Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

More default locations #71

Merged
merged 5 commits into from
Oct 6, 2015
Merged

More default locations #71

merged 5 commits into from
Oct 6, 2015
+251 −36

Conversation

mkristian
Copy link
Member

No description provided.

@mkristian
keep in line with MRI if possible
ad93636 
keep the default x509 certs and directories in line with MRI, only if
they do not exists fallback on cacerts from the java.home/lib/security/cacerts

fixes #49, #70 and keeps the idea of b914091

Sponsored by Lookout Inc.
@mkristian
check type on X509::Store.verify
742b9e6 
throw a TypeError if the argument is not a OpenSSL::X509::Certificate

fixes #69

Sponsored by Lookout Inc.
@mkristian
Copy link
Member Author

@kares @headius @enebo

the second trail this time with tests. though it is not possible to test those default locations but it is now possible to test SSL_CERT_FILE with PEM or java keystore files. fixed a few other issues which showed up on the way.

I did not change this Lookup.java class which mixed C-style and java style error handling.

@mkristian mkristian force-pushed the more-default-locations branch from af83d3a to ccf979f Compare September 14, 2015 19:05
@mkristian mkristian force-pushed the more-default-locations branch from ccf979f to 91619ec Compare September 15, 2015 06:02
kares and others added 2 commits September 15, 2015 08:55
@kares @mkristian
handle SecurityException from File().exists() on paths initialization
1c02ff6
@mkristian
avoid verifying the security provider when creating a cipher instance
43be800 
when using reflection to create an instance of a cipher then we had already
a SecurityException while using the javax Cipher factory. so avoid verifying
the provider when creating the cipher instance via reflection.

Sponsored by Lookout Inc.
mkristian added a commit that referenced this pull request Oct 6, 2015
@mkristian
Merge pull request #71 from jruby/more-default-locations
fe3a483 
More default locations for ca-cert files. matching MRI more closely
@mkristian mkristian merged commit fe3a483 into master Oct 6, 2015
@mkristian
Copy link
Member Author

@kares there is probably no file extension matching with openssl since there is no need for it. it just process it. but process is tricky since it looks for the begin- and end-marker, i.e. when not found then the file is considered processed.

the only jruby-openssl could achieve the same is to first try it as java keystore and in case of an io-error process it as "pem"

currently it will produce an error when the extension does not match.

let me know if I shall add the extra fallback on a failed keystore loading.

@mkristian mkristian deleted the more-default-locations branch October 6, 2015 20:35
@kares
Copy link
Member

kares commented Oct 7, 2015

@mkristian does not seem to matter, hopefully no users will run into issues with the new logic and we won't need to revert

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@mkristian @kares