ruby-changes:69357
From: Kazuki <ko1@a...>
Date: Sat, 23 Oct 2021 13:40:20 +0900 (JST)
Subject: [ruby-changes:69357] d67fe1e9de (master): [ruby/openssl] test/openssl/test_ssl: fix illegal SAN extension
https://git.ruby-lang.org/ruby.git/commit/?id=d67fe1e9de From d67fe1e9de70592622b6c3f0f7353337886e7c35 Mon Sep 17 00:00:00 2001 From: Kazuki Yamaguchi <k@r...> Date: Sun, 21 Mar 2021 00:23:31 +0900 Subject: [ruby/openssl] test/openssl/test_ssl: fix illegal SAN extension A certificate can only have one SubjectAltName extension. OpenSSL 3.0 performs a stricter validation and certificates containing multiple SANs will be rejected. https://github.com/ruby/openssl/commit/558cfbe5f5 --- test/openssl/test_ssl.rb | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/test/openssl/test_ssl.rb b/test/openssl/test_ssl.rb index a93668d916..6412250c86 100644 --- a/test/openssl/test_ssl.rb +++ b/test/openssl/test_ssl.rb @@ -593,8 +593,7 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase https://github.com/ruby/ruby/blob/trunk/test/openssl/test_ssl.rb#L593 exts = [ ["keyUsage","keyEncipherment,digitalSignature",true], - ["subjectAltName","DNS:localhost.localdomain",false], - ["subjectAltName","IP:127.0.0.1",false], + ["subjectAltName","DNS:localhost.localdomain,IP:127.0.0.1",false], ] @svr_cert = issue_cert(@svr, @svr_key, 4, exts, @ca_cert, @ca_key) start_server { |port| -- cgit v1.2.1 -- ML: ruby-changes@q... Info: http://www.atdot.net/~ko1/quickml/