I think you modified the 1.8 versions, but not the 1.9 versions. We
can do the same to the 1.9 versions
(test/externals/ruby1.9/openssl/test_x509req.rb).

We mostly lean on the 1.9 versions of all tests these days, since
that's the path forward.

- Charlie

On Wed, Jan 23, 2013 at 3:47 PM, Matt Hauck <mattha...@gmail.com> wrote:
> I thought I had actually modified the tests to exclude the parts of the test
> the try changing the version.
>
> --
> Matt Hauck
>
> On Wednesday, January 23, 2013 at 1:42 PM, Charles Oliver Nutter wrote:
>
> This seems pretty reasonable to me. I don't like losing the MRI tests,
> so there may be some tweaking we could do to get the meat out of those
> tests without the version logic.
>
> There may also be a case for modifying MRI to disallow version
> modification, but that's not a high priority.
>
> - Charlie
>
> On Wed, Jan 23, 2013 at 3:35 PM, Matt Hauck <mattha...@gmail.com> wrote:
>
> I had emailed about this previously but did not receive any response (email
> subject: "Setting OpenSSL::X509::Request version"), and then put some
> comments here: https://jira.codehaus.org/browse/JRUBY-6793, also with no
> response.
>
> Basically, bouncy castle does not provide an API to do this. The only way to
> do it is to move away from using BC's generator classes, and continue
> hacking the ASN.1 sequence ourselves. The "version" is an internal value
> that refers to the version of the format itself, not the version of the
> file. It should not really be settable by client code. The RFC says "It
> shall be 0 for this version of the standard."
>
> As another example of this. Bouncycastle has two separate generator class
> for certificates: X509V1CertificateGenerator and X509V3CertificateGenerator.
> There is only a "version 0" for PKCS10 though. I argue we should make the
> code that calls "version=" not break, but i think it will be a losing battle
> going forward trying to support it.
>
> --
> Matt Hauck
>
> On Wednesday, January 23, 2013 at 1:18 PM, Charles Oliver Nutter wrote:
>
> On Wed, Jan 23, 2013 at 3:10 PM, Matt Hauck <mattha...@gmail.com> wrote:
>
> The first one fails probably because when it changes the version, it expects
> that the outputted der would have been different, and thus does not match
> the signature anymore.
>
>
> That sounds good to me :-) Perhaps you can figure out the right way
> for us to support version= with the new PKCS10 rewrite you did?
>
> - Charlie
>
> ---------------------------------------------------------------------
> To unsubscribe from this list, please visit:
>
> http://xircles.codehaus.org/manage_email
>
>
> ---------------------------------------------------------------------
> To unsubscribe from this list, please visit:
>
> http://xircles.codehaus.org/manage_email
>
>

---------------------------------------------------------------------
To unsubscribe from this list, please visit:

    http://xircles.codehaus.org/manage_email


Reply via email to