[#45382] [ruby-trunk - Feature #6530][Open] Improve Racc documentation coverage — "zzak (Zachary Scott)" <zachary@...>
5 messages
2012/06/02
[#45431] [ruby-trunk - Bug #6548][Open] Rake doesn't ignore arguments after -- — "rosenfeld (Rodrigo Rosenfeld Rosas)" <rr.rosas@...>
12 messages
2012/06/05
[#45442] 1.8.7 to come this month — Urabe Shyouhei <shyouhei@...>
Hello. As I wrote before I will release a 1.8.7 patchlevel in this month.
5 messages
2012/06/06
[#45474] [ANN] Request for "slide-show" of your feature proposal — Yusuke Endoh <mame@...>
(Japanese later; 日本語が後にあります)
18 messages
2012/06/07
[#45483] Re: [ANN] Request for "slide-show" of your feature proposal
— Rodrigo Rosenfeld Rosas <rr.rosas@...>
2012/06/07
Is this what you were talking about?
[#46009] Re: [ANN] Request for "slide-show" of your feature proposal
— Aaron Patterson <tenderlove@...>
2012/06/30
On Thu, Jun 07, 2012 at 11:59:12PM +0900, Yusuke Endoh wrote:
[#46332] Re: [ANN] Request for "slide-show" of your feature proposal
— Roger Pack <rogerdpack2@...>
2012/07/11
> * at most THREE proposals per person
[#45552] [ruby-trunk - Bug #6571][Assigned] Time.mktime Y2K38 problem on 1.9.3p125 i386-mingw32 — "MartinBosslet (Martin Bosslet)" <Martin.Bosslet@...>
10 messages
2012/06/10
[#45563] [ruby-trunk - Bug #6573][Open] Webrick test failures — "bkabrda (Bohuslav Kabrda)" <bkabrda@...>
19 messages
2012/06/11
[#45589] Developers' meeting (7/21) — Yusuke Endoh <mame@...>
Hello, committers
10 messages
2012/06/12
[#45623] Re: Developers' meeting (7/21)
— Yusuke Endoh <mame@...>
2012/06/13
Four seats are now left.
[#45647] [ruby-trunk - Bug #6592][Open] test_call_double(DL::TestDL) fails on ARM HardFP — "vo.x (Vit Ondruch)" <v.ondruch@...>
15 messages
2012/06/14
[#45664] [ruby-trunk - Bug #6596][Open] New method for Arrays : Array#index — "robin850 (Robin Dupret)" <robin.dupret@...>
20 messages
2012/06/15
[#45694] [ruby-trunk - Feature #6602][Open] Tail call optimization: enable by default? — "ko1 (Koichi Sasada)" <redmine@...>
12 messages
2012/06/18
[#45715] [ruby-trunk - Feature #6609][Open] Toplevel as self extended module — "trans (Thomas Sawyer)" <transfire@...>
17 messages
2012/06/19
[#45732] [ruby-trunk - Bug #6614][Open] GC doesn't collect objects bound to (collectable) proc — "rogerdpack (Roger Pack)" <rogerpack2005@...>
9 messages
2012/06/20
[#45735] [ruby-trunk - Bug #6616][Open] MinGW: cannot build extensions or run tests due changes in exec_arg? — "luislavena (Luis Lavena)" <luislavena@...>
9 messages
2012/06/21
[#45749] [ruby-trunk - Bug #6616] MinGW: cannot build extensions or run tests due changes in exec_arg?
— "phasis68 (Heesob Park)" <phasis@...>
2012/06/21
[#45785] How can I contribute? — David Albert <davidbalbert@...>
Hello ruby-core,
6 messages
2012/06/22
[#45798] [ruby-trunk - Bug #6634][Open] Deadlock with join and ConditionVariable — "meh. (meh. I don't care)" <meh@...>
20 messages
2012/06/23
[#45805] [ruby-trunk - Feature #6636][Open] Enumerable#size — "marcandre (Marc-Andre Lafortune)" <ruby-core@...>
15 messages
2012/06/23
[#45822] [ruby-trunk - Feature #6641][Open] Hash.auto constructor — "trans (Thomas Sawyer)" <transfire@...>
9 messages
2012/06/25
[#45864] [ruby-trunk - Bug #6647][Open] Exceptions raised in threads should be logged — "headius (Charles Nutter)" <headius@...>
71 messages
2012/06/25
[#45866] [ruby-trunk - Bug #6647] Exceptions raised in threads should be logged
— "rue (Eero Saynatkari)" <redmine@...>
2012/06/25
[#45878] [ruby-trunk - Feature #6649][Open] Add new set_trace_func events "b-call", "b-return" — "ko1 (Koichi Sasada)" <redmine@...>
8 messages
2012/06/26
[#45887] [ruby-trunk - Bug #6650][Open] Fixing win32ole test errors — bosko (Boško Ivanišević) <bosko.ivanisevic@...>
10 messages
2012/06/26
[#45916] [ruby-trunk - Bug #6656][Open] Time#strftime('%Z') should return 'UTC' instead of 'GMT' — "stomar (Marcus Stollsteimer)" <redmine@...>
6 messages
2012/06/27
[#45922] Re: [ruby-trunk - Bug #6656][Open] Time#strftime('%Z') should return 'UTC' instead of 'GMT'
— Tanaka Akira <akr@...>
2012/06/28
2012/6/27 stomar (Marcus Stollsteimer) <[email protected]>:
[#45935] Re: [ruby-trunk - Bug #6656][Open] Time#strftime('%Z') should return 'UTC' instead of 'GMT'
— Marcus Stollsteimer <sto.mar@...>
2012/06/28
Am 28.06.2012 02:29, schrieb Tanaka Akira:
[#45940] Re: [ruby-trunk - Bug #6656][Open] Time#strftime('%Z') should return 'UTC' instead of 'GMT'
— Tanaka Akira <akr@...>
2012/06/28
2012/6/28 Marcus Stollsteimer <[email protected]>:
[#45925] Commit bit in GitHub mirror? — Luis Lavena <luislavena@...>
Hello,
6 messages
2012/06/28
[#45926] Re: Commit bit in GitHub mirror?
— Urabe Shyouhei <shyouhei@...>
2012/06/28
Hello, this is svn -> git gateway admin.
[#45958] [ruby-trunk - Feature #6668][Open] Multiple assignment should not return an Array object — "headius (Charles Nutter)" <headius@...>
7 messages
2012/06/29
[#47584] [ruby-trunk - Feature #6668] Multiple assignment should not return an Array object
— "headius (Charles Nutter)" <headius@...>
2012/09/19
[#45960] [ruby-trunk - Feature #6669][Open] A method like Hash#map but returns hash — "yhara (Yutaka HARA)" <redmine@...>
18 messages
2012/06/29
[#45983] [ruby-trunk - Bug #6675][Open] Raise exception when convert encoding of a character from GBK to UTF — "mghomn (Justin Peal)" <yujianbin@...>
5 messages
2012/06/30
[#46020] [ruby-trunk - Feature #6678][Open] Precedence of ^ operator — "trans (Thomas Sawyer)" <transfire@...>
6 messages
2012/06/30
[#46021] [ruby-trunk - Feature #6679][Open] Default Ruby source file encoding to utf-8 — "claytrump (Clay Trump)" <clay.trump@...>
21 messages
2012/06/30
[#46080] [ruby-trunk - Feature #6679][Assigned] Default Ruby source file encoding to utf-8
— "mame (Yusuke Endoh)" <mame@...>
2012/07/01
[#46653] [ruby-trunk - Feature #6679] Default Ruby source file encoding to utf-8
— "mame (Yusuke Endoh)" <mame@...>
2012/07/23
[ruby-core:45551] [ruby-trunk - Bug #6122][Closed] OpenSSL::PKCS7 verify
From:
"MartinBosslet (Martin Bosslet)" <Martin.Bosslet@...>
Date:
2012-06-10 16:05:29 UTC
List:
ruby-core #45551
Issue #6122 has been updated by MartinBosslet (Martin Bosslet).
Status changed from Assigned to Closed
Hi Justin,
The behavior you encountered is not an error. When you sign the PKCS7, the signing certificate will be included in the resulting SignedData structure. You can see that:
def decrypt_verify(received, obj_cert, ca_cert)
encrypted = OpenSSL::PKCS7.new(received)
decrypted = encrypted.decrypt(@key, @cert)
signed = OpenSSL::PKCS7.new(decrypted)
cert_store = OpenSSL::X509::Store.new.add_cert(ca_cert)
signed.certificates.each { |c| p c } # => the signing certificate is in there
plain = signed.data if signed.verify([obj_cert], cert_store)
end
When the PKCS7 is verified later on, OpenSSL will at first look through the certificates you provided and then look in the SignedData itself if it can find the signing certificate there. It does, so it ignores your additional certificate. With the signing certificate included,
signed.verify(nil, cert_store)
will also succeed, and this is expected. If you want it to behave differently, you may either use the flags as in your second example, or you might sign the data without including the signing certificates.
Regarding the time issue, you ran into the Y2K38 problem there. This shouldn't be a problem anymore with your Ruby version, and it works on my Linux machine, could be that it is a problem specific to Windows. I'll close this issue and open a separate one for the time problem as they are not related.
----------------------------------------
Bug #6122: OpenSSL::PKCS7 verify
https://bugs.ruby-lang.org/issues/6122#change-27148
Author: mghomn (Justin Peal)
Status: Closed
Priority: High
Assignee: MartinBosslet (Martin Bosslet)
Category: ext
Target version: 2.0.0
ruby -v: ruby 1.9.3p125 (2012-02-16) [i386-mingw32]
# not_after can not later than 2038-01-19 11:14:07
# verify can pass wrong certificate
require 'OpenSSL'
class Rsa
attr_reader :key, :cert
@@sha = OpenSSL::Digest::SHA1.new
@@aes = OpenSSL::Cipher.new("aes-128-ofb")
def initialize serial, issuer=nil
@key = OpenSSL::PKey::RSA.new(1024)
@cert = OpenSSL::X509::Certificate.new
@cert.version = 2 # RFC 5280 - v3
@cert.serial = serial
@cert.subject = OpenSSL::X509::Name.parse "CN=#{serial}"
@cert.issuer = issuer==nil ? @cert.subject : issuer
@cert.public_key = @key.public_key
@cert.not_before = Time.now
@cert.not_after = Time.mktime(2038, 1, 19, 11, 14, 7) # second = 8 ==> Fail!
@cert.sign(@key, @@sha) if issuer==nil
end
def sign key
@cert.sign(key, @@sha)
end
def sign_encrypt(plain, obj_cert)
signed = OpenSSL::PKCS7::sign(@cert, @key, plain)
encrypted = OpenSSL::PKCS7::encrypt([obj_cert], signed.to_s, @@aes)
end
def decrypt_verify(received, obj_cert, ca_cert)
encrypted = OpenSSL::PKCS7.new(received)
decrypted = encrypted.decrypt(@key, @cert)
signed = OpenSSL::PKCS7.new(decrypted)
cert_store = OpenSSL::X509::Store.new.add_cert(ca_cert)
plain = signed.data if signed.verify([obj_cert], cert_store)
end
end
ca = Rsa.new(1)
alice = Rsa.new(11, ca.cert.issuer)
alice.sign ca.key
right = Rsa.new(12, ca.cert.issuer)
right.sign ca.key
fa = Rsa.new(3)
wrong = Rsa.new(33, fa.cert.issuer)
# wrong.sign fa.key # Don't sign indeed!
plain = "Something's wrong."
signed_encrypted = right.sign_encrypt(plain, alice.cert)
recovered = alice.decrypt_verify(signed_encrypted, wrong.cert, ca.cert) # wrong should be right
puts recovered==plain ? recovered : "It's okay!"
--
http://bugs.ruby-lang.org/