[MacRuby] #900: Assertion fails with OpenSSL::X509::Certificate.issuer.to_der

Sun Sep 12 20:40:36 PDT 2010

#900: Assertion fails with OpenSSL::X509::Certificate.issuer.to_der
----------------------------------+-----------------------------------------
 Reporter:  watson1978@…          |       Owner:  lsansonetti@…        
     Type:  defect                |      Status:  new                  
 Priority:  blocker               |   Milestone:                       
Component:  MacRuby               |    Keywords:                       
----------------------------------+-----------------------------------------
 Test Script:
 {{{
 #!ruby
 require "openssl"

 def issue_cert(dn, key, serial, not_before, not_after, extensions,
                issuer, issuer_key, digest)
   cert = OpenSSL::X509::Certificate.new
   issuer = cert unless issuer
   issuer_key = key unless issuer_key
   cert.version = 2
   cert.serial = serial
   cert.subject = dn
   cert.issuer = issuer.subject
   cert.public_key = key.public_key
   cert.not_before = not_before
   cert.not_after = not_after
   ef = OpenSSL::X509::ExtensionFactory.new
   ef.subject_certificate = cert
   ef.issuer_certificate = issuer
   extensions.each{|oid, value, critical|
     cert.add_extension(ef.create_extension(oid, value, critical))
   }
   cert.sign(issuer_key, digest)
   cert
 end

 rsa1024 = OpenSSL::PKey::RSA.new(1024)
 rsa2048 = OpenSSL::PKey::RSA.new(2048)

 ca = OpenSSL::X509::Name.parse("/DC=org/DC=ruby-lang/CN=CA")
 ca_exts = [
            ["basicConstraints","CA:TRUE",true],
            ["keyUsage","keyCertSign, cRLSign",true],
            ["subjectKeyIdentifier","hash",false],
            ["authorityKeyIdentifier","keyid:always",false],
           ]
 ca_cert = issue_cert(ca, rsa2048, 1, Time.now, Time.now+3600, ca_exts,
                      nil, nil, OpenSSL::Digest::SHA1.new)

 ee1 = OpenSSL::X509::Name.parse("/DC=org/DC=ruby-lang/CN=EE1")
 ee1_exts = [
             ["keyUsage","Non Repudiation, Digital Signature, Key
 Encipherment",true],
             ["subjectKeyIdentifier","hash",false],
             ["authorityKeyIdentifier","keyid:always",false],
             ["extendedKeyUsage","clientAuth, emailProtection,
 codeSigning",false],
             ["subjectAltName","email:ee1 at ruby-lang.org",false],
            ]
 ee1_cert = issue_cert(ee1, rsa1024, 2, Time.now, Time.now+1800, ee1_exts,
                       ca_cert, rsa2048, OpenSSL::Digest::SHA1.new)

 p ee1_cert.issuer.to_der
 }}}

 Result:
 {{{
 $ ruby test_x509_name.rb
 "0=1\x130\x11\x06\n\t\x92&\x89\x93\xF2,d\x01\x19\x16\x03org1\x190\x17\x06\n\t\x92&\x89\x93\xF2,d\x01\x19\x16
 \truby-lang1\v0\t\x06\x03U\x04\x03\f\x02CA"

 $ macruby test_x509_name.rb
 Assertion failed: (len >= 0), function str_replace_with_uchars, file
 string.c, line 289.
 zsh: abort      macruby test_x509_name.rb
 }}}

-- 
Ticket URL: <http://www.macruby.org/trac/ticket/900>
MacRuby <http://macruby.org/>