The CRL file may be issued by a CA that uses EC key pair. Validating peer certificates (of any key type) against CRL from this kind of CA currently fails.
The problem is that jruby-openssl currently cannot verify the CRL file if it is signed with EC public key. The execution will end up in the default branch here, which fails when the key type is not RSA
The CRL file may be issued by a CA that uses EC key pair. Validating peer certificates (of any key type) against CRL from this kind of CA currently fails.
The problem is that jruby-openssl currently cannot verify the CRL file if it is signed with EC public key. The execution will end up in the default branch here, which fails when the key type is not RSA
https://github.com/jruby/jruby-openssl/blob/94aa9f466381f933078a014c3cf96675372836fa/src/main/java/org/jruby/ext/openssl/SecurityHelper.java#L613-L618