Closed vtamara closed 1 year ago
These should all be non-serious failures, showing that the size of the embedded digital signature is not what was expected.
This might be due to different OpenSSL versions. Did you install the latest openssl
Rubygem? And which version of openssl are you using?
Thank you.
gem openssl: 3.1.0 Ruby: 3.2 OS: adJ/OpenBSD 7.2b1 openssl used by ruby : LibreSSL 3.6.0
Thanks! My guess is that LibreSSL does a few things differently and includes other data in the generated PCKS#7 structures. I will adjust the tests so that this difference isn't an issue.
The next version of HexaPDF won't use OpenSSL for creating the CMS signed data binary object anymore and I have adjusted the test code to be more forgiving in terms of changes it.
@vtamara I have pushed the latest changes including the fix to the devel branch. Please let me know if that branch now passes all the tests.
Thank you. After updating and running rake test
it fails only in one test:
Finished in 8.572258s, 342.8502 runs/s, 3705.5581 assertions/s.
1) Failure:
HexaPDF::DigitalSignature::Signing::DefaultHandler::sign#test_0001_can sign the data using PKCS7 [/home/vtamara/comp/ruby/hexapdf/test/hexapdf/digital_signature
/signing/test_default_handler.rb:57]:
Expected false
to be truthy.
2939 runs, 31765 assertions, 1 failures, 0 errors, 1 skips
Thanks for getting back to me!
I'm not sure why it fails there but I'm guessing there is a difference in the verification implementation between OpenSSL and LibreSSL. I will have to see if I can compile Ruby to use libressl instead of openssl to find the difference.
@vtamara I looked at the error and it seems that libressl thinks that the (manually) created PKCS#7/CMS structure is not a detached signature. As far as I can determine, however, it is a detached signature.
@vtamara I will close this issue since HexaPDF with OpenSSL works fine.
Hi, thank you for hexapdf.
After setting up a development environment on OpenBSD/adJ 7.2 on a amd64, doing
rake test
passes almost all the tests except 6: