[前][次][番号順一覧][スレッド一覧]

ruby-changes:69357

From: Kazuki <ko1@a...>
Date: Sat, 23 Oct 2021 13:40:20 +0900 (JST)
Subject: [ruby-changes:69357] d67fe1e9de (master): [ruby/openssl] test/openssl/test_ssl: fix illegal SAN extension

https://git.ruby-lang.org/ruby.git/commit/?id=d67fe1e9de

From d67fe1e9de70592622b6c3f0f7353337886e7c35 Mon Sep 17 00:00:00 2001
From: Kazuki Yamaguchi <k@r...>
Date: Sun, 21 Mar 2021 00:23:31 +0900
Subject: [ruby/openssl] test/openssl/test_ssl: fix illegal SAN extension

A certificate can only have one SubjectAltName extension. OpenSSL 3.0
performs a stricter validation and certificates containing multiple SANs
will be rejected.

https://github.com/ruby/openssl/commit/558cfbe5f5
---
 test/openssl/test_ssl.rb | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/test/openssl/test_ssl.rb b/test/openssl/test_ssl.rb
index a93668d916..6412250c86 100644
--- a/test/openssl/test_ssl.rb
+++ b/test/openssl/test_ssl.rb
@@ -593,8 +593,7 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase https://github.com/ruby/ruby/blob/trunk/test/openssl/test_ssl.rb#L593
 
     exts = [
       ["keyUsage","keyEncipherment,digitalSignature",true],
-      ["subjectAltName","DNS:localhost.localdomain",false],
-      ["subjectAltName","IP:127.0.0.1",false],
+      ["subjectAltName","DNS:localhost.localdomain,IP:127.0.0.1",false],
     ]
     @svr_cert = issue_cert(@svr, @svr_key, 4, exts, @ca_cert, @ca_key)
     start_server { |port|
-- 
cgit v1.2.1


--
ML: ruby-changes@q...
Info: http://www.atdot.net/~ko1/quickml/

[前][次][番号順一覧][スレッド一覧]