Project

General

Profile

Actions
Copy link

Bug #19308

closed

Fix `OpenSSL::X509::CertificateError: invalid digest` on CentOS 9 / RHEL 9

Added by vo.x (Vit Ondruch) over 1 year ago. Updated over 1 year ago.

Status:
Closed
Assignee:
-
Target version:
-
ruby -v:
ruby 3.2.0 (2022-12-25 revision a528908271) [x86_64-linux]
Backport:
2.7: DONTNEED, 3.0: DONTNEED, 3.1: DONTNEED, 3.2: DONTNEED

Description

CentOS 9 / RHEL 9 requires prohibits SHA1 for signing purposes, therefore these specs fail:

1)
OpenSSL::X509::Name.verify returns true for valid certificate ERROR
OpenSSL::X509::CertificateError: invalid digest
/builddir/build/BUILD/ruby-3.2.0/spec/ruby/library/openssl/x509/name/verify_spec.rb:15:in `sign'
/builddir/build/BUILD/ruby-3.2.0/spec/ruby/library/openssl/x509/name/verify_spec.rb:15:in `block (2 levels) in <top (required)>'
/builddir/build/BUILD/ruby-3.2.0/spec/ruby/library/openssl/x509/name/verify_spec.rb:4:in `<top (required)>'
2)
OpenSSL::X509::Name.verify returns false for an expired certificate ERROR
OpenSSL::X509::CertificateError: invalid digest
/builddir/build/BUILD/ruby-3.2.0/spec/ruby/library/openssl/x509/name/verify_spec.rb:31:in `sign'
/builddir/build/BUILD/ruby-3.2.0/spec/ruby/library/openssl/x509/name/verify_spec.rb:31:in `block (2 levels) in <top (required)>'
/builddir/build/BUILD/ruby-3.2.0/spec/ruby/library/openssl/x509/name/verify_spec.rb:4:in `<top (required)>'

I have opened PR here, but I'd also like see this backported into 3.2, hence also reporting here.

Related issues 1 (0 open1 closed)

Is duplicate of Ruby master - Bug #19307: Fix `OpenSSL::X509::CertificateError: invalid digest` on CentOS 9 / RHEL 9ClosedActions
Actions
Copy link
 #1

Updated by vo.x (Vit Ondruch) over 1 year ago

  • Status changed from Open to Closed

Ups, sorry for the duplicates. Redmine is throwing following error when the ticket is created:

Internal error

An error occurred on the page you were trying to access.
If you continue to experience problems please contact your Redmine administrator for assistance.

If you are the Redmine administrator, check your log files for details about the error.

Back
Actions
Copy link
 #2 [ruby-core:111645]

Updated by vo.x (Vit Ondruch) over 1 year ago

Just FTR, I have received the same error also after closing this ticket ...

Actions
Copy link
 #3 [ruby-core:111646]

Updated by hsbt (Hiroshi SHIBATA) over 1 year ago

  • Status changed from Closed to Open

Oh, sorry. I'm working to upgrade redis server for bugs.ruby-lang.org. Now, It works.

Actions
Copy link
 #4

Updated by hsbt (Hiroshi SHIBATA) over 1 year ago

  • Status changed from Open to Closed
Actions
Copy link
 #5

Updated by hsbt (Hiroshi SHIBATA) over 1 year ago

  • Is duplicate of Bug #19307: Fix `OpenSSL::X509::CertificateError: invalid digest` on CentOS 9 / RHEL 9 added
Actions
Copy link
 #6

Updated by vo.x (Vit Ondruch) over 1 year ago

  • Backport changed from 2.7: DONTNEED, 3.0: DONTNEED, 3.1: DONTNEED, 3.2: REQUIRED to 2.7: DONTNEED, 3.0: DONTNEED, 3.1: DONTNEED, 3.2: DONTNEED
Actions
Copy link

Also available in: Atom PDF

Like0
Like0Like0Like0Like0Like0Like0