Project

General

Profile

Actions

Bug #13170

closed

OpenSSL::X509::Name#eql? broken in Ruby 2.4.0

Added by Iristyle (Ethan Brown) almost 8 years ago. Updated over 7 years ago.

Status:
Closed
Assignee:
-
Target version:
-
ruby -v:
ruby 2.4.0p0 (2016-12-24 revision 57164) [x86_64-darwin15]
[ruby-core:79310]

Description

Previously the behavior in Ruby 2.3.1 and earlier was:

[1] pry(main)> OpenSSL::X509::Name.new([['CN', 'foo']]).eql?(OpenSSL::X509::Name.new([['CN', 'bar']]))
=> false
[2] pry(main)> OpenSSL::X509::Name.new([['CN', 'foo']]).eql?(OpenSSL::X509::Name.new([['CN', 'foo']]))
=> true
[3] pry(main)> RUBY_VERSION
=> "2.3.1"

In Ruby 2.4.0, the evaluation is backwards:

[1] pry(main)> OpenSSL::X509::Name.new([['CN', 'foo']]).eql?(OpenSSL::X509::Name.new([['CN', 'bar']]))
=> true
[2] pry(main)> OpenSSL::X509::Name.new([['CN', 'foo']]).eql?(OpenSSL::X509::Name.new([['CN', 'foo']]))
=> false
[3] pry(main)> RUBY_VERSION
=> "2.4.0"

This is due to the implementation of the function at https://github.com/ruby/ruby/blob/aab0d67a1ff5190ff7a951e40cee742210302aed/ext/openssl/ossl_x509name.c#L366-L379

static VALUE ossl_x509name_eql(VALUE self, VALUE other)

Previously in 2.3.1 code returned (based on result = ossl_x509name_cmp0(self, other);):

return (result == 0) ? Qtrue : Qfalse;

Now the code has introduced a logic bug in 2.4.0 as of commit https://github.com/ruby/ruby/commit/aab0d67a1ff5190ff7a951e40cee742210302aed:

return ossl_x509name_cmp0(self, other) ? Qtrue : Qfalse;

The code should be:

return (ossl_x509name_cmp0(self, other) == 0) ? Qtrue : Qfalse;

Updated by Iristyle (Ethan Brown) almost 8 years ago

  • Description updated (diff)

Updated by Iristyle (Ethan Brown) almost 8 years ago

A colleague has posted a pull request at https://github.com/ruby/openssl/pull/100 fixing this issue.

Actions #4

Updated by Anonymous almost 8 years ago

  • Status changed from Open to Closed

Applied in changeset r57482.


openssl: import v2.0.3

Import Ruby/OpenSSL 2.0.3. Only bugfixes. The full commit log since
2.0.2 (imported at r57146) can be found at:

https://github.com/ruby/openssl/compare/v2.0.2...v2.0.3


Corey Bonnell (1):
Fix for ASN1::Constructive 'each' implementation

Kazuki Yamaguchi (10):
Fix build with static OpenSSL libraries on Windows
([ruby-core:78878] [Bug #13080])
Merge pull request #96 from CBonnell/master
Merge branch 'topic/windows-static-linking-without-pkg-config' into maint
appveyor.yml: update OpenSSL version to 1.0.2j
buffering: fix typo in doc
test/envutil: fix assert_raise_with_message
x509: fix OpenSSL::X509::Name#eql?
([ruby-core:79310] [Bug #13170])
ruby-openssl-docker: update versions of Ruby and OpenSSL
.travis.yml: test with Ruby 2.4
Ruby/OpenSSL 2.0.3

Updated by naruse (Yui NARUSE) over 7 years ago

  • Backport changed from 2.2: UNKNOWN, 2.3: UNKNOWN, 2.4: UNKNOWN to 2.2: UNKNOWN, 2.3: UNKNOWN, 2.4: DONE

ruby_2_4 r57881 merged revision(s) 57482.

Actions

Also available in: Atom PDF

Like0
Like0Like0Like0Like0Like0