-
Notifications
You must be signed in to change notification settings - Fork 81
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Corrupt CSR generated #102
Comments
Just an update: I've tested with jRuby 9.1.4.0 and the issue still occurs. The specific corruption appears to vary depending on the exact domainlist value. I've seen numbers and all sorts of strange characters appear. |
We are seeing this same issue with generating certs. We see the same issue with
(This is the JRuby bundled with PuppetServer) |
I can confirm these behavior together with multiple fields. As a reference you can see all the disabled tests for trocla and x509 for jruby
This makes openssl support on jruby barely usable and as a CA completely unusable. |
it should be fixable but it might need some hacking around x.509 support jossl uses from bouncy-castle. |
|
Environment
jruby 9.1.2.0 (2.3.0) 2016-05-26 7357c8f OpenJDK 64-Bit Server VM 25.102-b14 on 1.8.0_102-b14 +jit [linux-x86_64]
Arch Linux, jRuby installed from AUR.
Linux linodeplz 4.4.0-2-ec2 #1 SMP Thu Jan 21 09:52:26 PST 2016 x86_64 GNU/Linux
Other relevant info you may wish to add:
This issue showed up in part of a Sinatra application, but has been reduced to a minimal test case.
Expected Behavior
Generate a CSR using the script from this gist. Then use OpenSSL to view.
https://gist.github.com/technion/0e63d42299cc3d91f387d41e9e5c2c74
Under MRI 2.3.1, we can observe this behaviour:
It can be observed that the "Subject Alternative Name" field correctly matches those defined on line 13 of the gist.
Actual Behavior
When recreating the above test:
You can observe that the first 'DNS' field is broken, and the data appears to have different spacing
Want to back this issue? Post a bounty on it! We accept bounties via Bountysource.
The text was updated successfully, but these errors were encountered: