Closed santiagorodriguez96 closed 5 months ago
This makes me wonder: should we test against the different versions of the OpenSSL gem? How hard would that be? 🤔
This changed in OpenSSL 3.2, see https://github.com/openssl/openssl/pull/19271. I see two possible ways to fix this:
X509_sign
mentions "If the certificate information includes X.509 extensions, these two functions make sure that the certificate bears X.509 version 3." so we could try not adding extensions in the test.This changed in OpenSSL 3.2, see openssl/openssl#19271
Hmm that's weird – it's failing for me in OpenSSL 3.0 (you can see that in the description) 🙃
- manpage for X509_sign mentions "If the certificate information includes X.509 extensions, these two functions make sure that the certificate bears X.509 version 3." so we could try not adding extensions in the test.
- since the check is done in Ruby a stub might also work?
That makes sense, I was thinking on stubbing but the extensions approach seems worth trying 👀
Seems like the test does not fail with OpenSSL 3.0 in ubuntu
:
https://github.com/santiagorodriguez96/webauthn-ruby/actions/runs/7673777484/job/20917106286?pr=1
Some specs are failing for me when using OpenSSL library v3:
Digging around a little, it seems that the issue is that we set up the certificate to have an invalid version (version is
1
) but the certificate is later signed which, in newer versions of OpenSSL, updates the version to a valid one (version changes to be2
).This does not happen when using OpenSSL v1 – that's the reason why in the CI the specs do not fail, as the Rubies installed by
setup/ruby
come with said version of OpenSSL: