From: "drbrain (Eric Hodel)" <drbrain@...7.net>
Date: 2013-07-23T08:29:14+09:00
Subject: [ruby-core:56114] [ruby-trunk - Bug #8664] open ssl not_before failure on small set of certificates


Issue #8664 has been updated by drbrain (Eric Hodel).

File openssl.bug_8664.patch added

It seems that there are multiple ways to represent a UTCTime in ASN1, but ruby's openssl extension only implements one of them.

This patch adds the format your certificate is encoded in.

Martin, can you check it? Are there other formats that are missing?
----------------------------------------
Bug #8664: open ssl not_before failure on small set of certificates
https://bugs.ruby-lang.org/issues/8664#change-40614

Author: jnickel (Jody Nickel)
Status: Assigned
Priority: Normal
Assignee: MartinBosslet (Martin Bosslet)
Category: ext/openssl
Target version: 
ruby -v: ruby 1.9.3p448 (2013-06-27 revision 41675) [x86_64-linux]
Backport: 1.9.3: UNKNOWN, 2.0.0: UNKNOWN


This failure only occurs on a very small percentage of certificates, during processing of ~2 million certificates, this failure only occurred 3 times. It happens on ruby-1.9.3-p448, ruby-1.8.7-p374 and ruby-2.0.0-p247 with the same error reported: 

open-ssl-bug.rb:71:in `not_before': bad UTCTIME format (TypeError)
        from open-ssl-bug.rb:71:in `perform_cert'
        from open-ssl-bug.rb:76:in `<main>'

I've enclosed a small sample program showing a successful and failed display of the not_before time, with the good and bad certificates embedded within the code.



-- 
http://bugs.ruby-lang.org/