ruby-changes:55872
From: Yusuke <ko1@a...>
Date: Tue, 28 May 2019 10:07:58 +0900 (JST)
Subject: [ruby-changes:55872] Yusuke Endoh: ae2a904ce9 (trunk): Update the certificate files to make the test pass on Debian 10
https://git.ruby-lang.org/ruby.git/commit/?id=ae2a904ce9 From ae2a904ce9bffedee7d110dc60fd51c0a2879a5b Mon Sep 17 00:00:00 2001 From: Yusuke Endoh <mame@r...> Date: Mon, 27 May 2019 23:44:15 +0900 Subject: Update the certificate files to make the test pass on Debian 10 The old certificate files (for example, test/rubygems/ca_cert.pem) were signed by SHA1. This message digest is considered too weak and rejected by OpenSSL 1.1.1 or later. Because of this, the test suite does not pass on Debian 10. https://rubyci.org/logs/rubyci.s3.amazonaws.com/debian/ruby-master/log/20190527T123003Z.fail.html.gz#test%2Frubygems This change regenerates the files. A shell script for the regeneration (util/create_certs.sh) is also added. diff --git a/test/rubygems/ca_cert.pem b/test/rubygems/ca_cert.pem index 5207531..b3977e2 100644 --- a/test/rubygems/ca_cert.pem +++ b/test/rubygems/ca_cert.pem @@ -1,68 +1,77 @@ https://github.com/ruby/ruby/blob/trunk/test/rubygems/ca_cert.pem#L1 ------BEGIN CERTIFICATE----- -MIID0DCCArigAwIBAgIBADANBgkqhkiG9w0BAQUFADA8MQswCQYDVQQGDAJKUDES -MBAGA1UECgwJSklOLkdSLkpQMQwwCgYDVQQLDANSUlIxCzAJBgNVBAMMAkNBMB4X -DTA0MDEzMDAwNDIzMloXDTM2MDEyMjAwNDIzMlowPDELMAkGA1UEBgwCSlAxEjAQ -BgNVBAoMCUpJTi5HUi5KUDEMMAoGA1UECwwDUlJSMQswCQYDVQQDDAJDQTCCASIw -DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANbv0x42BTKFEQOE+KJ2XmiSdZpR -wjzQLAkPLRnLB98tlzs4xo+y4RyY/rd5TT9UzBJTIhP8CJi5GbS1oXEerQXB3P0d -L5oSSMwGGyuIzgZe5+vZ1kgzQxMEKMMKlzA73rbMd4Jx3u5+jdbP0EDrPYfXSvLY -bS04n2aX7zrN3x5KdDrNBfwBio2/qeaaj4+9OxnwRvYP3WOvqdW0h329eMfHw0pi -JI0drIVdsEqClUV4pebT/F+CPUPkEh/weySgo9wANockkYu5ujw2GbLFcO5LXxxm -dEfcVr3r6t6zOA4bJwL0W/e6LBcrwiG/qPDFErhwtgTLYf6Er67SzLyA66UCAwEA -AaOB3DCB2TAPBgNVHRMBAf8EBTADAQH/MDEGCWCGSAGG+EIBDQQkFiJSdWJ5L09w -ZW5TU0wgR2VuZXJhdGVkIENlcnRpZmljYXRlMB0GA1UdDgQWBBRJ7Xd380KzBV7f -USKIQ+O/vKbhDzAOBgNVHQ8BAf8EBAMCAQYwZAYDVR0jBF0wW4AUSe13d/NCswVe -31EiiEPjv7ym4Q+hQKQ+MDwxCzAJBgNVBAYMAkpQMRIwEAYDVQQKDAlKSU4uR1Iu -SlAxDDAKBgNVBAsMA1JSUjELMAkGA1UEAwwCQ0GCAQAwDQYJKoZIhvcNAQEFBQAD -ggEBAIu/mfiez5XN5tn2jScgShPgHEFJBR0BTJBZF6xCk0jyqNx/g9HMj2ELCuK+ -r/Y7KFW5c5M3AQ+xWW0ZSc4kvzyTcV7yTVIwj2jZ9ddYMN3nupZFgBK1GB4Y05GY -MJJFRkSu6d/Ph5ypzBVw2YMT/nsOo5VwMUGLgS7YVjU+u/HNWz80J3oO17mNZllj -PvORJcnjwlroDnS58KoJ7GDgejv3ESWADvX1OHLE4cRkiQGeLoEU4pxdCxXRqX0U -PbwIkZN9mXVcrmPHq8MWi4eC/V7hnbZETMHuWhUoiNdOEfsAXr3iP4KjyyRdwc7a -d/xgcK06UVQRL/HbEYGiQL056mc= ------END CERTIFICATE----- - ------BEGIN CERTIFICATE----- -MIIDaDCCAlCgAwIBAgIBATANBgkqhkiG9w0BAQUFADA8MQswCQYDVQQGDAJKUDES -MBAGA1UECgwJSklOLkdSLkpQMQwwCgYDVQQLDANSUlIxCzAJBgNVBAMMAkNBMB4X -DTA0MDEzMDAwNDMyN1oXDTM1MDEyMjAwNDMyN1owPzELMAkGA1UEBgwCSlAxEjAQ -BgNVBAoMCUpJTi5HUi5KUDEMMAoGA1UECwwDUlJSMQ4wDAYDVQQDDAVTdWJDQTCC -ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJ0Ou7AyRcRXnB/kVHv/6kwe -ANzgg/DyJfsAUqW90m7Lu1nqyug8gK0RBd77yU0w5HOAMHTVSdpjZK0g2sgx4Mb1 -d/213eL9TTl5MRVEChTvQr8q5DVG/8fxPPE7fMI8eOAzd98/NOAChk+80r4Sx7fC -kGVEE1bKwY1MrUsUNjOY2d6t3M4HHV3HX1V8ShuKfsHxgCmLzdI8U+5CnQedFgkm -3e+8tr8IX5RR1wA1Ifw9VadF7OdI/bGMzog/Q8XCLf+WPFjnK7Gcx6JFtzF6Gi4x -4dp1Xl45JYiVvi9zQ132wu8A1pDHhiNgQviyzbP+UjcB/tsOpzBQF8abYzgEkWEC -AwEAAaNyMHAwDwYDVR0TAQH/BAUwAwEB/zAxBglghkgBhvhCAQ0EJBYiUnVieS9P -cGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUlCjXWLsReYzH -LzsxwVnCXmKoB/owCwYDVR0PBAQDAgEGMA0GCSqGSIb3DQEBBQUAA4IBAQCJ/OyN -rT8Cq2Y+G2yA/L1EMRvvxwFBqxavqaqHl/6rwsIBFlB3zbqGA/0oec6MAVnYynq4 -c4AcHTjx3bQ/S4r2sNTZq0DH4SYbQzIobx/YW8PjQUJt8KQdKMcwwi7arHP7A/Ha -LKu8eIC2nsUBnP4NhkYSGhbmpJK+PFD0FVtD0ZIRlY/wsnaZNjWWcnWF1/FNuQ4H -ySjIblqVQkPuzebv3Ror6ZnVDukn96Mg7kP4u6zgxOeqlJGRe1M949SS9Vudjl8X -SF4aZUUB9pQGhsqQJVqaz2OlhGOp9D0q54xko/rekjAIcuDjl1mdX4F2WRrzpUmZ -uY/bPeOBYiVsOYVe ------END CERTIFICATE----- +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 0 (0x0) + Signature Algorithm: sha256WithRSAEncryption + Issuer: C=JP, ST=Tokyo, O=RubyGemsTest, CN=CA + Validity + Not Before: Jan 1 00:00:00 2009 GMT + Not After : Dec 31 23:59:59 2049 GMT + Subject: C=JP, ST=Tokyo, O=RubyGemsTest, CN=CA + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (2048 bit) + Modulus: + 00:c8:19:2c:5a:1d:4d:2a:65:1d:9a:0b:d6:3a:5c: + 5f:54:90:ac:17:6f:58:18:8f:e6:0f:33:36:ca:a0: + 92:02:b8:49:85:96:e9:74:16:14:40:67:98:4a:1f: + 4d:1c:d8:0b:c4:4e:f8:78:0a:68:70:39:d8:66:64: + c6:d5:ca:49:e9:02:c7:1a:1c:03:ba:a1:85:68:0a: + 03:05:27:b5:7f:97:21:94:20:f3:fe:ea:2e:f5:2e: + 99:34:6b:e0:e7:96:ca:51:4e:4d:40:48:09:d6:5f: + 64:7b:e5:df:eb:3d:44:bf:42:25:f7:84:c7:2d:22: + e0:7f:00:37:c6:c3:16:75:75:37:6a:e5:56:da:1c: + 77:37:3c:00:d3:1f:f4:9d:3b:27:08:ff:cd:cf:1e: + 60:74:65:90:c2:59:b4:12:3e:a0:7f:22:47:87:ff: + 52:f3:47:39:d1:91:02:1c:bb:8c:c9:20:1f:00:db: + d1:3a:b0:e0:ba:ee:55:05:8f:1a:f8:1e:dd:6d:83: + 1c:1d:18:01:44:92:27:22:f1:2a:07:fe:43:83:08: + 82:d3:2b:f1:ec:b1:68:b3:f8:94:1b:81:29:54:01: + 56:12:54:66:ba:60:e7:5c:27:04:4d:a3:61:e3:f9: + 8f:86:53:0b:83:eb:1f:1d:89:0c:83:66:88:c8:50: + 8d:c5 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + D6:DB:87:AD:D3:45:FC:D4:8D:6B:2B:97:F4:CF:95:08:B6:FA:62:A4 + X509v3 Authority Key Identifier: + keyid:D6:DB:87:AD:D3:45:FC:D4:8D:6B:2B:97:F4:CF:95:08:B6:FA:62:A4 + X509v3 Basic Constraints: critical + CA:TRUE + Signature Algorithm: sha256WithRSAEncryption + 06:92:f7:9a:0f:40:da:1a:7f:9f:0c:9e:04:37:4d:be:a4:1e: + 86:65:b3:4a:be:87:13:a1:e4:6b:3b:d6:58:9d:ca:f8:ba:6d: + e4:dd:de:c5:e3:a2:ec:ef:32:2d:c0:06:01:3a:d5:81:5a:e1: + e4:f7:5f:68:67:ea:cd:28:90:b1:9c:82:d3:4e:00:51:b6:eb: + d5:8d:ec:ab:c3:18:b2:8b:8d:5b:63:6d:f8:f5:40:c6:c6:7e: + 72:7b:ed:98:c5:5e:24:b9:ad:4f:5b:8f:1d:53:a3:d7:6a:4f: + 07:2e:6a:b6:63:5c:dc:05:22:ac:77:af:b0:72:9d:39:6f:77: + 9c:45:8b:ad:de:e8:bf:6a:b5:87:0b:58:47:af:11:1a:9e:84: + 25:21:68:48:2a:b3:3c:5a:97:54:20:03:bd:87:34:dd:db:24: + a6:c7:50:e9:6c:87:55:f2:e5:33:9c:83:8f:8c:9e:f3:3a:38: + a0:92:a1:a7:c4:89:31:bd:33:83:11:dd:ad:bb:e0:47:19:bb: + 62:6c:49:58:b3:13:12:c3:d0:dd:02:5f:6f:4f:13:07:6d:aa: + 7b:2c:46:5a:74:52:6d:13:10:9c:f7:3d:5d:84:5b:b8:5b:a9: + c5:ae:56:4b:9a:8c:e2:fd:7f:55:80:cb:b0:2d:56:d7:a4:3c: + cf:3c:b2:ff -----BEGIN CERTIFICATE----- -MIIDtTCCAp2gAwIBAgIJANz6ehBcVuuiMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNV -BAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBX -aWRnaXRzIFB0eSBMdGQwHhcNMTMwNTAxMTQ0NTQxWhcNMjMwMzEwMTQ0NTQxWjBF -MQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50 -ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB -CgKCAQEAzlpZwhEYoALOEKU4lmMw5l3YI/gadzDOoELtdcidvVvovKK8IIOTDwbA -3XcjwV0UPGEPOK4Uk1aD0EKkOQVg8ivSre2a3FFGffs2kXck+doJMzAA+pf8tvFk -QsETVOurOp74GN+er2xbbRSDVxQKq6d+QTe1E60btyXQS5M1Nt5SvLn8dazZJgvv -3yzJQ1IOQl+xeEO0WVVhPIx5Mx3VtjjcDyl8aewPkYkzia6UOrAyQZnl5sIzWGOb -kYKCNeKjTPepzlbMx0dN6jBupPYGNB+4FYY9GezInjGbRP5np5382wd3EWwsVzic -Nau8kXHTL2r7GzNvoy0p//iPCqx9FQIDAQABo4GnMIGkMB0GA1UdDgQWBBS7B027 -H/ZIkW3ngm1SrR0X/aTCwDB1BgNVHSMEbjBsgBS7B027H/ZIkW3ngm1SrR0X/aTC -wKFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNV -BAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJANz6ehBcVuuiMAwGA1UdEwQF -MAMBAf8wDQYJKoZIhvcNAQEFBQADggEBAC0glUrUiylTfuOWlwkQvi74oiYC5CzW -Jfusg6o/Gg1XEuJhaHiYMsK/do16gSc6Za3934rHQbYu3mesyFkCWF9kD4J6/hEO -OQL8xmmgN7wS6GXy6oIODpny0MgnFrV4gd1aEx69NIfL/wXaM8Gw2sj1TnuGLs8+ -HFmWLRRH3WSR7ZLnqYzPVJwhHu8vtZBL9HZk1J6xyq00Nwi2Cz5WdiHamgaza3TS -OgBdWwDeSClwhrTJni4d30dbq+eNMByIZ7QNGBQivpFzDxeNV/2UBrTU0CilKG5Q -j7ZwknfKeA4xUTd8TMK3vKab5JJCfjbXOTHZQsYUcEEGSjOMS8/YVQs= +MIIDUDCCAjigAwIBAgIBADANBgkqhkiG9w0BAQsFADBBMQswCQYDVQQGEwJKUDEO +MAwGA1UECAwFVG9reW8xFTATBgNVBAoMDFJ1YnlHZW1zVGVzdDELMAkGA1UEAwwC +Q0EwHhcNMDkwMTAxMDAwMDAwWhcNNDkxMjMxMjM1OTU5WjBBMQswCQYDVQQGEwJK +UDEOMAwGA1UECAwFVG9reW8xFTATBgNVBAoMDFJ1YnlHZW1zVGVzdDELMAkGA1UE +AwwCQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDIGSxaHU0qZR2a +C9Y6XF9UkKwXb1gYj+YPMzbKoJICuEmFlul0FhRAZ5hKH00c2AvETvh4CmhwOdhm +ZMbVyknpAscaHAO6oYVoCgMFJ7V/lyGUIPP+6i71Lpk0a+DnlspRTk1ASAnWX2R7 +5d/rPUS/QiX3hMctIuB/ADfGwxZ1dTdq5VbaHHc3PADTH/SdOycI/83PHmB0ZZDC +WbQSPqB/IkeH/1LzRznRkQIcu4zJIB8A29E6sOC67lUFjxr4Ht1tgxwdGAFEkici +8SoH/kODCILTK/HssWiz+JQbgSlUAVYSVGa6YOdcJwRNo2Hj+Y+GUwuD6x8diQyD +ZojIUI3FAgMBAAGjUzBRMB0GA1UdDgQWBBTW24et00X81I1rK5f0z5UItvpipDAf +BgNVHSMEGDAWgBTW24et00X81I1rK5f0z5UItvpipDAPBgNVHRMBAf8EBTADAQH/ +MA0GCSqGSIb3DQEBCwUAA4IBAQAGkveaD0DaGn+fDJ4EN02+pB6GZbNKvocToeRr +O9ZYncr4um3k3d7F46Ls7zItwAYBOtWBWuHk919oZ+rNKJCxnILTTgBRtuvVjeyr +wxiyi41bY2349UDGxn5ye+2YxV4kua1PW48dU6PXak8HLmq2Y1zcBSKsd6+wcp05 +b3ecRYut3ui/arWHC1hHrxEanoQlIWhIKrM8WpdUIAO9hzTd2ySmx1DpbIdV8uUz +nIOPjJ7zOjigkqGnxIkxvTODEd2tu+BHGbtibElYsxMSw9DdAl9vTxMHbap7LEZa +dFJtExCc9z1dhFu4W6nFrlZLmozi/X9VgMuwLVbXpDzPPLL/ -----END CERTIFICATE----- diff --git a/test/rubygems/client.pem b/test/rubygems/client.pem index 63a52c5..9824d9c 100644 --- a/test/rubygems/client.pem +++ b/test/rubygems/client.pem @@ -1,49 +1,107 @@ https://github.com/ruby/ruby/blob/trunk/test/rubygems/client.pem#L1 +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 2 (0x2) + Signature Algorithm: sha256WithRSAEncryption + Issuer: C=JP, ST=Tokyo, O=RubyGemsTest, CN=CA + Validity + Not Before: Jan 1 00:00:00 2009 GMT + Not After : Dec 31 23:59:59 2049 GMT + Subject: C=JP, ST=Tokyo, O=RubyGemsTest, CN=client + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (2048 bit) + Modulus: + 00:c (... truncated) -- ML: ruby-changes@q... Info: http://www.atdot.net/~ko1/quickml/