Project

General

Profile

Feature #11552

ext/openssl: choose the OpenSSL::Digest class for OpenSSL::OCSP::Request.sign and OpenSSL::OCSP::BasicResponse.sign

Added by tshirley (Tim Shirley) over 3 years ago. Updated almost 3 years ago.

Status:
Closed
Priority:
Normal
Assignee:
openssl
Target version:
-
[ruby-core:<unknown>]

Description

ossl_ocsp.c is currently hard-coded to use SHA1 signatures when signing OCSP requests and basic responses, but SHA1 is being phased out for this purpose by web clients. The attached patch provides an optional parameter to the two sign methods to allow other digest algorithms to be specified. It is a backwards-compatible change since the new parameter is last and optional, and it will default to SHA1 if not specified. I've included basic tests as well in the patch.


Files

ruby-changes.patch (5.49 KB) ruby-changes.patch tshirley (Tim Shirley), 09/25/2015 08:04 PM

Associated revisions

Revision 2851f19f
Added by rhe almost 3 years ago

openssl: allow specifying hash algorithm in OCSP::*#sign

  • ext/openssl/ossl_ocsp.c (ossl_ocspreq_sign, ossl_ocspbres_sign): Allow
    specifying hash algorithm used in signing. They are hard coded to use
    SHA-1.
    Based on a patch provided by Tim Shirley tidoublemy@gmail.com.
    [ruby-core:70915] [Feature #11552] [GH ruby/openssl#28]

  • test/openssl/test_ocsp.rb: Test sign-verify works.

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55422 b2dd03c8-39d4-4d8f-98ff-823fe69b080e

Revision 55422
Added by rhenium (Kazuki Yamaguchi) almost 3 years ago

openssl: allow specifying hash algorithm in OCSP::*#sign

  • ext/openssl/ossl_ocsp.c (ossl_ocspreq_sign, ossl_ocspbres_sign): Allow
    specifying hash algorithm used in signing. They are hard coded to use
    SHA-1.
    Based on a patch provided by Tim Shirley tidoublemy@gmail.com.
    [ruby-core:70915] [Feature #11552] [GH ruby/openssl#28]

  • test/openssl/test_ocsp.rb: Test sign-verify works.

Revision 55422
Added by rhe almost 3 years ago

openssl: allow specifying hash algorithm in OCSP::*#sign

  • ext/openssl/ossl_ocsp.c (ossl_ocspreq_sign, ossl_ocspbres_sign): Allow
    specifying hash algorithm used in signing. They are hard coded to use
    SHA-1.
    Based on a patch provided by Tim Shirley tidoublemy@gmail.com.
    [ruby-core:70915] [Feature #11552] [GH ruby/openssl#28]

  • test/openssl/test_ocsp.rb: Test sign-verify works.

Revision 55422
Added by rhe almost 3 years ago

openssl: allow specifying hash algorithm in OCSP::*#sign

  • ext/openssl/ossl_ocsp.c (ossl_ocspreq_sign, ossl_ocspbres_sign): Allow
    specifying hash algorithm used in signing. They are hard coded to use
    SHA-1.
    Based on a patch provided by Tim Shirley tidoublemy@gmail.com.
    [ruby-core:70915] [Feature #11552] [GH ruby/openssl#28]

  • test/openssl/test_ocsp.rb: Test sign-verify works.

Revision 55422
Added by rhe almost 3 years ago

openssl: allow specifying hash algorithm in OCSP::*#sign

  • ext/openssl/ossl_ocsp.c (ossl_ocspreq_sign, ossl_ocspbres_sign): Allow
    specifying hash algorithm used in signing. They are hard coded to use
    SHA-1.
    Based on a patch provided by Tim Shirley tidoublemy@gmail.com.
    [ruby-core:70915] [Feature #11552] [GH ruby/openssl#28]

  • test/openssl/test_ocsp.rb: Test sign-verify works.

History

#1

Updated by zzak (Zachary Scott) over 3 years ago

  • Assignee set to openssl
#2

Updated by Anonymous almost 3 years ago

  • Status changed from Open to Closed

Applied in changeset r55422.


openssl: allow specifying hash algorithm in OCSP::*#sign

  • ext/openssl/ossl_ocsp.c (ossl_ocspreq_sign, ossl_ocspbres_sign): Allow
    specifying hash algorithm used in signing. They are hard coded to use
    SHA-1.
    Based on a patch provided by Tim Shirley tidoublemy@gmail.com.
    [ruby-core:70915] [Feature #11552] [GH ruby/openssl#28]

  • test/openssl/test_ocsp.rb: Test sign-verify works.

Also available in: Atom PDF