Issue #6089 has been updated by MartinBosslet (Martin Bosslet).


> Hi Martin,
> so OpenSSL v 1.0.1 is now public [1] and the problem seems to stay. I myself am not SSL expert, but why exactly should signing DSS1 with RSA2048 be a mismatch? I think that it's actually the right behaviour that it doesn't.
> 
> [1] http://www.openssl.org//source/openssl-1.0.1.tar.gz

Hi Bohuslav, hi Vit,

thanks for the info. OK, if the problem remains, I'll look into it now that 1.0.1 is released. The problem with DSS1 and RSA is probably that DSS1 was defined in combination with DSA signatures. So the notion of DSS1 formally only makes in combination with DSA. It's really confusing, since DSS1 is actually the exact same algorithm as SHA-1. But it could be that behavior of accepting/rejecting it in places where SHA-1 would be expected normally (such as RSA signatures) has changed now. I'll investigate.


----------------------------------------
Bug #6089: Test suite fails with OpenSSL 1.0.1
https://bugs.ruby-lang.org/issues/6089#change-24956

Author: vo.x (Vit Ondruch)
Status: Assigned
Priority: Normal
Assignee: MartinBosslet (Martin Bosslet)
Category: 
Target version: 
ruby -v: 	ruby 1.9.3p125 (2012-02-16 revision 34643) [x86_64-linux]


It seems that the patch [1] changes the behavior of openssl and makes the test_x509cert.rb fail:

  1) Failure:
test_dsig_algorithm_mismatch(OpenSSL::TestX509Certificate) [test/openssl/test_x509cert.rb:175]:
OpenSSL::X509::CertificateError expected but nothing was raised.


I also notified Fedora's openssl maintainer about these issues [2].


[1] http://cvs.openssl.org/filediff?f=openssl/crypto/asn1/a_sign.c&v1=1.21.4.1&v2=1.21.4.2
[2] https://bugzilla.redhat.com/show_bug.cgi?id=797217


-- 
http://bugs.ruby-lang.org/