search

ruby / openssl

Provides SSL, TLS and general purpose cryptography.
Other
240 stars 163 forks source link

OpenSSL::ASN1::ObjectId#== raises for OIDs without a known name #791

Open segiddins opened 3 weeks ago

segiddins commented 3 weeks ago 
#!/usr/bin/env ruby

require "openssl"

oid = OpenSSL::ASN1::ObjectId.new("2.5.29.14")
pp oid
pp oid.long_name
pp oid.short_name
pp oid == oid

oid = OpenSSL::ASN1::ObjectId.new("1.3.6.1.4.1.57264.1.8")
pp oid
pp oid.long_name
pp oid.short_name
pp oid == oid

outputs

#<OpenSSL::ASN1::ObjectId:0x0000000103269748 @indefinite_length=false, @tag=6, @tag_class=:UNIVERSAL, @tagging=nil, @value="2.5.29.14">
"X509v3 Subject Key Identifier"
"subjectKeyIdentifier"
true
#<OpenSSL::ASN1::ObjectId:0x0000000103308e38 @indefinite_length=false, @tag=6, @tag_class=:UNIVERSAL, @tagging=nil, @value="1.3.6.1.4.1.57264.1.8">
nil
nil
[Untitled.rb:15](coderunner://Untitled.rb#(245,0)!):in `==': OBJ_txt2nid (OpenSSL::ASN1::ASN1Error)
    from Untitled.rb:15:in `<main>'

when I would expect both oids to compare equal. I am unsure why OBJ_txt2nid is being used instead of comparing the underlying oid value

on 3.2.0 OpenSSL 3.2.0 23 Nov 2023

rhenium commented 3 weeks ago

comparing the underlying oid value

It should be implemented this way (or by OBJ_cmp() on ASN1_OBJECT objects).

https://github.com/ruby/openssl/pull/792 will fix it.