Project

General

Profile

Actions
Copy link

Bug #19311

closed

Fix `OpenSSL::X509::CertificateError: invalid digest` on CentOS 9 / RHEL 9

Bug #19311: Fix `OpenSSL::X509::CertificateError: invalid digest` on CentOS 9 / RHEL 9

Added by vo.x (Vit Ondruch) almost 3 years ago. Updated almost 3 years ago.

Status:
Closed
Assignee:
-
Target version:
-
ruby -v:
ruby 3.2.0 (2022-12-25 revision a528908271) [x86_64-linux]
Backport:
2.7: DONTNEED, 3.0: DONTNEED, 3.1: DONTNEED, 3.2: DONTNEED

Description

CentOS 9 / RHEL 9 requires prohibits SHA1 for signing purposes, therefore these specs fail:

1)
OpenSSL::X509::Name.verify returns true for valid certificate ERROR
OpenSSL::X509::CertificateError: invalid digest
/builddir/build/BUILD/ruby-3.2.0/spec/ruby/library/openssl/x509/name/verify_spec.rb:15:in `sign'
/builddir/build/BUILD/ruby-3.2.0/spec/ruby/library/openssl/x509/name/verify_spec.rb:15:in `block (2 levels) in <top (required)>'
/builddir/build/BUILD/ruby-3.2.0/spec/ruby/library/openssl/x509/name/verify_spec.rb:4:in `<top (required)>'
2)
OpenSSL::X509::Name.verify returns false for an expired certificate ERROR
OpenSSL::X509::CertificateError: invalid digest
/builddir/build/BUILD/ruby-3.2.0/spec/ruby/library/openssl/x509/name/verify_spec.rb:31:in `sign'
/builddir/build/BUILD/ruby-3.2.0/spec/ruby/library/openssl/x509/name/verify_spec.rb:31:in `block (2 levels) in <top (required)>'
/builddir/build/BUILD/ruby-3.2.0/spec/ruby/library/openssl/x509/name/verify_spec.rb:4:in `<top (required)>'

I have opened PR here, but I'd also like see this backported into 3.2, hence also reporting here.

Updated by vo.x (Vit Ondruch) almost 3 years ago Actions
Copy link
 #1

  • Status changed from Open to Closed

Updated by vo.x (Vit Ondruch) almost 3 years ago Actions
Copy link
 #2

  • Backport changed from 2.7: DONTNEED, 3.0: DONTNEED, 3.1: DONTNEED, 3.2: REQUIRED to 2.7: DONTNEED, 3.0: DONTNEED, 3.1: DONTNEED, 3.2: DONTNEED
Actions
Copy link

Also available in: PDF Atom