Project

General

Profile

Actions
Copy link

Bug #9154

closed

Support for OpenSSL with MD5 disabled for certificate verification

Added by vo.x (Vit Ondruch) about 11 years ago. Updated over 8 years ago.

Status:
Closed
Assignee:
-
Target version:
-
ruby -v:
ruby 2.0.0p247 (2013-06-27) [x86_64-linux]
Backport:
[ruby-core:58571]

Description

=begin
In Fedora Rawhide, there was disable support for verification of certificate, CRL, and OCSP signatures using MD5 in OpenSSL [1, 2], therefore I observe following test errors:

  1. Error:
    test_sign_and_verify(OpenSSL::TestX509Request):
    OpenSSL::X509::RequestError: unknown message digest algorithm
    /builddir/build/BUILD/ruby-2.0.0-p247/test/openssl/test_x509req.rb:111:in verify' /builddir/build/BUILD/ruby-2.0.0-p247/test/openssl/test_x509req.rb:111:in test_sign_and_verify'
  2. Error:
    test_sign_and_verify(OpenSSL::TestX509Certificate):
    OpenSSL::X509::CertificateError: unknown message digest algorithm
    /builddir/build/BUILD/ruby-2.0.0-p247/test/openssl/test_x509cert.rb:140:in verify' /builddir/build/BUILD/ruby-2.0.0-p247/test/openssl/test_x509cert.rb:140:in test_sign_and_verify'

I was suggested by OpenSSL maintainer, that MD5 is obsolete and for modernization, it would be more useful to test SHA256 instead of MD5 for example. Any chance to make this test could pass out of the box and support more modern hashing algorithms?

[1] http://pkgs.fedoraproject.org/cgit/openssl.git/commit/?id=dcd0fb1ec9e2ef9bace5473cb3924a8d867ce84b

[2] http://pkgs.fedoraproject.org/cgit/openssl.git/commit/?id=9caf868063fd085ed4b2246f5f8dde91873d1c15
=end

Actions
Copy link
 #1 [ruby-core:58597]

Updated by vo.x (Vit Ondruch) about 11 years ago

  • Assignee set to MartinBosslet (Martin Bosslet)
Actions
Copy link
 #2 [ruby-core:64607]

Updated by vo.x (Vit Ondruch) over 10 years ago

  • Assignee changed from MartinBosslet (Martin Bosslet) to usa (Usaku NAKAMURA)

This seems to be fixed by r46899, r46903 and r46904, backported for Ruby 2.1 by r46908, but it would be nice to have this also in Ruby 2.0, since that is the version officially shipped with RHEL/CentOS 7.

Actions
Copy link
 #3 [ruby-core:64608]

Updated by vo.x (Vit Ondruch) over 10 years ago

  • Backport changed from 1.9.3: UNKNOWN, 2.0.0: UNKNOWN to 1.9.3: UNKNOWN, 2.0.0: REQUIRED
Actions
Copy link
 #4 [ruby-core:64609]

Updated by vo.x (Vit Ondruch) over 10 years ago

  • Backport changed from 1.9.3: UNKNOWN, 2.0.0: REQUIRED to 1.9.3: REQUIRED, 2.0.0: REQUIRED

Actually, 1.9.3 is affected by this issue as well.

Actions
Copy link
 #5

Updated by zzak (zzak _) over 9 years ago

  • Assignee changed from usa (Usaku NAKAMURA) to 7150
Actions
Copy link
 #6 [ruby-core:76245]

Updated by rhenium (Kazuki Yamaguchi) over 8 years ago

  • Status changed from Open to Closed
  • Backport deleted (1.9.3: REQUIRED, 2.0.0: REQUIRED)

Closing this as it is already fixed.

Actions
Copy link

Also available in: Atom PDF

Like0
Like0Like0Like0Like0Like0Like0