< :前の番号
^ :番号順リスト
> :次の番号
P :前の記事(スレッド移動)
N :次の記事(スレッド移動)
|<:前のスレッド
>|:次のスレッド
^ :返事先
_:自分への返事
>:同じ返事先を持つ記事(前)
<:同じ返事先を持つ記事(後)
---:分割してスレッド表示、再表示
| :分割して(縦)スレッド表示、再表示
~ :スレッドのフレーム消去
.:インデックス
..:インデックスのインデックス
Issue #10257 has been updated by Todd Knarr.
"no shared cipher" for EC: looks like the curve name's in OpenSSL::PKey::EC::Group. There's a `#curve_name` method to get the curve name, but no way to set it and when a group's created using a named curve the name's never set in the resulting Group object. I haven't dug down far enough to confirm but it looks like the problem's in OpenSSL rather than the Ruby bindings.
----------------------------------------
Bug #10257: Generate X.509 certificate/request/CRL with elliptic curve keys
https://bugs.ruby-lang.org/issues/10257#change-57990
* Author: John Downey
* Status: Open
* Priority: Normal
* Assignee: openssl
* ruby -v: ruby 2.2.0dev (2014-09-18 trunk 47624) [x86_64-darwin13]
* Backport: 2.0.0: UNKNOWN, 2.1: UNKNOWN
----------------------------------------
Elliptic curve keys (`OpenSSL::PKey::EC`) cannot currently be used with the X.509 classes in Ruby OpenSSL. This is due to a few slight incompatibilities between the way RSA/DSA are implemented and the way EC is implemented.
* `OpenSSL::PKey::EC` does not respond to `#private?` which is used by the `#sign` method on `OpenSSL::X509::Certificate`, `OpenSSL::X509::Request`, and `OpenSSL::X509::CRL`
* The `#public_key` method on `OpenSSL::PKey::EC` returns a `OpenSSL::PKey::EC::Point` instead of a `OpenSSL::PKey::EC` object with just public key fields
This patch adds an alias for `#public?` and `#private?` to `OpenSSL::PKey::EC` that correspond to `#public_key?` and `#private_key?`. This brings it in line with the same interface on `OpenSSL::PKey::RSA` and `OpenSSL::PKey::DSA`. This also allows the key to be used with the X.509 classes I mentioned.
The second issue is unfortunately more complex as it does not look like it is possible to fix without either breaking backwards compatibility or putting some branching deeper in `OpenSSL::X509::Certificate`, `OpenSSL::X509::Request`, and `OpenSSL::X509::CRL`. The good news is you can pass the private `OpenSSL::PKey::EC` key to `#public_key=` and it still does the right thing.
---Files--------------------------------
ec_x509.patch (8.06 KB)
--
https://bugs.ruby-lang.org/
Unsubscribe: <mailto:ruby-core-request / ruby-lang.org?subject=unsubscribe>
<http://lists.ruby-lang.org/cgi-bin/mailman/options/ruby-core>