author | April Chin <april.chin@oracle.com> |
Wed, 17 Jun 2015 14:13:59 -0700 | |
branch | s11u2-sru |
changeset 4528 | 30be54ba3f0e |
permissions | -rw-r--r-- |
4528
30be54ba3f0e
20877842 problem in UTILITY/RUBY
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
1 |
# Fix based on upstream fix to Ruby 2.2.x |
30be54ba3f0e
20877842 problem in UTILITY/RUBY
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
2 |
# https://github.com/ruby/openssl/commit/e9a7bcb8bf2902f907c148a00bbcf21d3fa79596 |
30be54ba3f0e
20877842 problem in UTILITY/RUBY
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
3 |
|
30be54ba3f0e
20877842 problem in UTILITY/RUBY
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
4 |
diff -rup ruby-1.8.7-p374-orig/ext/openssl/lib/openssl/ssl-internal.rb ruby-1.8.7-p374/ext/openssl/lib/openssl/ssl-internal.rb |
30be54ba3f0e
20877842 problem in UTILITY/RUBY
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
5 |
--- ruby-1.8.7-p374-orig/ext/openssl/lib/openssl/ssl-internal.rb 2013-06-27 04:22:26.000000000 -0700 |
30be54ba3f0e
20877842 problem in UTILITY/RUBY
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
6 |
+++ ruby-1.8.7-p374/ext/openssl/lib/openssl/ssl-internal.rb 2015-05-22 09:37:15.297155498 -0700 |
30be54ba3f0e
20877842 problem in UTILITY/RUBY
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
7 |
@@ -96,8 +96,7 @@ module OpenSSL |
30be54ba3f0e
20877842 problem in UTILITY/RUBY
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
8 |
case san.tag |
30be54ba3f0e
20877842 problem in UTILITY/RUBY
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
9 |
when 2 # dNSName in GeneralName (RFC5280) |
30be54ba3f0e
20877842 problem in UTILITY/RUBY
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
10 |
should_verify_common_name = false |
30be54ba3f0e
20877842 problem in UTILITY/RUBY
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
11 |
- reg = Regexp.escape(san.value).gsub(/\\\*/, "[^.]+") |
30be54ba3f0e
20877842 problem in UTILITY/RUBY
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
12 |
- return true if /\A#{reg}\z/i =~ hostname |
30be54ba3f0e
20877842 problem in UTILITY/RUBY
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
13 |
+ return true if verify_hostname(hostname, san.value) |
30be54ba3f0e
20877842 problem in UTILITY/RUBY
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
14 |
when 7 # iPAddress in GeneralName (RFC5280) |
30be54ba3f0e
20877842 problem in UTILITY/RUBY
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
15 |
should_verify_common_name = false |
30be54ba3f0e
20877842 problem in UTILITY/RUBY
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
16 |
# follows GENERAL_NAME_print() in x509v3/v3_alt.c |
30be54ba3f0e
20877842 problem in UTILITY/RUBY
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
17 |
@@ -112,8 +111,7 @@ module OpenSSL |
30be54ba3f0e
20877842 problem in UTILITY/RUBY
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
18 |
if should_verify_common_name |
30be54ba3f0e
20877842 problem in UTILITY/RUBY
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
19 |
cert.subject.to_a.each{|oid, value| |
30be54ba3f0e
20877842 problem in UTILITY/RUBY
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
20 |
if oid == "CN" |
30be54ba3f0e
20877842 problem in UTILITY/RUBY
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
21 |
- reg = Regexp.escape(value).gsub(/\\\*/, "[^.]+") |
30be54ba3f0e
20877842 problem in UTILITY/RUBY
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
22 |
- return true if /\A#{reg}\z/i =~ hostname |
30be54ba3f0e
20877842 problem in UTILITY/RUBY
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
23 |
+ return true if verify_hostname(hostname, value) |
30be54ba3f0e
20877842 problem in UTILITY/RUBY
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
24 |
end |
30be54ba3f0e
20877842 problem in UTILITY/RUBY
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
25 |
} |
30be54ba3f0e
20877842 problem in UTILITY/RUBY
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
26 |
end |
30be54ba3f0e
20877842 problem in UTILITY/RUBY
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
27 |
@@ -121,6 +119,57 @@ module OpenSSL |
30be54ba3f0e
20877842 problem in UTILITY/RUBY
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
28 |
end |
30be54ba3f0e
20877842 problem in UTILITY/RUBY
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
29 |
module_function :verify_certificate_identity |
30be54ba3f0e
20877842 problem in UTILITY/RUBY
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
30 |
|
30be54ba3f0e
20877842 problem in UTILITY/RUBY
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
31 |
+ def verify_hostname(hostname, san) # :nodoc: |
30be54ba3f0e
20877842 problem in UTILITY/RUBY
