From: jdowney@...
Date: 2014-09-18T15:24:13+00:00
Subject: [ruby-core:65106] [ruby-trunk - Bug #10257] [Open] Generate X.509 certificate/request/CRL with elliptic curve keys

Issue #10257 has been reported by John Downey.

----------------------------------------
Bug #10257: Generate X.509 certificate/request/CRL with elliptic curve keys
https://bugs.ruby-lang.org/issues/10257

* Author: John Downey
* Status: Open
* Priority: Normal
* Assignee: 
* Category: ext/openssl
* Target version: current: 2.2.0
* ruby -v: ruby 2.2.0dev (2014-09-18 trunk 47624) [x86_64-darwin13]
* Backport: 2.0.0: UNKNOWN, 2.1: UNKNOWN
----------------------------------------
Elliptic curve keys (`OpenSSL::PKey::EC`) cannot currently be used with the X.509 classes in Ruby OpenSSL. This is due to a few slight incompatibilities between the way RSA/DSA are implemented and the way EC is implemented.

* `OpenSSL::PKey::EC` does not respond to `#private?` which is used by the `#sign` method on `OpenSSL::X509::Certificate`, `OpenSSL::X509::Request`, and `OpenSSL::X509::CRL`
* The `#public_key` method on `OpenSSL::PKey::EC` returns a `OpenSSL::PKey::EC::Point` instead of a `OpenSSL::PKey::EC` object with just public key fields

This patch adds an alias for `#public?` and `#private?` to `OpenSSL::PKey::EC` that correspond to `#public_key?` and `#private_key?`. This brings it in line with the same interface on `OpenSSL::PKey::RSA` and `OpenSSL::PKey::DSA`. This also allows the key to be used with the X.509 classes I mentioned.

The second issue is unfortunately more complex as it does not look like it is possible to fix without either breaking backwards compatibility or putting some branching deeper in `OpenSSL::X509::Certificate`, `OpenSSL::X509::Request`, and `OpenSSL::X509::CRL`. The good news is you can pass the private `OpenSSL::PKey::EC` key to `#public_key=` and it still does the right thing.

---Files--------------------------------
ec_x509.patch (8.06 KB)


-- 
https://bugs.ruby-lang.org/