Gotcha.

-- 
Matt Hauck


On Wednesday, January 23, 2013 at 1:49 PM, Charles Oliver Nutter wrote:

> I think you modified the 1.8 versions, but not the 1.9 versions. We
> can do the same to the 1.9 versions
> (test/externals/ruby1.9/openssl/test_x509req.rb).
> 
> We mostly lean on the 1.9 versions of all tests these days, since
> that's the path forward.
> 
> - Charlie
> 
> On Wed, Jan 23, 2013 at 3:47 PM, Matt Hauck <mattha...@gmail.com 
> (mailto:mattha...@gmail.com)> wrote:
> > I thought I had actually modified the tests to exclude the parts of the test
> > the try changing the version.
> > 
> > --
> > Matt Hauck
> > 
> > On Wednesday, January 23, 2013 at 1:42 PM, Charles Oliver Nutter wrote:
> > 
> > This seems pretty reasonable to me. I don't like losing the MRI tests,
> > so there may be some tweaking we could do to get the meat out of those
> > tests without the version logic.
> > 
> > There may also be a case for modifying MRI to disallow version
> > modification, but that's not a high priority.
> > 
> > - Charlie
> > 
> > On Wed, Jan 23, 2013 at 3:35 PM, Matt Hauck <mattha...@gmail.com 
> > (mailto:mattha...@gmail.com)> wrote:
> > 
> > I had emailed about this previously but did not receive any response (email
> > subject: "Setting OpenSSL::X509::Request version"), and then put some
> > comments here: https://jira.codehaus.org/browse/JRUBY-6793, also with no
> > response.
> > 
> > Basically, bouncy castle does not provide an API to do this. The only way to
> > do it is to move away from using BC's generator classes, and continue
> > hacking the ASN.1 sequence ourselves. The "version" is an internal value
> > that refers to the version of the format itself, not the version of the
> > file. It should not really be settable by client code. The RFC says "It
> > shall be 0 for this version of the standard."
> > 
> > As another example of this. Bouncycastle has two separate generator class
> > for certificates: X509V1CertificateGenerator and X509V3CertificateGenerator.
> > There is only a "version 0" for PKCS10 though. I argue we should make the
> > code that calls "version=" not break, but i think it will be a losing battle
> > going forward trying to support it.
> > 
> > --
> > Matt Hauck
> > 
> > On Wednesday, January 23, 2013 at 1:18 PM, Charles Oliver Nutter wrote:
> > 
> > On Wed, Jan 23, 2013 at 3:10 PM, Matt Hauck <mattha...@gmail.com 
> > (mailto:mattha...@gmail.com)> wrote:
> > 
> > The first one fails probably because when it changes the version, it expects
> > that the outputted der would have been different, and thus does not match
> > the signature anymore.
> > 
> > 
> > That sounds good to me :-) Perhaps you can figure out the right way
> > for us to support version= with the new PKCS10 rewrite you did?
> > 
> > - Charlie
> > 
> > ---------------------------------------------------------------------
> > To unsubscribe from this list, please visit:
> > 
> > http://xircles.codehaus.org/manage_email
> > 
> > 
> > ---------------------------------------------------------------------
> > To unsubscribe from this list, please visit:
> > 
> > http://xircles.codehaus.org/manage_email
> 
> ---------------------------------------------------------------------
> To unsubscribe from this list, please visit:
> 
> http://xircles.codehaus.org/manage_email 

Reply via email to