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
32 |
+ # RFC 5280, IA5String is limited to the set of ASCII characters |
30be54ba3f0e
20877842 problem in UTILITY/RUBY
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
33 |
+ return false if san =~ /[\x80-\xff]/ |
30be54ba3f0e
20877842 problem in UTILITY/RUBY
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
34 |
+ return false if hostname =~ /[\x80-\xff]/ |
30be54ba3f0e
20877842 problem in UTILITY/RUBY
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
35 |
+ |
30be54ba3f0e
20877842 problem in UTILITY/RUBY
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
36 |
+ # See RFC 6125, section 6.4.1 |
30be54ba3f0e
20877842 problem in UTILITY/RUBY
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
37 |
+ # Matching is case-insensitive. |
30be54ba3f0e
20877842 problem in UTILITY/RUBY
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
38 |
+ san_parts = san.downcase.split(".") |
30be54ba3f0e
20877842 problem in UTILITY/RUBY
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
39 |
+ |
30be54ba3f0e
20877842 problem in UTILITY/RUBY
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
40 |
+ # TODO: this behavior should probably be more strict |
30be54ba3f0e
20877842 problem in UTILITY/RUBY
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
41 |
+ return san == hostname if san_parts.size < 2 |
30be54ba3f0e
20877842 problem in UTILITY/RUBY
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
42 |
+ |
30be54ba3f0e
20877842 problem in UTILITY/RUBY
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
43 |
+ # Matching is case-insensitive. |
30be54ba3f0e
20877842 problem in UTILITY/RUBY
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
44 |
+ host_parts = hostname.downcase.split(".") |
30be54ba3f0e
20877842 problem in UTILITY/RUBY
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
45 |
+ |
30be54ba3f0e
20877842 problem in UTILITY/RUBY
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
46 |
+ # RFC 6125, section 6.4.3, subitem 2. |
30be54ba3f0e
20877842 problem in UTILITY/RUBY
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
47 |
+ # If the wildcard character is the only character of the left-most |
30be54ba3f0e
20877842 problem in UTILITY/RUBY
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
48 |
+ # label in the presented identifier, the client SHOULD NOT compare |
30be54ba3f0e
20877842 problem in UTILITY/RUBY
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
49 |
+ # against anything but the left-most label of the reference |
30be54ba3f0e
20877842 problem in UTILITY/RUBY
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
50 |
+ # identifier (e.g., *.example.com would match foo.example.com but |
30be54ba3f0e
20877842 problem in UTILITY/RUBY
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
51 |
+ # not bar.foo.example.com or example.com). |
30be54ba3f0e
20877842 problem in UTILITY/RUBY
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
52 |
+ return false unless san_parts.size == host_parts.size |
30be54ba3f0e
20877842 problem in UTILITY/RUBY
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
53 |
+ |
30be54ba3f0e
20877842 problem in UTILITY/RUBY
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
54 |
+ # RFC 6125, section 6.4.3, subitem 1. |
30be54ba3f0e
20877842 problem in UTILITY/RUBY
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
55 |
+ # The client SHOULD NOT attempt to match a presented identifier in |
30be54ba3f0e
20877842 problem in UTILITY/RUBY
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
56 |
+ # which the wildcard character comprises a label other than the |
30be54ba3f0e
20877842 problem in UTILITY/RUBY
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
57 |
+ # left-most label (e.g., do not match bar.*.example.net). |
30be54ba3f0e
20877842 problem in UTILITY/RUBY
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
58 |
+ return false unless verify_wildcard(host_parts.shift, san_parts.shift) |
30be54ba3f0e
20877842 problem in UTILITY/RUBY
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
59 |
+ |
30be54ba3f0e
20877842 problem in UTILITY/RUBY
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
60 |
+ san_parts.join(".") == host_parts.join(".") |
30be54ba3f0e
20877842 problem in UTILITY/RUBY
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
61 |
+ end |
30be54ba3f0e
20877842 problem in UTILITY/RUBY
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
62 |
+ module_function :verify_hostname |
30be54ba3f0e
20877842 problem in UTILITY/RUBY
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
63 |
+ |
30be54ba3f0e
20877842 problem in UTILITY/RUBY
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
64 |
