g., right?
There was a problem hiding this comment.
Would it help to have a test actually testing that it dumps to a string?
Maybe I'm misunderstanding but I don't think we really care about the intermediate format, but more about the fact that the deserialized object is equal to the one we had before serializing it. The current way relies on the equality tests covering that, but I can add some of that to the marshal tests as an extra sanity check.
module Marshal
def self.included(base)
base.extend(ClassMethods)
end
module ClassMethods
def _load(string)
new(string)
end
end
def _dump(_level)
to_der
end
end |
bdewater
force-pushed
the
marshal-x509
branch
from
ac90cbf
to
44e75e6
Compare
|
Addressed both bits of feedback. |
bdewater
force-pushed
the
marshal-x509
branch
from
44e75e6
to
983a66e
Compare
This allows for example to use Rails' cache to store these objects. Without this patch you'd get errors like "TypeError (no _dump_data is defined for class OpenSSL::X509::Certificate)" Note that the X509::Revoked class doesn't need the newly introduced modules as the DER output of X509::CRL already includes these.
bdewater
force-pushed
the
marshal-x509
branch
from
983a66e
to
add0509
Compare
|
Is there a way to tell which Ruby versions have a given OpenSSL PR like this one? |
#4532) In 3f9c4bf the Redis connection options began to be cloned (via dumping and re-marshalling) to avoid issues with password redaction in logging altering the connection options and breaking authentication with Sentinels. Unfortunately, this change caused an exception on boot for users of Redis over SSL. The `OpenSSL::X509::Store` object used for SSL certs is not yet dumpable in the bundled OpenSSL wrapper for current Rubies (although it does in master as of ruby/openssl#281). The fix here prunes the `ssl_params` options out of the Redis configuration options before the dumping and marshalling. It's probably better not to include those in logging anyway for privacy purposes. Fix #4531
|
Thanks, do things like PKeys also marshal?
… On Apr 18, 2020, at 14:54, Bart de Water ***@***.***> wrote:
@mperham this is in 2.8.0 trunk AFAIK, gem version 2.2.0 hasn't been released yet. I think a defined?(OpenSSL::X509::Marshal) ought to do the trick so you're not dependant on a version number?
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub, or unsubscribe.
|
|
Not right now. |
This allows for example to use Rails' cache to store these objects. Without this patch you'd get errors like
TypeError (no _dump_data is defined for class OpenSSL::X509::Certificate).Note that the X509::Revoked class doesn't need the newly introduced modules as the DER output of X509::CRL already includes these.
https://ruby-doc.org/core-2.6.5/Marshal.html