openssl icon indicating copy to clipboard operation
openssl copied to clipboard
verified publisher icon ruby

Invalid CSR versions set in regress tests

Open botovq opened this issue 1 year ago • 1 comments

It looks like OpenSSL are about to merge a PR that disallows setting any version but 'version 1' (encoded as 0) in CSRs, because that's the only version specified, see RFC 2986, section 4.1.

This will break at least two regress tests because of:

https://github.com/ruby/openssl/blob/a8caa63729e66f8ad5cb503f0199e099042faac5/test/openssl/test_x509req.rb#L43

and

https://github.com/ruby/openssl/blob/a8caa63729e66f8ad5cb503f0199e099042faac5/test/openssl/test_x509req.rb#L109

for the second I suggest you find a different way of modifying the CSR.

botovq avatar Mar 26 '24 08:03 botovq

I suspect that this would fix it https://github.com/ruby/openssl/compare/master...job:ruby-openssl:master

job avatar Mar 26 '24 08:03 job

Do you want to submit a PR?

ioquatix avatar Apr 22 '24 08:04 ioquatix