I think you modified the 1.8 versions, but not the 1.9 versions. We can do the same to the 1.9 versions (test/externals/ruby1.9/openssl/test_x509req.rb).
We mostly lean on the 1.9 versions of all tests these days, since that's the path forward. - Charlie On Wed, Jan 23, 2013 at 3:47 PM, Matt Hauck <mattha...@gmail.com> wrote: > I thought I had actually modified the tests to exclude the parts of the test > the try changing the version. > > -- > Matt Hauck > > On Wednesday, January 23, 2013 at 1:42 PM, Charles Oliver Nutter wrote: > > This seems pretty reasonable to me. I don't like losing the MRI tests, > so there may be some tweaking we could do to get the meat out of those > tests without the version logic. > > There may also be a case for modifying MRI to disallow version > modification, but that's not a high priority. > > - Charlie > > On Wed, Jan 23, 2013 at 3:35 PM, Matt Hauck <mattha...@gmail.com> wrote: > > I had emailed about this previously but did not receive any response (email > subject: "Setting OpenSSL::X509::Request version"), and then put some > comments here: https://jira.codehaus.org/browse/JRUBY-6793, also with no > response. > > Basically, bouncy castle does not provide an API to do this. The only way to > do it is to move away from using BC's generator classes, and continue > hacking the ASN.1 sequence ourselves. The "version" is an internal value > that refers to the version of the format itself, not the version of the > file. It should not really be settable by client code. The RFC says "It > shall be 0 for this version of the standard." > > As another example of this. Bouncycastle has two separate generator class > for certificates: X509V1CertificateGenerator and X509V3CertificateGenerator. > There is only a "version 0" for PKCS10 though. I argue we should make the > code that calls "version=" not break, but i think it will be a losing battle > going forward trying to support it. > > -- > Matt Hauck > > On Wednesday, January 23, 2013 at 1:18 PM, Charles Oliver Nutter wrote: > > On Wed, Jan 23, 2013 at 3:10 PM, Matt Hauck <mattha...@gmail.com> wrote: > > The first one fails probably because when it changes the version, it expects > that the outputted der would have been different, and thus does not match > the signature anymore. > > > That sounds good to me :-) Perhaps you can figure out the right way > for us to support version= with the new PKCS10 rewrite you did? > > - Charlie > > --------------------------------------------------------------------- > To unsubscribe from this list, please visit: > > http://xircles.codehaus.org/manage_email > > > --------------------------------------------------------------------- > To unsubscribe from this list, please visit: > > http://xircles.codehaus.org/manage_email > > --------------------------------------------------------------------- To unsubscribe from this list, please visit: http://xircles.codehaus.org/manage_email
