ruby-changes:72477
From: Jarek <ko1@a...>
Date: Sat, 9 Jul 2022 00:31:58 +0900 (JST)
Subject: [ruby-changes:72477] 4d6a29320d (master): [ruby/openssl] Let OpenSSL choose the digest if digest for Openssl::OCSP::BasicResponse#sign is nil.
https://git.ruby-lang.org/ruby.git/commit/?id=4d6a29320d From 4d6a29320dcd758c21944983da28b54037c200da Mon Sep 17 00:00:00 2001 From: Jarek Prokop <jprokop@r...> Date: Tue, 12 Apr 2022 09:44:37 +0200 Subject: [ruby/openssl] Let OpenSSL choose the digest if digest for Openssl::OCSP::BasicResponse#sign is nil. https://github.com/ruby/openssl/commit/27efcd7e1c --- ext/openssl/ossl_ocsp.c | 2 +- test/openssl/test_ocsp.rb | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/ext/openssl/ossl_ocsp.c b/ext/openssl/ossl_ocsp.c index 543df2715e..9c8d768d87 100644 --- a/ext/openssl/ossl_ocsp.c +++ b/ext/openssl/ossl_ocsp.c @@ -1033,7 +1033,7 @@ ossl_ocspbres_sign(int argc, VALUE *argv, VALUE self) https://github.com/ruby/ruby/blob/trunk/ext/openssl/ossl_ocsp.c#L1033 if (!NIL_P(flags)) flg = NUM2INT(flags); if (NIL_P(digest)) - md = EVP_sha1(); + md = NULL; else md = ossl_evp_get_digestbyname(digest); if (NIL_P(certs)) diff --git a/test/openssl/test_ocsp.rb b/test/openssl/test_ocsp.rb index ef7321abd6..85f133752c 100644 --- a/test/openssl/test_ocsp.rb +++ b/test/openssl/test_ocsp.rb @@ -99,7 +99,7 @@ class OpenSSL::TestOCSP < OpenSSL::TestCase https://github.com/ruby/ruby/blob/trunk/test/openssl/test_ocsp.rb#L99 request.sign(@cert, @cert_key, [@ca_cert], 0) asn1 = OpenSSL::ASN1.decode(request.to_der) assert_equal cid.to_der, asn1.value[0].value.find { |a| a.tag_class == :UNIVERSAL }.value[0].value[0].to_der - assert_equal OpenSSL::ASN1.ObjectId("sha1WithRSAEncryption").to_der, asn1.value[1].value[0].value[0].value[0].to_der + assert_equal OpenSSL::ASN1.ObjectId("sha256WithRSAEncryption").to_der, asn1.value[1].value[0].value[0].value[0].to_der assert_equal @cert.to_der, asn1.value[1].value[0].value[2].value[0].value[0].to_der assert_equal @ca_cert.to_der, asn1.value[1].value[0].value[2].value[0].value[1].to_der assert_equal asn1.to_der, OpenSSL::OCSP::Request.new(asn1.to_der).to_der -- cgit v1.2.1 -- ML: ruby-changes@q... Info: http://www.atdot.net/~ko1/quickml/