+ def verify_wildcard(domain_component, san_component) # :nodoc: |
30be54ba3f0e
20877842 problem in UTILITY/RUBY
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
65 |
+ parts = san_component.split("*", -1) |
30be54ba3f0e
20877842 problem in UTILITY/RUBY
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
66 |
+ |
30be54ba3f0e
20877842 problem in UTILITY/RUBY
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
67 |
+ return false if parts.size > 2 |
30be54ba3f0e
20877842 problem in UTILITY/RUBY
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
68 |
+ return san_component == domain_component if parts.size == 1 |
30be54ba3f0e
20877842 problem in UTILITY/RUBY
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
69 |
+ |
30be54ba3f0e
20877842 problem in UTILITY/RUBY
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
70 |
+ # RFC 6125, section 6.4.3, subitem 3. |
30be54ba3f0e
20877842 problem in UTILITY/RUBY
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
71 |
+ # The client SHOULD NOT attempt to match a presented identifier |
30be54ba3f0e
20877842 problem in UTILITY/RUBY
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
72 |
+ # where the wildcard character is embedded within an A-label or |
30be54ba3f0e
20877842 problem in UTILITY/RUBY
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
73 |
+ # U-label of an internationalized domain name. |
30be54ba3f0e
20877842 problem in UTILITY/RUBY
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
74 |
+ return false if domain_component.start_with?("xn--") && san_component != "*" |
30be54ba3f0e
20877842 problem in UTILITY/RUBY
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
75 |
+ |
30be54ba3f0e
20877842 problem in UTILITY/RUBY
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
76 |
+ parts[0].length + parts[1].length < domain_component.length && |
30be54ba3f0e
20877842 problem in UTILITY/RUBY
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
77 |
+ domain_component.start_with?(parts[0]) && |
30be54ba3f0e
20877842 problem in UTILITY/RUBY
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
78 |
+ domain_component.end_with?(parts[1]) |
30be54ba3f0e
20877842 problem in UTILITY/RUBY
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
79 |
+ end |
30be54ba3f0e
20877842 problem in UTILITY/RUBY
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
80 |
+ module_function :verify_wildcard |
30be54ba3f0e
20877842 problem in UTILITY/RUBY
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
81 |
+ |
30be54ba3f0e
20877842 problem in UTILITY/RUBY
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
82 |
class SSLSocket |
30be54ba3f0e
20877842 problem in UTILITY/RUBY
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
83 |
include Buffering |
30be54ba3f0e
20877842 problem in UTILITY/RUBY
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
84 |
include SocketForwarder |
30be54ba3f0e
20877842 problem in UTILITY/RUBY
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
85 |
diff -rup ruby-1.8.7-p374-orig/test/openssl/test_ssl.rb ruby-1.8.7-p374/test/openssl/test_ssl.rb |
30be54ba3f0e
20877842 problem in UTILITY/RUBY
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
86 |
--- ruby-1.8.7-p374-orig/test/openssl/test_ssl.rb 2013-06-27 04:56:26.000000000 -0700 |
30be54ba3f0e
20877842 problem in UTILITY/RUBY
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
87 |
+++ ruby-1.8.7-p374/test/openssl/test_ssl.rb 2015-05-22 09:20:43.087572444 -0700 |
30be54ba3f0e
20877842 problem in UTILITY/RUBY
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
88 |
@@ -569,6 +569,157 @@ class OpenSSL::TestSSL < Test::Unit::Tes |
30be54ba3f0e
20877842 problem in UTILITY/RUBY
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
89 |
assert_equal(false, OpenSSL::SSL.verify_certificate_identity(cert, '13::17')) |
30be54ba3f0e
20877842 problem in UTILITY/RUBY
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
90 |
assert_equal(true, OpenSSL::SSL.verify_certificate_identity(cert, '13:0:0:0:0:0:0:17')) |
30be54ba3f0e
20877842 problem in UTILITY/RUBY
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
91 |
end |
30be54ba3f0e
20877842 problem in UTILITY/RUBY
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
92 |
+ |
30be54ba3f0e
20877842 problem in UTILITY/RUBY
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
93 |
+ def test_verify_hostname |
30be54ba3f0e
20877842 problem in UTILITY/RUBY
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
94 |
+ assert_equal(true, OpenSSL::SSL.verify_hostname("www.example.com", "*.example.com")) |
30be54ba3f0e
20877842 problem in UTILITY/RUBY
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
95 |
+ assert_equal(false, OpenSSL::SSL.verify_hostname("www.subdomain.example.com", "*.example.com")) |
30be54ba3f0e
20877842 problem in UTILITY/RUBY
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
96 |
+ end |
30be54ba3f0e
20877842 problem in UTILITY/RUBY
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
97 |
+ |
30be54ba3f0e
20877842 problem in UTILITY/RUBY
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
98 |
+ def test_verify_wildcard |
30be54ba3f0e
20877842 problem in UTILITY/RUBY
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
99 |
+ assert_equal(false, OpenSSL::SSL.verify_wildcard("foo", "x*")) |
30be54ba3f0e
20877842 problem in UTILITY/RUBY
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
100 |
+ assert_equal(true, OpenSSL::SSL.verify_wildcard("foo", "foo")) |
30be54ba3f0e
20877842 problem in UTILITY/RUBY
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
101 |
+ assert_equal(true, OpenSSL::SSL.verify_wildcard("foo", "f*")) |
30be54ba3f0e
20877842 problem in UTILITY/RUBY
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
102 |
+ assert_equal(true, OpenSSL::SSL.verify_wildcard("foo", "*")) |
30be54ba3f0e
20877842 problem in UTILITY/RUBY
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
103 |
+ assert_equal(false, OpenSSL::SSL.verify_wildcard("abc*bcd", "abcd")) |
30be54ba3f0e
20877842 problem in UTILITY/RUBY
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
104 |
+ assert_equal(false, OpenSSL::SSL.verify_wildcard("xn--qdk4b9b", "x*")) |
30be54ba3f0e
20877842 problem in UTILITY/RUBY
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
105 |
+ assert_equal(false, OpenSSL::SSL.verify_wildcard("xn--qdk4b9b", "*--qdk4b9b")) |
30be54ba3f0e
20877842 problem in UTILITY/RUBY
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
106 |
+ assert_equal(true, OpenSSL::SSL.verify_wildcard("xn--qdk4b9b", "xn--qdk4b9b")) |
30be54ba3f0e
20877842 problem in UTILITY/RUBY
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
107 |
+ end |
30be54ba3f0e
20877842 problem in UTILITY/RUBY
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
108 |
+ |
30be54ba3f0e
20877842 problem in UTILITY/RUBY
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
109 |
+ # Comments in this test is excerpted from http://tools.ietf.org/html/rfc6125#page-27 |
30be54ba3f0e
20877842 problem in UTILITY/RUBY
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
110 |
+ def test_post_connection_check_wildcard_san |
30be54ba3f0e
20877842 problem in UTILITY/RUBY
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
111 |
+ # case-insensitive ASCII comparison |
30be54ba3f0e
20877842 problem in UTILITY/RUBY
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
112 |
+ # RFC 6125, section 6.4.1 |
30be54ba3f0e
20877842 problem in UTILITY/RUBY
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
113 |
+ # |
30be54ba3f0e
20877842 problem in UTILITY/RUBY
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
114 |
+ # "..matching of the reference identifier against the presented identifier |
30be54ba3f0e
20877842 problem in UTILITY/RUBY
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
115 |
+ # is performed by comparing the set of domain name labels using a |
30be54ba3f0e
20877842 problem in UTILITY/RUBY
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
116 |
+ # case-insensitive ASCII comparison, as clarified by [DNS-CASE] (e.g., |
30be54ba3f0e
20877842 problem in UTILITY/RUBY
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
117 |
+ # "WWW.Example.Com" would be lower-cased to "www.example.com" for |
30be54ba3f0e
20877842 problem in UTILITY/RUBY
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
118 |
+ # comparison purposes) |
30be54ba3f0e
20877842 problem in UTILITY/RUBY
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
119 |
+ assert_equal(true, OpenSSL::SSL.verify_certificate_identity( |
30be54ba3f0e
20877842 problem in UTILITY/RUBY
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
120 |
+ create_cert_with_san('DNS:*.example.com'), 'www.example.com')) |
30be54ba3f0e
20877842 problem in UTILITY/RUBY
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
121 |
+ assert_equal(true, OpenSSL::SSL.verify_certificate_identity( |
30be54ba3f0e
20877842 problem in UTILITY/RUBY
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
122 |
+ create_cert_with_san('DNS:*.Example.COM'), 'www.example.com')) |
30be54ba3f0e
20877842 problem in UTILITY/RUBY
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
123 |
+ assert_equal(true, OpenSSL::SSL.verify_certificate_identity( |
30be54ba3f0e
20877842 problem in UTILITY/RUBY
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
124 |
+ create_cert_with_san('DNS:*.example.com'), 'WWW.Example.COM')) |
30be54ba3f0e
20877842 problem in UTILITY/RUBY
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
125 |
