https://bugs.ruby-lang.org/https://bugs.ruby-lang.org/favicon.ico?17097754782012-08-28T01:02:16ZRuby Issue Tracking SystemRuby master - Bug #6939: Uninformative exception in FIPS modehttps://bugs.ruby-lang.org/issues/6939?journal_id=290692012-08-28T01:02:16Zvo.x (Vit Ondruch)v.ondruch@tiscali.cz
<ul><li><strong>Assignee</strong> changed from <i>duerst (Martin Dürst)</i> to <i>MartinBosslet (Martin Bosslet)</i></li></ul> Ruby master - Bug #6939: Uninformative exception in FIPS modehttps://bugs.ruby-lang.org/issues/6939?journal_id=290752012-08-28T02:01:23ZMartinBosslet (Martin Bosslet)Martin.Bosslet@gmail.com
<ul></ul><p>I'm not sure whether this is possible at all - the message being generated is what OpenSSL itself generates at this point. I'd have to check if there is a reliable way to detect whether we are in FIPS mode or not. Still, I'd prefer if OpenSSL itself provided a better exception message.</p> Ruby master - Bug #6939: Uninformative exception in FIPS modehttps://bugs.ruby-lang.org/issues/6939?journal_id=290872012-08-29T04:20:26ZMartinBosslet (Martin Bosslet)Martin.Bosslet@gmail.com
<ul><li><strong>Status</strong> changed from <i>Open</i> to <i>Assigned</i></li></ul> Ruby master - Bug #6939: Uninformative exception in FIPS modehttps://bugs.ruby-lang.org/issues/6939?journal_id=348812012-12-20T10:22:40ZMartinBosslet (Martin Bosslet)Martin.Bosslet@gmail.com
<ul><li><strong>Status</strong> changed from <i>Assigned</i> to <i>Third Party's Issue</i></li></ul><p>This is indeed a third party issue. The exception message (or better, the lack thereof) is generated by OpenSSL. They're fine for RSA, DSA and EC ("key too short"), but miserable for DH, agreed.</p>
<p>I really wouldn't want to start to improve OpenSSL error messages in the Ruby extension, that's not where this belongs IMHO. We could try to open an issue on the OpenSSL tracker, though.</p>
<p>Closing as TPI for now, please feel free to reopen if your opinions differ from mine.</p> Ruby master - Bug #6939: Uninformative exception in FIPS modehttps://bugs.ruby-lang.org/issues/6939?journal_id=348892012-12-20T16:11:07Zvo.x (Vit Ondruch)v.ondruch@tiscali.cz
<ul></ul><p>MartinBosslet (Martin Bosslet) wrote:</p>
<blockquote>
<p>We could try to open an issue on the OpenSSL tracker, though.</p>
</blockquote>
<p>Would be cool if you can do this.</p>