[#75225] [Ruby trunk Feature#12324] Support OpenSSL 1.1.0 (and drop support for 0.9.6/0.9.7) — k@...
Issue #12324 has been reported by Kazuki Yamaguchi.
6 messages
2016/04/27
[#78693] Re: [Ruby trunk Feature#12324] Support OpenSSL 1.1.0 (and drop support for 0.9.6/0.9.7)
— Eric Wong <normalperson@...>
2016/12/17
k@rhe.jp wrote:
[#78701] Re: [Ruby trunk Feature#12324] Support OpenSSL 1.1.0 (and drop support for 0.9.6/0.9.7)
— Kazuki Yamaguchi <k@...>
2016/12/17
On Sat, Dec 17, 2016 at 01:31:12AM +0000, Eric Wong wrote:
[#78702] Re: [Ruby trunk Feature#12324] Support OpenSSL 1.1.0 (and drop support for 0.9.6/0.9.7)
— Eric Wong <normalperson@...>
2016/12/17
Kazuki Yamaguchi <k@rhe.jp> wrote:
[ruby-core:74862] [Ruby trunk Bug#10257] Generate X.509 certificate/request/CRL with elliptic curve keys
From:
tknarr@...
Date:
2016-04-09 18:04:19 UTC
List:
ruby-core #74862
Issue #10257 has been updated by Todd Knarr. "no shared cipher" for EC: looks like the curve name's in OpenSSL::PKey::EC::Group. There's a `#curve_name` method to get the curve name, but no way to set it and when a group's created using a named curve the name's never set in the resulting Group object. I haven't dug down far enough to confirm but it looks like the problem's in OpenSSL rather than the Ruby bindings. ---------------------------------------- Bug #10257: Generate X.509 certificate/request/CRL with elliptic curve keys https://bugs.ruby-lang.org/issues/10257#change-57990 * Author: John Downey * Status: Open * Priority: Normal * Assignee: openssl * ruby -v: ruby 2.2.0dev (2014-09-18 trunk 47624) [x86_64-darwin13] * Backport: 2.0.0: UNKNOWN, 2.1: UNKNOWN ---------------------------------------- Elliptic curve keys (`OpenSSL::PKey::EC`) cannot currently be used with the X.509 classes in Ruby OpenSSL. This is due to a few slight incompatibilities between the way RSA/DSA are implemented and the way EC is implemented. * `OpenSSL::PKey::EC` does not respond to `#private?` which is used by the `#sign` method on `OpenSSL::X509::Certificate`, `OpenSSL::X509::Request`, and `OpenSSL::X509::CRL` * The `#public_key` method on `OpenSSL::PKey::EC` returns a `OpenSSL::PKey::EC::Point` instead of a `OpenSSL::PKey::EC` object with just public key fields This patch adds an alias for `#public?` and `#private?` to `OpenSSL::PKey::EC` that correspond to `#public_key?` and `#private_key?`. This brings it in line with the same interface on `OpenSSL::PKey::RSA` and `OpenSSL::PKey::DSA`. This also allows the key to be used with the X.509 classes I mentioned. The second issue is unfortunately more complex as it does not look like it is possible to fix without either breaking backwards compatibility or putting some branching deeper in `OpenSSL::X509::Certificate`, `OpenSSL::X509::Request`, and `OpenSSL::X509::CRL`. The good news is you can pass the private `OpenSSL::PKey::EC` key to `#public_key=` and it still does the right thing. ---Files-------------------------------- ec_x509.patch (8.06 KB) -- https://bugs.ruby-lang.org/ Unsubscribe: <mailto:ruby-core-request@ruby-lang.org?subject=unsubscribe> <http://lists.ruby-lang.org/cgi-bin/mailman/options/ruby-core>