+ # 1. The client SHOULD NOT attempt to match a presented identifier in |
30be54ba3f0e
20877842 problem in UTILITY/RUBY
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
126 |
+ # which the wildcard character comprises a label other than the |
30be54ba3f0e
20877842 problem in UTILITY/RUBY
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
127 |
+ # left-most label (e.g., do not match bar.*.example.net). |
30be54ba3f0e
20877842 problem in UTILITY/RUBY
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
128 |
+ assert_equal(false, OpenSSL::SSL.verify_certificate_identity( |
30be54ba3f0e
20877842 problem in UTILITY/RUBY
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
129 |
+ create_cert_with_san('DNS:www.*.com'), 'www.example.com')) |
30be54ba3f0e
20877842 problem in UTILITY/RUBY
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
130 |
+ # 2. If the wildcard character is the only character of the left-most |
30be54ba3f0e
20877842 problem in UTILITY/RUBY
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
131 |
+ # label in the presented identifier, the client SHOULD NOT compare |
30be54ba3f0e
20877842 problem in UTILITY/RUBY
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
132 |
+ # against anything but the left-most label of the reference |
30be54ba3f0e
20877842 problem in UTILITY/RUBY
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
133 |
+ # identifier (e.g., *.example.com would match foo.example.com but |
30be54ba3f0e
20877842 problem in UTILITY/RUBY
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
134 |
+ # not bar.foo.example.com or example.com). |
30be54ba3f0e
20877842 problem in UTILITY/RUBY
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
135 |
+ assert_equal(true, OpenSSL::SSL.verify_certificate_identity( |
30be54ba3f0e
20877842 problem in UTILITY/RUBY
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
136 |
+ create_cert_with_san('DNS:*.example.com'), 'foo.example.com')) |
30be54ba3f0e
20877842 problem in UTILITY/RUBY
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
137 |
+ assert_equal(false, OpenSSL::SSL.verify_certificate_identity( |
30be54ba3f0e
20877842 problem in UTILITY/RUBY
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
138 |
+ create_cert_with_san('DNS:*.example.com'), 'bar.foo.example.com')) |
30be54ba3f0e
20877842 problem in UTILITY/RUBY
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
139 |
+ # 3. The client MAY match a presented identifier in which the wildcard |
30be54ba3f0e
20877842 problem in UTILITY/RUBY
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
140 |
+ # character is not the only character of the label (e.g., |
30be54ba3f0e
20877842 problem in UTILITY/RUBY
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
141 |
+ # baz*.example.net and *baz.example.net and b*z.example.net would |
30be54ba3f0e
20877842 problem in UTILITY/RUBY
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
142 |
+ # be taken to match baz1.example.net and foobaz.example.net and |
30be54ba3f0e
20877842 problem in UTILITY/RUBY
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
143 |
+ # buzz.example.net, respectively). ... |
30be54ba3f0e
20877842 problem in UTILITY/RUBY
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
144 |
+ assert_equal(true, OpenSSL::SSL.verify_certificate_identity( |
30be54ba3f0e
20877842 problem in UTILITY/RUBY
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
145 |
+ create_cert_with_san('DNS:baz*.example.com'), 'baz1.example.com')) |
30be54ba3f0e
20877842 problem in UTILITY/RUBY
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
146 |
+ assert_equal(true, OpenSSL::SSL.verify_certificate_identity( |
30be54ba3f0e
20877842 problem in UTILITY/RUBY
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
147 |
+ create_cert_with_san('DNS:*baz.example.com'), 'foobaz.example.com')) |
30be54ba3f0e
20877842 problem in UTILITY/RUBY
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
148 |
+ assert_equal(true, OpenSSL::SSL.verify_certificate_identity( |
30be54ba3f0e
20877842 problem in UTILITY/RUBY
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
149 |
+ create_cert_with_san('DNS:b*z.example.com'), 'buzz.example.com')) |
30be54ba3f0e
20877842 problem in UTILITY/RUBY
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
150 |
+ # Section 6.4.3 of RFC6125 states that client should NOT match identifier |
30be54ba3f0e
20877842 problem in UTILITY/RUBY
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
151 |
+ # where wildcard is other than left-most label. |
30be54ba3f0e
20877842 problem in UTILITY/RUBY
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
152 |
+ # |
30be54ba3f0e
20877842 problem in UTILITY/RUBY
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
153 |
