Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add X509::Certificate#tbs_bytes #753

Merged
merged 1 commit into from
Jun 8, 2024
Merged

Add X509::Certificate#tbs_bytes #753

merged 1 commit into from
Jun 8, 2024

Conversation

segiddins
Copy link
Contributor

Ref #519

This makes verifying embedded certificate transparency signatures significantly easier, as otherwise the alternative was manipulating the ASN1 sequence, as in sigstore/sigstore-ruby@656d992

rhenium
rhenium reviewed May 2, 2024
View reviewed changes
Copy link
Member

@rhenium rhenium left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you for working on this!

ext/openssl/ossl_x509cert.c Outdated Show resolved Hide resolved
@rhenium rhenium added this to the v3.3.0 milestone May 6, 2024
rhenium
rhenium requested changes May 8, 2024
View reviewed changes
ext/openssl/ossl_x509cert.c Outdated Show resolved Hide resolved
ext/openssl/ossl_x509cert.c Outdated Show resolved Hide resolved
@rhenium
Copy link
Member

rhenium commented Jun 8, 2024

GitHub Actions is failing with LibreSSL 3.5.3 because the libressl? helper method wants 3 arguments (as LibreSSL doesn't employ semver). It was added in 3.5.0, according to the ChangeLog.

16) Error: test_tbs_precert_bytes(OpenSSL::TestX509Certificate): NoMethodError: undefined method `>=' for nil:NilClass
/home/runner/work/openssl/openssl/test/openssl/utils.rb:120:in `libressl?'
/home/runner/work/openssl/openssl/test/openssl/test_x509cert.rb:326:in `test_tbs_precert_bytes'
     323:   end
     324: 
     325:   def test_tbs_precert_bytes
  => 326:     pend "LibreSSL < 3.5 does not have i2d_re_X509_tbs" if libressl? && !libressl?(3, 5)
     327: 
     328:     cert = issue_cert(@ca, @rsa2048, 1, [], nil, nil)
     329:     seq = OpenSSL::ASN1.decode(cert.tbs_bytes)

Let me fix this locally.

@segiddins @rhenium
Add X509::Certificate#tbs_bytes
99128be 
Ref ruby#519

This makes verifying embedded certificate transparency signatures
significantly easier, as otherwise the alternative was manipulating the
ASN1 sequence, as in
sigstore/sigstore-ruby@656d992
@rhenium rhenium force-pushed the segiddins/add-x509-certificate-tbs_bytes branch from b8ea32d to 99128be Compare June 8, 2024 10:40
@rhenium rhenium merged commit ca630ee into ruby:master Jun 8, 2024
54 checks passed
@rhenium rhenium mentioned this pull request Jun 8, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@rhenium rhenium rhenium approved these changes

Assignees
No one assigned
Labels
None yet
Milestone
v3.3.0
Development

Successfully merging this pull request may close these issues.
2 participants
@segiddins @rhenium