Issue #5951 has been updated by MartinBosslet (Martin Bosslet).


I couldn't find a way to generally override the OpenSSL check, so I simply enforced the same check on our side to at least guarantee consistency.
----------------------------------------
Bug #5951: Exported RSA keys allow pass phrases that are too short
https://bugs.ruby-lang.org/issues/5951#change-27141

Author: drbrain (Eric Hodel)
Status: Closed
Priority: Normal
Assignee: MartinBosslet (Martin Bosslet)
Category: ext
Target version: 
ruby -v: ruby 2.0.0dev (2011-12-20 trunk 34073) [x86_64-darwin11.2.0]


=begin

Exporting a key with this code:

  cipher = OpenSSL::Cipher::Cipher.new 'AES-128-CBC'
  pass_phrase = 'woo'

  key_secure = key.export cipher, pass_phrase

  open 'private.secure.pem', 'w' do |io|
    io.write key_secure
  end

Is not loadable:

  $ ruby20 -v -ropenssl -e 'OpenSSL::PKey::RSA.new File.read "private.secure.pem"' 
  ruby 2.0.0dev (2011-12-20 trunk 34073) [x86_64-darwin11.2.0]
  Enter PEM pass phrase: # I typed woo
  phrase is too short, needs to be at least 4 chars

=end



-- 
http://bugs.ruby-lang.org/