[rubygems/rubygems] Provide distinguished name which will be correctly parsed.

It seems that since ruby openssl 2.1.0 [[1]], the distinguished name submitted to `OpenSSL::X509::Name.parse` is not correctly parsed if it does not contain the first slash: ~~~ $ ruby -v ruby 3.0.2p107 (2021-07-07 revision 0db68f0233) [x86_64-linux] $ gem list | grep openssl openssl (default: 2.2.0) $ irb -r openssl irb(main):001:0> OpenSSL::X509::Name.parse("CN=nobody/DC=example").to_s(OpenSSL::X509::Name::ONELINE) => "CN = nobody/DC=example" irb(main):002:0> OpenSSL::X509::Name.parse("/CN=nobody/DC=example").to_s(OpenSSL::X509::Name::ONELINE) => "CN = nobody, DC = example" ~~~ Instead, use `OpenSSL::X509::Name.new` directly as suggested by upstream maintainer. [1]: 19c67cd10c https://github.com/rubygems/rubygems/commit/09ca0c2dae Co-authored-by: Kazuki Yamaguchi <k@rhe.jp>
2021-10-27 16:28:24 +02:00 · 2021-10-27 16:28:24 +02:00 · 94ee88b38c
commit 94ee88b38c
parent eb7ec00d03
2 changed files with 5 additions and 4 deletions
--- a/lib/rubygems/security.rb
+++ b/lib/rubygems/security.rb
@ -510,9 +510,10 @@ module Gem::Security

    dcs = dcs.split '.'

-    name = "CN=#{cn}/#{dcs.map {|dc| "DC=#{dc}" }.join '/'}"
-
-    OpenSSL::X509::Name.parse name
+    OpenSSL::X509::Name.new([
+      ["CN", cn],
+      *dcs.map {|dc| ["DC", dc] },
+    ])
  end

  ##
--- a/test/rubygems/test_gem_security.rb
+++ b/test/rubygems/test_gem_security.rb
@ -196,7 +196,7 @@ class TestGemSecurity < Gem::TestCase

  def test_class_sign
    issuer = PUBLIC_CERT.subject
-    signee = OpenSSL::X509::Name.parse "/CN=signee/DC=example"
+    signee = OpenSSL::X509::Name.new([["CN", "signee"], ["DC", "example"]])

    key  = PRIVATE_KEY
    cert = OpenSSL::X509::Certificate.new