2021-11-05 19:55:56 +00:00
|
|
|
From bb0f57aeb4de36a3b2b8b8cb01d25b32af0357d3 Mon Sep 17 00:00:00 2001
|
|
|
|
From: =?UTF-8?q?V=C3=ADt=20Ondruch?= <vondruch@redhat.com>
|
|
|
|
Date: Wed, 27 Oct 2021 16:28:24 +0200
|
|
|
|
Subject: [PATCH] Provide distinguished name which will be correctly parsed.
|
|
|
|
|
|
|
|
It seems that since ruby openssl 2.1.0 [[1]], the distinguished name
|
|
|
|
submitted to `OpenSSL::X509::Name.parse` is not correctly parsed if it
|
|
|
|
does not contain the first slash:
|
|
|
|
|
|
|
|
~~~
|
|
|
|
$ ruby -v
|
|
|
|
ruby 3.0.2p107 (2021-07-07 revision 0db68f0233) [x86_64-linux]
|
|
|
|
|
|
|
|
$ gem list | grep openssl
|
|
|
|
openssl (default: 2.2.0)
|
|
|
|
|
|
|
|
$ irb -r openssl
|
|
|
|
irb(main):001:0> OpenSSL::X509::Name.parse("CN=nobody/DC=example").to_s(OpenSSL::X509::Name::ONELINE)
|
|
|
|
=> "CN = nobody/DC=example"
|
|
|
|
irb(main):002:0> OpenSSL::X509::Name.parse("/CN=nobody/DC=example").to_s(OpenSSL::X509::Name::ONELINE)
|
|
|
|
=> "CN = nobody, DC = example"
|
|
|
|
~~~
|
|
|
|
|
|
|
|
[1]: https://github.com/ruby/openssl/commit/19c67cd10c57f3ab7b13966c36431ebc3fdd653b
|
|
|
|
---
|
|
|
|
lib/rubygems/security.rb | 2 +-
|
|
|
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
|
|
|
|
|
|
diff --git a/lib/rubygems/security.rb b/lib/rubygems/security.rb
|
|
|
|
index c80639af6d..12de141f36 100644
|
|
|
|
--- a/lib/rubygems/security.rb
|
|
|
|
+++ b/lib/rubygems/security.rb
|
2021-11-25 16:46:12 +00:00
|
|
|
@@ -510,7 +510,7 @@ def self.email_to_name(email_address)
|
2021-11-05 19:55:56 +00:00
|
|
|
|
|
|
|
dcs = dcs.split '.'
|
|
|
|
|
|
|
|
- name = "CN=#{cn}/#{dcs.map {|dc| "DC=#{dc}" }.join '/'}"
|
|
|
|
+ name = "/CN=#{cn}/#{dcs.map {|dc| "DC=#{dc}" }.join '/'}"
|
|
|
|
|
|
|
|
OpenSSL::X509::Name.parse name
|
|
|
|
end
|
|
|
|
--
|
|
|
|
2.32.0
|
|
|
|
|