search

ruby / openssl

Provides SSL, TLS and general purpose cryptography.
Other
240 stars 167 forks source link

Only CSR version 1 (encoded as 0) is allowed by PKIX standards #747

Closed botovq closed 7 months ago

botovq commented 7 months ago

Fixes #734

junaruga commented 7 months ago

@botovq Thank you for the PR. Though I don't understand the content of this PR, could you add the following kind of the text in this PR's commit message? It's like https://github.com/ruby/openssl/commit/2e826d571546cdc3beaa884f9e522a102d531641. The text is helpful for us to notice that we need to backport this PR's commit when seeing the error on the Rubies of the master or stable branches in the ruby/ruby.

This commit fixes the following error.

 2) Error: test_version(OpenSSL::TestX509Request): OpenSSL::X509::RequestError: X509_REQ_set_version: passed invalid argument
/home/runner/work/openssl/openssl/test/openssl/test_x509req.rb:18:in `version='
/home/runner/work/openssl/openssl/test/openssl/test_x509req.rb:18:in `issue_csr'
/home/runner/work/openssl/openssl/test/openssl/test_x509req.rb:43:in `test_version'
     40:     req = OpenSSL::X509::Request.new(req.to_der)
     41:     assert_equal(0, req.version)
     42: 
  => 43:     req = issue_csr(1, @dn, @rsa1024, OpenSSL::Digest.new('SHA256'))
     44:     assert_equal(1, req.version)
     45:     req = OpenSSL::X509::Request.new(req.to_der)
     46:     assert_equal(1, req.version)
botovq commented 7 months ago

Sure. I expanded the commit message a bit.

rhenium commented 7 months ago

Looks good to me. Thank you for the PR!