+ # Also implicitly mentions the wildcard character only in singular form, |
30be54ba3f0e
20877842 problem in UTILITY/RUBY
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
154 |
+ # and discourages matching against more than one wildcard. |
30be54ba3f0e
20877842 problem in UTILITY/RUBY
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
155 |
+ # |
30be54ba3f0e
20877842 problem in UTILITY/RUBY
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
156 |
+ # See RFC 6125, section 7.2, subitem 2. |
30be54ba3f0e
20877842 problem in UTILITY/RUBY
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
157 |
+ assert_equal(false, OpenSSL::SSL.verify_certificate_identity( |
30be54ba3f0e
20877842 problem in UTILITY/RUBY
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
158 |
+ create_cert_with_san('DNS:*b*.example.com'), 'abc.example.com')) |
30be54ba3f0e
20877842 problem in UTILITY/RUBY
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
159 |
+ assert_equal(false, OpenSSL::SSL.verify_certificate_identity( |
30be54ba3f0e
20877842 problem in UTILITY/RUBY
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
160 |
+ create_cert_with_san('DNS:*b*.example.com'), 'ab.example.com')) |
30be54ba3f0e
20877842 problem in UTILITY/RUBY
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
161 |
+ assert_equal(false, OpenSSL::SSL.verify_certificate_identity( |
30be54ba3f0e
20877842 problem in UTILITY/RUBY
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
162 |
+ create_cert_with_san('DNS:*b*.example.com'), 'bc.example.com')) |
30be54ba3f0e
20877842 problem in UTILITY/RUBY
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
163 |
+ # ... However, the client SHOULD NOT |
30be54ba3f0e
20877842 problem in UTILITY/RUBY
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
164 |
+ # attempt to match a presented identifier where the wildcard |
30be54ba3f0e
20877842 problem in UTILITY/RUBY
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
165 |
+ # character is embedded within an A-label or U-label [IDNA-DEFS] of |
30be54ba3f0e
20877842 problem in UTILITY/RUBY
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
166 |
+ # an internationalized domain name [IDNA-PROTO]. |
30be54ba3f0e
20877842 problem in UTILITY/RUBY
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
167 |
+ assert_equal(true, OpenSSL::SSL.verify_certificate_identity( |
30be54ba3f0e
20877842 problem in UTILITY/RUBY
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
168 |
+ create_cert_with_san('DNS:xn*.example.com'), 'xn1ca.example.com')) |
30be54ba3f0e
20877842 problem in UTILITY/RUBY
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
169 |
+ # part of A-label |
30be54ba3f0e
20877842 problem in UTILITY/RUBY
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
170 |
+ assert_equal(false, OpenSSL::SSL.verify_certificate_identity( |
30be54ba3f0e
20877842 problem in UTILITY/RUBY
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
171 |
+ create_cert_with_san('DNS:xn--*.example.com'), 'xn--1ca.example.com')) |
30be54ba3f0e
20877842 problem in UTILITY/RUBY
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
172 |
+ # part of U-label |
30be54ba3f0e
20877842 problem in UTILITY/RUBY
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
173 |
+ # dNSName in RFC5280 is an IA5String so U-label should NOT be allowed |
30be54ba3f0e
20877842 problem in UTILITY/RUBY
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
174 |
+ # regardless of wildcard. |
30be54ba3f0e
20877842 problem in UTILITY/RUBY
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
175 |
+ # |
30be54ba3f0e
20877842 problem in UTILITY/RUBY
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
176 |
+ # See Section 7.2 of RFC 5280: |
30be54ba3f0e
20877842 problem in UTILITY/RUBY
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
177 |
+ # IA5String is limited to the set of ASCII characters. |
30be54ba3f0e
20877842 problem in UTILITY/RUBY
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
178 |
+ assert_equal(false, OpenSSL::SSL.verify_certificate_identity( |
30be54ba3f0e
20877842 problem in UTILITY/RUBY
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
179 |
+ create_cert_with_san('DNS:á*.example.com'), 'á1.example.com')) |
30be54ba3f0e
20877842 problem in UTILITY/RUBY
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
180 |
+ end |
30be54ba3f0e
20877842 problem in UTILITY/RUBY
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
181 |
+ |
30be54ba3f0e
20877842 problem in UTILITY/RUBY
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
182 |
+ def test_post_connection_check_wildcard_cn |
30be54ba3f0e
20877842 problem in UTILITY/RUBY
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
183 |
+ assert_equal(true, OpenSSL::SSL.verify_certificate_identity( |
30be54ba3f0e
20877842 problem in UTILITY/RUBY
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
184 |
+ create_cert_with_name('*.example.com'), 'www.example.com')) |
30be54ba3f0e
20877842 problem in UTILITY/RUBY
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
185 |
+ assert_equal(true, OpenSSL::SSL.verify_certificate_identity( |
30be54ba3f0e
20877842 problem in UTILITY/RUBY
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
186 |
+ create_cert_with_name('*.Example.COM'), 'www.example.com')) |
30be54ba3f0e
20877842 problem in UTILITY/RUBY
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
187 |
+ assert_equal(true, OpenSSL::SSL.verify_certificate_identity( |
30be54ba3f0e
20877842 problem in UTILITY/RUBY
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
188 |
+ create_cert_with_name('*.example.com'), 'WWW.Example.COM')) |
30be54ba3f0e
20877842 problem in UTILITY/RUBY
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
189 |
+ assert_equal(false, OpenSSL::SSL.verify_certificate_identity( |
30be54ba3f0e
20877842 problem in UTILITY/RUBY
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
190 |
+ create_cert_with_name('www.*.com'), 'www.example.com')) |
30be54ba3f0e
20877842 problem in UTILITY/RUBY
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
191 |
+ assert_equal(true, OpenSSL::SSL.verify_certificate_identity( |
30be54ba3f0e
20877842 problem in UTILITY/RUBY
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
192 |
+ create_cert_with_name('*.example.com'), 'foo.example.com')) |
30be54ba3f0e
20877842 problem in UTILITY/RUBY
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
193 |
+ assert_equal(false, OpenSSL::SSL.verify_certificate_identity( |
30be54ba3f0e
20877842 problem in UTILITY/RUBY
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
194 |
+ create_cert_with_name('*.example.com'), 'bar.foo.example.com')) |
30be54ba3f0e
20877842 problem in UTILITY/RUBY
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
195 |
+ assert_equal(true, OpenSSL::SSL.verify_certificate_identity( |
30be54ba3f0e
20877842 problem in UTILITY/RUBY
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
196 |
+ create_cert_with_name('baz*.example.com'), 'baz1.example.com')) |
30be54ba3f0e
20877842 problem in UTILITY/RUBY
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
197 |
+ assert_equal(true, OpenSSL::SSL.verify_certificate_identity( |
30be54ba3f0e
20877842 problem in UTILITY/RUBY
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
198 |
+ create_cert_with_name('*baz.example.com'), 'foobaz.example.com')) |
30be54ba3f0e
20877842 problem in UTILITY/RUBY
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
199 |
+ assert_equal(true, OpenSSL::SSL.verify_certificate_identity( |
30be54ba3f0e
20877842 problem in UTILITY/RUBY
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
200 |
+ create_cert_with_name('b*z.example.com'), 'buzz.example.com')) |
30be54ba3f0e
20877842 problem in UTILITY/RUBY
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
201 |
+ # Section 6.4.3 of RFC6125 states that client should NOT match identifier |
30be54ba3f0e
20877842 problem in UTILITY/RUBY
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
202 |
+ # where wildcard is other than left-most label. |
30be54ba3f0e
20877842 problem in UTILITY/RUBY
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
203 |
+ # |
30be54ba3f0e
20877842 problem in UTILITY/RUBY
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
204 |
+ # Also implicitly mentions the wildcard character only in singular form, |
30be54ba3f0e
20877842 problem in UTILITY/RUBY
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
205 |
+ # and discourages matching against more than one wildcard. |
30be54ba3f0e
20877842 problem in UTILITY/RUBY
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
206 |
+ # |
30be54ba3f0e
20877842 problem in UTILITY/RUBY
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
207 |
+ # See RFC 6125, section 7.2, subitem 2. |
30be54ba3f0e
20877842 problem in UTILITY/RUBY
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
208 |
+ assert_equal(false, OpenSSL::SSL.verify_certificate_identity( |
30be54ba3f0e
20877842 problem in UTILITY/RUBY
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
209 |
+ create_cert_with_name('*b*.example.com'), 'abc.example.com')) |
30be54ba3f0e
20877842 problem in UTILITY/RUBY
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
210 |
+ assert_equal(false, OpenSSL::SSL.verify_certificate_identity( |
30be54ba3f0e
20877842 problem in UTILITY/RUBY
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
211 |
+ create_cert_with_name('*b*.example.com'), 'ab.example.com')) |
30be54ba3f0e
20877842 problem in UTILITY/RUBY
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
