OpenSSL certificate file name generation throws UnknownFormatConversionException
--------------------------------------------------------------------------------
Key: JRUBY-2913
URL: http://jira.codehaus.org/browse/JRUBY-2913
Project: JRuby
Issue Type: Bug
Components: OpenSSL
Environment: uname -a : FreeBSD oogway.the 7.0-RELEASE-p3 FreeBSD
7.0-RELEASE-p3 #0: Sun Jul 13 22:09:37 EDT 2008 [EMAIL
PROTECTED]:/usr/obj/usr/src/sys/OOGWAY20080712a amd64
java -version : java version "1.6.0_07" / Diablo Java(TM) SE Runtime
Environment (build 1.6.0_07-b02) / Diablo Java HotSpot(TM) 64-Bit Server VM
(build 10.0-b23, mixed mode)
ant -version : Apache Ant version 1.7.0 compiled on December 13 2006
Reporter: Geoff The
Attachments: lookup.patch
Running the below script (modified version of the script from JRUBY-2185):
{noformat}
require 'rubygems'
require 'openssl'
require 'net/https'
uri = URI.parse('https://www.paypal.com')
http = Net::HTTP.new(uri.host, uri.port)
http.set_debug_output STDERR
http.verify_mode = OpenSSL::SSL::VERIFY_PEER
http.ca_path = "./"
http.use_ssl = true
response = http.start do |s|
p s.get(uri.request_uri).length
end
{noformat}
Will output:
{noformat}
/usr/local/share/jruby-1.1.3/lib/ruby/1.8/net/http.rb:557:in `connect':
certificate verify failed (OpenSSL::SSL::SSLError)
from /usr/local/share/jruby-1.1.3/lib/ruby/1.8/net/http.rb:557:in
`do_start'
from /usr/local/share/jruby-1.1.3/lib/ruby/1.8/net/http.rb:546:in
`start'
from 2:13
{noformat}
The exception that is causing the verify to fail is:
{noformat}
java.util.UnknownFormatConversionException: Conversion = 'l'
at java.util.Formatter$FormatSpecifier.conversion(Formatter.java:2605)
at java.util.Formatter$FormatSpecifier.<init>(Formatter.java:2633)
at java.util.Formatter.parse(Formatter.java:2479)
at java.util.Formatter.format(Formatter.java:2413)
at java.util.Formatter.format(Formatter.java:2366)
at java.lang.String.format(String.java:2770)
at
org.jruby.ext.openssl.x509store.X509_LOOKUP$Dir_GetCertBySubject.call(X509_LOOKUP.java:435)
at
org.jruby.ext.openssl.x509store.X509_LOOKUP.by_subject(X509_LOOKUP.java:233)
at
org.jruby.ext.openssl.x509store.X509_STORE_CTX.get_by_subject(X509_STORE_CTX.java:488)
at
org.jruby.ext.openssl.x509store.X509_STORE_CTX.get1_issuer(X509_STORE_CTX.java:108)
at
org.jruby.ext.openssl.x509store.X509_STORE_CTX$1.call(X509_STORE_CTX.java:222)
at
org.jruby.ext.openssl.x509store.X509_STORE_CTX.verify_cert(X509_STORE_CTX.java:561)
at
org.jruby.ext.openssl.SSLContext$TM.checkServerTrusted(SSLContext.java:300)
...
{noformat}
Which is due to this line in Lookup.java:
{noformat}
b.append(String.format("%s/%08lx.%s%d",new Object[]{cdir,new
Long(h),postfix,new Integer(k)}));
{noformat}
In my experience, certificates come packaged as files with names in the form
{{<8-digit hex>.0}} -- a common package of certificates can be found at
http://mirbsd.mirsolutions.de/cvs.cgi/src/etc/ssl.certs.shar , so the patch ads
code to correctly format the hash portion of the filename as an 8 digit hex
string.
The patch is based on current TRUNK (r1102). FWIW, I ran into this issue
trying to run s3sync (http://s3sync.net/wiki) with jruby.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://jira.codehaus.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe from this list, please visit:
http://xircles.codehaus.org/manage_email
