From 94ee88b38cf0a20666e3965f5c9c4d520cf02b22 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?V=C3=ADt=20Ondruch?= <vondruch@redhat.com>
Date: Wed, 27 Oct 2021 16:28:24 +0200
Subject: [PATCH] [rubygems/rubygems] Provide distinguished name which will be
 correctly parsed.

It seems that since ruby openssl 2.1.0 [[1]], the distinguished name
submitted to `OpenSSL::X509::Name.parse` is not correctly parsed if it
does not contain the first slash:

~~~
$ ruby -v
ruby 3.0.2p107 (2021-07-07 revision 0db68f0233) [x86_64-linux]

$ gem list | grep openssl
openssl (default: 2.2.0)

$ irb -r openssl
irb(main):001:0> OpenSSL::X509::Name.parse("CN=nobody/DC=example").to_s(OpenSSL::X509::Name::ONELINE)
=> "CN = nobody/DC=example"
irb(main):002:0> OpenSSL::X509::Name.parse("/CN=nobody/DC=example").to_s(OpenSSL::X509::Name::ONELINE)
=> "CN = nobody, DC = example"
~~~

Instead, use `OpenSSL::X509::Name.new` directly as suggested by upstream
maintainer.

[1]: https://github.com/ruby/openssl/commit/19c67cd10c57f3ab7b13966c36431ebc3fdd653b

https://github.com/rubygems/rubygems/commit/09ca0c2dae

Co-authored-by: Kazuki Yamaguchi <k@rhe.jp>
---
 lib/rubygems/security.rb           | 7 ++++---
 test/rubygems/test_gem_security.rb | 2 +-
 2 files changed, 5 insertions(+), 4 deletions(-)

diff --git a/lib/rubygems/security.rb b/lib/rubygems/security.rb
index 8240a1a059..2275997207 100644
--- a/lib/rubygems/security.rb
+++ b/lib/rubygems/security.rb
@@ -510,9 +510,10 @@ module Gem::Security
 
     dcs = dcs.split '.'
 
-    name = "CN=#{cn}/#{dcs.map {|dc| "DC=#{dc}" }.join '/'}"
-
-    OpenSSL::X509::Name.parse name
+    OpenSSL::X509::Name.new([
+      ["CN", cn],
+      *dcs.map {|dc| ["DC", dc] },
+    ])
   end
 
   ##
diff --git a/test/rubygems/test_gem_security.rb b/test/rubygems/test_gem_security.rb
index d04bd4a8bd..415ec2b5f6 100644
--- a/test/rubygems/test_gem_security.rb
+++ b/test/rubygems/test_gem_security.rb
@@ -196,7 +196,7 @@ class TestGemSecurity < Gem::TestCase
 
   def test_class_sign
     issuer = PUBLIC_CERT.subject
-    signee = OpenSSL::X509::Name.parse "/CN=signee/DC=example"
+    signee = OpenSSL::X509::Name.new([["CN", "signee"], ["DC", "example"]])
 
     key  = PRIVATE_KEY
     cert = OpenSSL::X509::Certificate.new