212 |
+ assert_equal(false, OpenSSL::SSL.verify_certificate_identity( |
30be54ba3f0e
20877842 problem in UTILITY/RUBY
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
213 |
+ create_cert_with_name('*b*.example.com'), 'bc.example.com')) |
30be54ba3f0e
20877842 problem in UTILITY/RUBY
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
214 |
+ assert_equal(true, OpenSSL::SSL.verify_certificate_identity( |
30be54ba3f0e
20877842 problem in UTILITY/RUBY
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
215 |
+ create_cert_with_name('xn*.example.com'), 'xn1ca.example.com')) |
30be54ba3f0e
20877842 problem in UTILITY/RUBY
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
216 |
+ assert_equal(false, OpenSSL::SSL.verify_certificate_identity( |
30be54ba3f0e
20877842 problem in UTILITY/RUBY
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
217 |
+ create_cert_with_name('xn--*.example.com'), 'xn--1ca.example.com')) |
30be54ba3f0e
20877842 problem in UTILITY/RUBY
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
218 |
+ # part of U-label |
30be54ba3f0e
20877842 problem in UTILITY/RUBY
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
219 |
+ # Subject in RFC5280 states case-insensitive ASCII comparison. |
30be54ba3f0e
20877842 problem in UTILITY/RUBY
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
220 |
+ # |
30be54ba3f0e
20877842 problem in UTILITY/RUBY
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
221 |
+ # See Section 7.2 of RFC 5280: |
30be54ba3f0e
20877842 problem in UTILITY/RUBY
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
222 |
+ # IA5String is limited to the set of ASCII characters. |
30be54ba3f0e
20877842 problem in UTILITY/RUBY
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
223 |
+ assert_equal(false, OpenSSL::SSL.verify_certificate_identity( |
30be54ba3f0e
20877842 problem in UTILITY/RUBY
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
224 |
+ create_cert_with_name('á*.example.com'), 'á1.example.com')) |
30be54ba3f0e
20877842 problem in UTILITY/RUBY
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
225 |
+ end |
30be54ba3f0e
20877842 problem in UTILITY/RUBY
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
226 |
+ |
30be54ba3f0e
20877842 problem in UTILITY/RUBY
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
227 |
+ def create_cert_with_san(san) |
30be54ba3f0e
20877842 problem in UTILITY/RUBY
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
228 |
+ ef = OpenSSL::X509::ExtensionFactory.new |
30be54ba3f0e
20877842 problem in UTILITY/RUBY
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
229 |
+ cert = OpenSSL::X509::Certificate.new |
30be54ba3f0e
20877842 problem in UTILITY/RUBY
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
230 |
+ cert.subject = OpenSSL::X509::Name.parse("/DC=some/DC=site/CN=Some Site") |
30be54ba3f0e
20877842 problem in UTILITY/RUBY
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
231 |
+ ext = ef.create_ext('subjectAltName', san) |
30be54ba3f0e
20877842 problem in UTILITY/RUBY
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
232 |
+ cert.add_extension(ext) |
30be54ba3f0e
20877842 problem in UTILITY/RUBY
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
233 |
+ cert |
30be54ba3f0e
20877842 problem in UTILITY/RUBY
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
234 |
+ end |
30be54ba3f0e
20877842 problem in UTILITY/RUBY
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
235 |
+ |
30be54ba3f0e
20877842 problem in UTILITY/RUBY
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
236 |
+ def create_cert_with_name(name) |
30be54ba3f0e
20877842 problem in UTILITY/RUBY
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
237 |
+ cert = OpenSSL::X509::Certificate.new |
30be54ba3f0e
20877842 problem in UTILITY/RUBY
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
238 |
+ cert.subject = OpenSSL::X509::Name.new([['DC', 'some'], ['DC', 'site'], ['CN', name]]) |
30be54ba3f0e
20877842 problem in UTILITY/RUBY
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
239 |
+ cert |
30be54ba3f0e
20877842 problem in UTILITY/RUBY
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
240 |
+ end |
30be54ba3f0e
20877842 problem in UTILITY/RUBY
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
241 |
+ |
30be54ba3f0e
20877842 problem in UTILITY/RUBY
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
242 |
+ |
30be54ba3f0e
20877842 problem in UTILITY/RUBY
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
243 |
end |
30be54ba3f0e
20877842 problem in UTILITY/RUBY
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
244 |
|
30be54ba3f0e
20877842 problem in UTILITY/RUBY
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
245 |
end |