-
Notifications
You must be signed in to change notification settings - Fork 167
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Certificate.new vs Certificate.new(string) #519
Comments
If I understand correctly, the cause of this is what is described here:
cert = OpenSSL::X509::Certificate.new(ARGF.read)
der, pem, text = cert.to_der, cert.to_pem, cert.to_text
cert.serial += 1
p der == cert.to_der # => true
p pem == cert.to_pem # => true
p text == cert.to_text # => false This let me confused. It would be nice to have a method to call https://www.openssl.org/docs/man3.0/man3/i2d_re_X509_tbs.html
|
I agree with your analysis. It's also confusing since the behavior is inconsistent between types, e.g.,
Invalidating cache seems like a side effect, but I think we can add something like |
Thank you.
Thanks for the information.
It sounds reasonable to me. And for example, in the case of X509 Certificate, the Currently |
Ref ruby#519 This makes verifying embedded certificate transparency signatures significantly easier, as otherwise the alternative was manipulating the ASN1 sequence, as in sigstore/sigstore-ruby@656d992
Ref ruby#519 This makes verifying embedded certificate transparency signatures significantly easier, as otherwise the alternative was manipulating the ASN1 sequence, as in sigstore/sigstore-ruby@656d992
Ref ruby/openssl#519 This makes verifying embedded certificate transparency signatures significantly easier, as otherwise the alternative was manipulating the ASN1 sequence, as in sigstore/sigstore-ruby@656d992 ruby/openssl@99128bea5d
This has been fixed in OpenSSL (independently) in openssl/openssl#19271 which I think went to OpenSSL 3.2.0. Also, #753 added |
I'm wondering this is why? Confirmed with:
ruby 3.2.0dev (2022-06-10T01:10:27Z master e75cb61d46) [x86_64-linux]
3.0.0
OpenSSL 3.1.0-dev
OpenSSL 1.1.1n 15 Mar 2022
LibreSSL 3.5.2
The text was updated successfully, but these errors were encountered: