New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Certificate.new vs Certificate.new(string) #519
Comments
If I understand correctly, the cause of this is what is described here:
cert = OpenSSL::X509::Certificate.new(ARGF.read)
der, pem, text = cert.to_der, cert.to_pem, cert.to_text
cert.serial += 1
p der == cert.to_der # => true
p pem == cert.to_pem # => true
p text == cert.to_text # => false This let me confused. It would be nice to have a method to call https://www.openssl.org/docs/man3.0/man3/i2d_re_X509_tbs.html
|
I agree with your analysis. It's also confusing since the behavior is inconsistent between types, e.g.,
Invalidating cache seems like a side effect, but I think we can add something like |
Thank you.
Thanks for the information.
It sounds reasonable to me. And for example, in the case of X509 Certificate, the Currently |
Ref ruby#519 This makes verifying embedded certificate transparency signatures significantly easier, as otherwise the alternative was manipulating the ASN1 sequence, as in segiddins/sigstore-ruby@656d992
I'm wondering this is why? Confirmed with:
ruby 3.2.0dev (2022-06-10T01:10:27Z master e75cb61d46) [x86_64-linux]
3.0.0
OpenSSL 3.1.0-dev
OpenSSL 1.1.1n 15 Mar 2022
LibreSSL 3.5.2
The text was updated successfully, but these errors were encountered: