Bugs item #5995, was opened at 2006-10-02 15:16
You can respond by visiting: 
http://rubyforge.org/tracker/?func=detail&atid=1698&aid=5995&group_id=426

Category: Standard Library
Group: None
Status: Closed
Resolution: Rejected
Priority: 3
Submitted By: M B (mrbright)
Assigned to: Technorama Ltd. (technorama)
Summary: OpenSSL::X509::Certificate.new is broken in the 1.8.5 libraries

Initial Comment:
Applying the following code in the 1.8.4 instance works, however in the 1.8.5 instance it will fail with: Not enough data (CertificateError) error.

out=<path to der file, or pem file>
cert=OpenSSL::X509::Certificate.new(File.read(out)) if out && FileTest::file?(out)
  

----------------------------------------------------------------------

>Comment By: M B (mrbright)
Date: 2007-04-19 07:47

Message:
I apologize for not responding more quickly.  I do not have
the certificates in question as someone previously
requested, however, I am pretty sure that I did NOT have the
not_before and not_after fields defined, however, I cannot
be assured of that.

If this is in fact the problem, why NOT support certificates
with the not_before and not_after fields defined?

Thanks

----------------------------------------------------------------------

Comment By: Technorama Ltd. (technorama)
Date: 2007-04-05 18:19

Message:
It wouldn't suprise me if the change in behaviour is from a different openssl version.

It would be very helpful to have some information on the certificate itself.  Please post the results of the following command and the openssl version on each machine.

openssl x509 -in cert.pem -noout -text

If there is any information that you feel is confidential you can replace it with ***.


----------------------------------------------------------------------

Comment By: Technorama Ltd. (technorama)
Date: 2007-04-05 15:46

Message:
It wouldn't suprise me if the change in behaviour is from a different openssl version.

It would be very helpful to have some information on the certificate itself.  Please post the results of the following command and the openssl version on each machine.

openssl x509 -in cert.pem -noout -text

If there is any information that you feel is confidential you can replace it with ***.


----------------------------------------------------------------------

Comment By: Technorama Ltd. (technorama)
Date: 2007-04-05 13:29

Message:
How did you create the certificate?

Did you set both not_before and not_after?
Both fields are required by rfc2459.

OpenSSL will allow you to create a bad X509 certificate and export it to DER/PEM.  Trying to load it will throw an exception.

----------------------------------------------------------------------

Comment By: M B (mrbright)
Date: 2006-10-11 08:36

Message:
Matz:
  I can tell you that I am running the above code on Linux
ruby version 1.8.4 and then running the same file with the
same certificate on windows 1.8.5.  That seems to be all the
information that I have.

mrbright

----------------------------------------------------------------------

Comment By: Tom Copeland (tom)
Date: 2006-10-10 20:33

Message:
If you have a chance, please respond to Matz on ruby-core here:

http://blade.nagaokaut.ac.jp/cgi-bin/scat.rb/ruby/ruby-core/9003

Thanks!

tom

----------------------------------------------------------------------

You can respond by visiting: 
http://rubyforge.org/tracker/?func=detail&atid=1698&aid=5995&group_id=426