Title: Multiple certificates with the same subjectdn is still buggy · Issue #314 · jruby/jruby-openssl · GitHub
Open Graph Title: Multiple certificates with the same subjectdn is still buggy · Issue #314 · jruby/jruby-openssl
X Title: Multiple certificates with the same subjectdn is still buggy · Issue #314 · jruby/jruby-openssl
Description: If multiple certificates with the same subjectdn are added to the store and used to verify, this can still fail based on the order they were placed in the store. I tried to fix this in #198. Here is a change to one of the jruby_openssl t...
Open Graph Description: If multiple certificates with the same subjectdn are added to the store and used to verify, this can still fail based on the order they were placed in the store. I tried to fix this in #198. Here i...
X Description: If multiple certificates with the same subjectdn are added to the store and used to verify, this can still fail based on the order they were placed in the store. I tried to fix this in #198. Here i...
Opengraph URL: https://github.com/jruby/jruby-openssl/issues/314
X: @github
Domain: patch-diff.githubusercontent.com
{"@context":"https://schema.org","@type":"DiscussionForumPosting","headline":"Multiple certificates with the same subjectdn is still buggy","articleBody":"If multiple certificates with the same subjectdn are added to the store and used to verify, this can still fail based on the order they were placed in the store. I tried to fix this in https://github.com/jruby/jruby-openssl/pull/198.\r\n\r\nHere is a change to one of the jruby_openssl test cases (/jruby-openssl/src/test/ruby/x509/test_x509store.rb:424:in `test_verify_same_subject_ca'\r\n) that will reproduce the error:\r\n\r\n```\r\n--- a/src/test/ruby/x509/test_x509store.rb\r\n+++ b/src/test/ruby/x509/test_x509store.rb\r\n@@ -411,10 +411,10 @@ class TestX509Store \u003c TestCase\r\n ee4_cert = issue_cert(@ee4, @dsa2, 20, ee_exts, ca4_cert, @rsa4, not_before: now - 60, not_after: now + 1800)\r\n\r\n cert_store = OpenSSL::X509::Store.new\r\n- cert_store.add_cert ca1_cert\r\n- cert_store.add_cert ca2_cert\r\n- cert_store.add_cert ca3_cert\r\n cert_store.add_cert ca4_cert\r\n+ cert_store.add_cert ca3_cert\r\n+ cert_store.add_cert ca2_cert\r\n+ cert_store.add_cert ca1_cert\r\n\r\n ok = cert_store.verify(ee1_cert)\r\n assert_equal 'certificate signature failure', cert_store.error_string\r\n````\r\n\r\nI just reversed the order in which the ca certificates are added to the store and the test will fail.","author":{"url":"https://github.com/jpsikorra","@type":"Person","name":"jpsikorra"},"datePublished":"2024-09-05T09:19:04.000Z","interactionStatistic":{"@type":"InteractionCounter","interactionType":"https://schema.org/CommentAction","userInteractionCount":0},"url":"https://github.com/314/jruby-openssl/issues/314"}| route-pattern | /_view_fragments/issues/show/:user_id/:repository/:id/issue_layout(.:format) |
| route-controller | voltron_issues_fragments |
| route-action | issue_layout |
| fetch-nonce | v2:a51323b2-8393-c2b7-652a-a5a691067f0d |
| current-catalog-service-hash | 81bb79d38c15960b92d99bca9288a9108c7a47b18f2423d0f6438c5b7bcd2114 |
| request-id | 8172:132A0E:83E804F:B000FB0:696E08EB |
| html-safe-nonce | ba5fee61a0151eb4255eefa1ebbbdb6de73d4cba46ab7c551da276ed4ba29962 |
| visitor-payload | eyJyZWZlcnJlciI6IiIsInJlcXVlc3RfaWQiOiI4MTcyOjEzMkEwRTo4M0U4MDRGOkIwMDBGQjA6Njk2RTA4RUIiLCJ2aXNpdG9yX2lkIjoiNTU4NzAwMTUzODk2MjY1NTQ2NyIsInJlZ2lvbl9lZGdlIjoiaWFkIiwicmVnaW9uX3JlbmRlciI6ImlhZCJ9 |
| visitor-hmac | dceb520d031967c9fa59e88425fe29f81dfbe5668b0638967f931fb1a30c81d3 |
| hovercard-subject-tag | issue:2507242062 |
| github-keyboard-shortcuts | repository,issues,copilot |
| google-site-verification | Apib7-x98H0j5cPqHWwSMm6dNU4GmODRoqxLiDzdx9I |
| octolytics-url | https://collector.github.com/github/collect |
| analytics-location | / |
| fb:app_id | 1401488693436528 |
| apple-itunes-app | app-id=1477376905, app-argument=https://github.com/_view_fragments/issues/show/jruby/jruby-openssl/314/issue_layout |
| twitter:image | https://opengraph.githubassets.com/36fc1a6b28e517d6ff132821134309a685f6e84eba55c3772e53536ed9e0a3ba/jruby/jruby-openssl/issues/314 |
| twitter:card | summary_large_image |
| og:image | https://opengraph.githubassets.com/36fc1a6b28e517d6ff132821134309a685f6e84eba55c3772e53536ed9e0a3ba/jruby/jruby-openssl/issues/314 |
| og:image:alt | If multiple certificates with the same subjectdn are added to the store and used to verify, this can still fail based on the order they were placed in the store. I tried to fix this in #198. Here i... |
| og:image:width | 1200 |
| og:image:height | 600 |
| og:site_name | GitHub |
| og:type | object |
| og:author:username | jpsikorra |
| hostname | github.com |
| expected-hostname | github.com |
| None | 0b1760aa20e1a810eba6245d04e3885be7363dfe08d08b61f605c852359472e0 |
| turbo-cache-control | no-preview |
| go-import | github.com/jruby/jruby-openssl git https://github.com/jruby/jruby-openssl.git |
| octolytics-dimension-user_id | 55687 |
| octolytics-dimension-user_login | jruby |
| octolytics-dimension-repository_id | 722201 |
| octolytics-dimension-repository_nwo | jruby/jruby-openssl |
| octolytics-dimension-repository_public | true |
| octolytics-dimension-repository_is_fork | false |
| octolytics-dimension-repository_network_root_id | 722201 |
| octolytics-dimension-repository_network_root_nwo | jruby/jruby-openssl |
| turbo-body-classes | logged-out env-production page-responsive |
| disable-turbo | false |
| browser-stats-url | https://api.github.com/_private/browser/stats |
| browser-errors-url | https://api.github.com/_private/browser/errors |
| release | 84090305cd10c2b140bf307f69f57f0892b4f215 |
| ui-target | full |
| theme-color | #1e2327 |
| color-scheme | light dark |
Links:
Viewport: width=device-width