ruby-core

Issue #12687 has been updated by Bar Hofesh.


Kazuki Yamaguchi wrote:
> It's working for me:
> 
> ~~~
> OpenSSL::X509::DEFAULT_CERT_DIR #=> "/usr/lib/ssl/certs"
> cert, *chain = OpenSSL::SSL::SSLSocket.new(TCPSocket.new("bugs.ruby-lang.org", 443)).connect.peer_cert_chain
> store = OpenSSL::X509::Store.new
> store.verify(cert, chain) #=> false
> store.set_default_paths
> store.verify(cert, chain) #=> true
> ~~~
> 
> OpenSSL::X509::Store#set_default_paths itself does not import any certificates but configures the store to load from OpenSSL::X509::DEFAULT_CERT_{DIR,FILE} as needed.
> 
> If you added a custom certificate to the directory, you have to run `c_rehash` so that OpenSSL can find it.


I see, is there a way to call c_rehash from Ruby ? 


----------------------------------------
Bug #12687: OpenSSL::X509::Store wont load certificates from set_default_paths
https://bugs.ruby-lang.org/issues/12687#change-60196

* Author: Bar Hofesh
* Status: Feedback
* Priority: Normal
* Assignee: 
* ruby -v: "2.2.5" revision: 54072
* Backport: 2.1: UNKNOWN, 2.2: UNKNOWN, 2.3: UNKNOWN
----------------------------------------
Setting up a new instance of OpenSSL::X509::Store, and setting "set_default_paths" will not actually import any certificates into Store.

Environment: Ubuntu 14.04

`File.dirname OpenSSL::Config::DEFAULT_CONFIG_FILE
=> "/usr/lib/ssl"`

use the store to verify a certificate (store.verify(ssl_certificate)) returns false

After manually doing:


`Dir.glob("/usr/lib/ssl/certs/*").each do |cert|
  begin
    cert_store.add_file cert
  rescue Exception
    next
  end
end`

the verify returns true.




-- 
https://bugs.ruby-lang.org/

Unsubscribe: <mailto:ruby-core-request@ruby-lang.org?subject=unsubscribe>
<http://lists.ruby-lang.org/cgi-bin/mailman/options/ruby-core>