rhenium
commented
5 months ago GitHub Actions is failing with LibreSSL 3.5.3 because the libressl? helper method wants 3 arguments (as LibreSSL doesn't employ semver). It was added in 3.5.0, according to the ChangeLog.
16) Error: test_tbs_precert_bytes(OpenSSL::TestX509Certificate): NoMethodError: undefined method `>=' for nil:NilClass
/home/runner/work/openssl/openssl/test/openssl/utils.rb:120:in `libressl?'
/home/runner/work/openssl/openssl/test/openssl/test_x509cert.rb:326:in `test_tbs_precert_bytes'
323: end
324:
325: def test_tbs_precert_bytes
=> 326: pend "LibreSSL < 3.5 does not have i2d_re_X509_tbs" if libressl? && !libressl?(3, 5)
327:
328: cert = issue_cert(@ca, @rsa2048, 1, [], nil, nil)
329: seq = OpenSSL::ASN1.decode(cert.tbs_bytes)Let me fix this locally.
Ref https://github.com/ruby/openssl/issues/519
This makes verifying embedded certificate transparency signatures significantly easier, as otherwise the alternative was manipulating the ASN1 sequence, as in https://github.com/segiddins/sigstore-cosign-verify/pull/2/commits/656d992fa816613fd9936f53ce30972c2f2f4957