Open
Description
If multiple certificates with the same subjectdn are added to the store and used to verify, this can still fail based on the order they were placed in the store. I tried to fix this in #198.
Here is a change to one of the jruby_openssl test cases (/jruby-openssl/src/test/ruby/x509/test_x509store.rb:424:in `test_verify_same_subject_ca'
) that will reproduce the error:
--- a/src/test/ruby/x509/test_x509store.rb
+++ b/src/test/ruby/x509/test_x509store.rb
@@ -411,10 +411,10 @@ class TestX509Store < TestCase
ee4_cert = issue_cert(@ee4, @dsa2, 20, ee_exts, ca4_cert, @rsa4, not_before: now - 60, not_after: now + 1800)
cert_store = OpenSSL::X509::Store.new
- cert_store.add_cert ca1_cert
- cert_store.add_cert ca2_cert
- cert_store.add_cert ca3_cert
cert_store.add_cert ca4_cert
+ cert_store.add_cert ca3_cert
+ cert_store.add_cert ca2_cert
+ cert_store.add_cert ca1_cert
ok = cert_store.verify(ee1_cert)
assert_equal 'certificate signature failure', cert_store.error_string
I just reversed the order in which the ca certificates are added to the store and the test will fail.
Metadata
Metadata
Assignees
Labels
No labels