Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

OpenSSL extension - corrupt CSR #4130

Closed
technion opened this issue Sep 2, 2016 · 2 comments
Closed

OpenSSL extension - corrupt CSR #4130

technion opened this issue Sep 2, 2016 · 2 comments

Comments

@technion
Copy link

technion commented Sep 2, 2016

Environment

jruby 9.1.2.0 (2.3.0) 2016-05-26 7357c8f OpenJDK 64-Bit Server VM 25.102-b14 on 1.8.0_102-b14 +jit [linux-x86_64]
Arch Linux, jRuby installed from AUR.

Linux linodeplz 4.4.0-2-ec2 #1 SMP Thu Jan 21 09:52:26 PST 2016 x86_64 GNU/Linux

Other relevant info you may wish to add:
This issue showed up in part of a Sinatra application, but has been reduced to a minimal test case.

Expected Behavior

Generate a CSR using the script from this gist. Then use OpenSSL to view.

https://gist.github.com/technion/0e63d42299cc3d91f387d41e9e5c2c74

Under MRI 2.3.1, we can observe this behaviour:

$ ./ssltest.rb > mycsr.csr
$ openssl req -in mycsr.csr -noout -text | more
...
            X509v3 Subject Alternative Name:
                DNS:test.example.com, DNS:test2.example.com, DNS:example.com, DNS:www.example.com

It can be observed that the "Subject Alternative Name" field correctly matches those defined on line 13 of the gist.

Actual Behavior

When recreating the above test:

$ jruby ./ssltest.rb > mycsr.csr
$ openssl req -in mycsr.csr -noout -text | more
...
           X509v3 Subject Alternative Name:
                .N test.example.com,DNS: test2.example.com,DNS: example.com,DNS: www.example.com

You can observe that the first 'DNS' field is broken, and the data appears to have different spacing.

@kares
Copy link
Member

kares commented Sep 2, 2016

there's a lot of compatibility details jruby-openssl misses. feel free to move the issue over. thanks!

@technion
Copy link
Author

technion commented Sep 2, 2016

@kares Sorry, didn't realise that had a separate tracker. Will move.

@technion technion closed this as completed Sep 2, 2016
@kares kares added this to the Invalid or Duplicate milestone Sep 2, 2016
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants