[ruby/openssl] Add X509::Certificate#tbs_bytes

Ref https://github.com/ruby/openssl/issues/519 This makes verifying embedded certificate transparency signatures significantly easier, as otherwise the alternative was manipulating the ASN1 sequence, as in https://github.com/segiddins/sigstore-cosign-verify/pull/2/commits/656d992fa816613fd9936f53ce30972c2f2f4957 https://github.com/ruby/openssl/commit/99128bea5d
author: Samuel Giddins <[email protected]> 2024-04-30 13:09:05 -0700
committer: git <[email protected]> 2024-06-08 10:57:02 +0000
commit: 0b92929e520801d9d60a5d886430d35df1288af6 (patch)
tree: 2a7b49fe8d573557c3fe7289ce6bc03f298f7b3b /test/openssl
parent: 7612e45306e87bea2a5e8d269ac06cd2b65eef29 (diff)
1 files changed, 9 insertions, 0 deletions
diff --git a/test/openssl/test_x509cert.rb b/test/openssl/test_x509cert.rb
index 64805504de..12e9dd025c 100644
--- a/test/openssl/test_x509cert.rb
+++ b/test/openssl/test_x509cert.rb
@@ -322,6 +322,15 @@ class OpenSSL::TestX509Certificate < OpenSSL::TestCase
     end
   end
 
+  def test_tbs_precert_bytes
+    pend "LibreSSL < 3.5 does not have i2d_re_X509_tbs" if libressl? && !libressl?(3, 5, 0)
+
+    cert = issue_cert(@ca, @rsa2048, 1, [], nil, nil)
+    seq = OpenSSL::ASN1.decode(cert.tbs_bytes)
+
+    assert_equal 7, seq.value.size
+  end
+
   private
 
   def certificate_error_returns_false
author	Samuel Giddins <[email protected]>	2024-04-30 13:09:05 -0700
committer	git <[email protected]>	2024-06-08 10:57:02 +0000
commit	0b92929e520801d9d60a5d886430d35df1288af6 (patch)
tree	2a7b49fe8d573557c3fe7289ce6bc03f298f7b3b /test/openssl
parent	7612e45306e87bea2a5e8d269ac06cd2b65eef29 (diff)