diff options
| author | Vít Ondruch <vondruch@redhat.com> | 2021-10-27 16:28:24 +0200 |
|---|---|---|
| committer | git <svn-admin@ruby-lang.org> | 2021-12-02 04:43:06 +0900 |
| commit | 94ee88b38cf0a20666e3965f5c9c4d520cf02b22 (patch) | |
| tree | 91614c429555ddb79257e8d88528c4b456470667 /lib/rubygems/security.rb | |
| parent | eb7ec00d03dc62f501b2822c52f584e52c3d61d6 (diff) | |
| download | ruby-94ee88b38cf0a20666e3965f5c9c4d520cf02b22.tar.gz | |
[rubygems/rubygems] Provide distinguished name which will be correctly parsed.
It seems that since ruby openssl 2.1.0 [[1]], the distinguished name
submitted to `OpenSSL::X509::Name.parse` is not correctly parsed if it
does not contain the first slash:
~~~
$ ruby -v
ruby 3.0.2p107 (2021-07-07 revision 0db68f0233) [x86_64-linux]
$ gem list | grep openssl
openssl (default: 2.2.0)
$ irb -r openssl
irb(main):001:0> OpenSSL::X509::Name.parse("CN=nobody/DC=example").to_s(OpenSSL::X509::Name::ONELINE)
=> "CN = nobody/DC=example"
irb(main):002:0> OpenSSL::X509::Name.parse("/CN=nobody/DC=example").to_s(OpenSSL::X509::Name::ONELINE)
=> "CN = nobody, DC = example"
~~~
Instead, use `OpenSSL::X509::Name.new` directly as suggested by upstream
maintainer.
[1]: https://github.com/ruby/openssl/commit/19c67cd10c57f3ab7b13966c36431ebc3fdd653b
https://github.com/rubygems/rubygems/commit/09ca0c2dae
Co-authored-by: Kazuki Yamaguchi <k@rhe.jp>
Diffstat (limited to 'lib/rubygems/security.rb')
| -rw-r--r-- | lib/rubygems/security.rb | 7 |
1 files changed, 4 insertions, 3 deletions
diff --git a/lib/rubygems/security.rb b/lib/rubygems/security.rb index 8240a1a059..2275997207 100644 --- a/lib/rubygems/security.rb +++ b/lib/rubygems/security.rb @@ -510,9 +510,10 @@ module Gem::Security dcs = dcs.split '.' - name = "CN=#{cn}/#{dcs.map {|dc| "DC=#{dc}" }.join '/'}" - - OpenSSL::X509::Name.parse name + OpenSSL::X509::Name.new([ + ["CN", cn], + *dcs.map {|dc| ["DC", dc] }, + ]) end ## |