Closed ClearlyClaire closed 2 years ago
@ClearlyClaire now that we have updated openssl_signature_algorithm, would you mind adding OpenSSL 3 to our Appraisal and .github/workflows/test.yml
files so we can run it check cross compatibility?
Thank you
@bdewater I know you're waaaay more knowledgeable than me in this space. Would you mind taking a look and provide a higher quality code review?
@ClearlyClaire now that we have updated openssl_signature_algorithm, would you mind adding OpenSSL 3 to our Appraisal and
.github/workflows/test.yml
files so we can run it check cross compatibility?Thank you
Done.
I am currently out of the office, but a quick note in the mean time: manually creating ASN1 data structures was the same path I explored in https://github.com/cedarcode/cose-ruby/pull/55 so overall I have no concerns with that :)
I still feel this is something that should exist in the OpenSSL gem eventually - having everybody re-implement the same thing (like constant time string comparison until recent versions) is not good IMO.
PKey objects are immutable in OpenSSL 3.0, so the
to_pkey
methods had to be rewritten.Unfortunately, the
openssl
gem does not seem to provide a convenient way to build PKeys from individual parameters. Instead, this commits goes through ASN.1 representations of the keys, as suggested in https://github.com/ruby/openssl/issues/498#issuecomment-1065574184As is, the PR is incomplete because of the dependency to the
openssl-signature_algorithm
which is not yet compatible with OpenSSL 3.0 (see https://github.com/cedarcode/openssl-signature_algorithm/pull/5).