Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

OpenSSL::X509::Certificate regression in 1.7.23 and 9.0.4.0 #78

Closed
tagomoris opened this issue Dec 24, 2015 · 2 comments
Closed

OpenSSL::X509::Certificate regression in 1.7.23 and 9.0.4.0 #78

tagomoris opened this issue Dec 24, 2015 · 2 comments

Comments

@tagomoris
Copy link

In my environment, JRuby 1.7.23 (& 1.7.22) and 9.0.4.0 crash when Certificate#to_text called.

Certificate#to_text always called when WEBrick starts with SSL configuration, so it always crashes.

# show_cert.rb
p PLATFORM
p RUBY_VERSION
key = OpenSSL::PKey::RSA.generate(2048)

issuer = subject = OpenSSL::X509::Name.new
subject.add_entry('C', 'JP')
subject.add_entry('ST', 'Tokyo')
subject.add_entry('L', 'Chiyoda')
subject.add_entry('CN', 'demo.example.com')

digest = OpenSSL::Digest::SHA1.new

cert = OpenSSL::X509::Certificate.new
cert.not_before = Time.at(0)
cert.not_after = Time.now + 5 * 365 * 86400 # 5 years after
cert.public_key = key
cert.serial = 1
cert.issuer = issuer
cert.subject = subject
cert.add_extension OpenSSL::X509::Extension.new('basicConstraints', OpenSSL::ASN1.Sequence([OpenSSL::ASN1::Boolean(true)]))
cert.sign(key, digest)

p cert
puts cert.to_text

9.0.4.0:

$ ruby -v
jruby 9.0.4.0 (2.2.2) 2015-11-12 b9fb7aa Java HotSpot(TM) 64-Bit Server VM 25.31-b07 on 1.8.0_31-b13 +jit [darwin-x86_64]
$ ruby show_cert.rb 
"java"
"2.2.2"
#<OpenSSL::X509::Certificate:0x5b799640 subject=/C=JP/ST=Tokyo/L=Chiyoda/CN=demo.example.com, issuer=/C=JP/ST=Tokyo/L=Chiyoda/CN=demo.example.com, serial=1, not_before=1970-01-01 00:00:00 UTC, not_after=2020-12-22 12:18:42 UTC>
Unhandled Java exception: java.lang.NullPointerException
java.lang.NullPointerException: null
           other2long at org/jruby/RubyNumeric.java:214
             num2long at org/jruby/RubyNumeric.java:209
              fix2int at org/jruby/RubyNumeric.java:275
              to_text at org/jruby/ext/openssl/X509Cert.java:313
         cacheAndCall at org/jruby/runtime/callsite/CachingCallSite.java:293
                 call at org/jruby/runtime/callsite/CachingCallSite.java:131
                <top> at show_cert.rb:34
  invokeWithArguments at java/lang/invoke/MethodHandle.java:636
                 load at org/jruby/ir/Compiler.java:111
            runScript at org/jruby/Ruby.java:821
            runScript at org/jruby/Ruby.java:813
          runNormally at org/jruby/Ruby.java:751
          runFromMain at org/jruby/Ruby.java:573
        doRunFromMain at org/jruby/Main.java:409
          internalRun at org/jruby/Main.java:304
                  run at org/jruby/Main.java:233
                 main at org/jruby/Main.java:200

1.7.23:

$ ruby -v
jruby 1.7.23 (1.9.3p551) 2015-11-24 f496dd5 on Java HotSpot(TM) 64-Bit Server VM 1.8.0_31-b13 +jit [darwin-x86_64]
$ ruby show_cert.rb 
"java"
"1.9.3"
#<OpenSSL::X509::Certificate:0xf736069 subject=/C=JP/ST=Tokyo/L=Chiyoda/CN=demo.example.com, issuer=/C=JP/ST=Tokyo/L=Chiyoda/CN=demo.example.com, serial=1, not_before=1970-01-01 00:00:00 UTC, not_after=2020-12-22 12:19:33 UTC>
RubyNumeric.java:202:in `other2long': java.lang.NullPointerException
    from RubyNumeric.java:197:in `num2long'
    from RubyNumeric.java:263:in `fix2int'
    from X509Cert.java:313:in `to_text'
    from X509Cert$INVOKER$i$0$0$to_text.gen:-1:in `call'
    from CachingCallSite.java:306:in `cacheAndCall'
    from CachingCallSite.java:136:in `call'
    from show_cert.rb:34:in `__file__'
    from show_cert.rb:-1:in `load'
    from Ruby.java:857:in `runScript'
    from Ruby.java:850:in `runScript'
    from Ruby.java:729:in `runNormally'
    from Ruby.java:578:in `runFromMain'
    from Main.java:393:in `doRunFromMain'
    from Main.java:288:in `internalRun'
    from Main.java:217:in `run'
    from Main.java:197:in `main'
@tagomoris
Copy link
Author

For server certificates, there's another exception (StringIndexOutOfBoundsException):

     # java.lang.String.charAt(String.java:646)
     # org.jruby.ext.openssl.X509CRL.extensions_to_text(X509CRL.java:400)
     # org.jruby.ext.openssl.X509Cert.to_text(X509Cert.java:359)
     # org.jruby.ext.openssl.X509Cert$INVOKER$i$0$0$to_text.call(X509Cert$INVOKER$i$0$0$to_text.gen)
     # org.jruby.runtime.callsite.CachingCallSite.call(CachingCallSite.java:129)
     # org.jruby.ir.interpreter.InterpreterEngine.processCall(InterpreterEngine.java:306)
     # org.jruby.ir.interpreter.StartupInterpreterEngine.interpret(StartupInterpreterEngine.java:77)
     # org.jruby.internal.runtime.methods.MixedModeIRMethod.INTERPRET_METHOD(MixedModeIRMethod.java:127)
     # org.jruby.internal.runtime.methods.MixedModeIRMethod.call(MixedModeIRMethod.java:113)
     # org.jruby.runtime.callsite.CachingCallSite.callBlock(CachingCallSite.java:77)
     # org.jruby.runtime.callsite.CachingCallSite.call(CachingCallSite.java:83)
     # org.jruby.ir.instructions.CallBase.interpret(CallBase.java:419)
(snip)

Full stack trace is here: https://travis-ci.org/treasure-data/td-client-ruby/jobs/98657026

@tagomoris tagomoris mentioned this issue Dec 24, 2015
Merged
@nahi
Copy link
Member

nahi commented Dec 24, 2015

My workaround: https://github.com/nahi/httpclient/blob/master/lib/httpclient/util.rb#L27-L46

@kares kares closed this as completed in 0bd2bd4 Dec 31, 2015
kares added a commit that referenced this issue Dec 31, 2015
@kares
add test-case from #78 and adjust to_text Serial Number: ... formatti…
2ea071d 
…ng to match MRI
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@nahi @tagomoris