Gotcha. -- Matt Hauck
On Wednesday, January 23, 2013 at 1:49 PM, Charles Oliver Nutter wrote: > I think you modified the 1.8 versions, but not the 1.9 versions. We > can do the same to the 1.9 versions > (test/externals/ruby1.9/openssl/test_x509req.rb). > > We mostly lean on the 1.9 versions of all tests these days, since > that's the path forward. > > - Charlie > > On Wed, Jan 23, 2013 at 3:47 PM, Matt Hauck <mattha...@gmail.com > (mailto:mattha...@gmail.com)> wrote: > > I thought I had actually modified the tests to exclude the parts of the test > > the try changing the version. > > > > -- > > Matt Hauck > > > > On Wednesday, January 23, 2013 at 1:42 PM, Charles Oliver Nutter wrote: > > > > This seems pretty reasonable to me. I don't like losing the MRI tests, > > so there may be some tweaking we could do to get the meat out of those > > tests without the version logic. > > > > There may also be a case for modifying MRI to disallow version > > modification, but that's not a high priority. > > > > - Charlie > > > > On Wed, Jan 23, 2013 at 3:35 PM, Matt Hauck <mattha...@gmail.com > > (mailto:mattha...@gmail.com)> wrote: > > > > I had emailed about this previously but did not receive any response (email > > subject: "Setting OpenSSL::X509::Request version"), and then put some > > comments here: https://jira.codehaus.org/browse/JRUBY-6793, also with no > > response. > > > > Basically, bouncy castle does not provide an API to do this. The only way to > > do it is to move away from using BC's generator classes, and continue > > hacking the ASN.1 sequence ourselves. The "version" is an internal value > > that refers to the version of the format itself, not the version of the > > file. It should not really be settable by client code. The RFC says "It > > shall be 0 for this version of the standard." > > > > As another example of this. Bouncycastle has two separate generator class > > for certificates: X509V1CertificateGenerator and X509V3CertificateGenerator. > > There is only a "version 0" for PKCS10 though. I argue we should make the > > code that calls "version=" not break, but i think it will be a losing battle > > going forward trying to support it. > > > > -- > > Matt Hauck > > > > On Wednesday, January 23, 2013 at 1:18 PM, Charles Oliver Nutter wrote: > > > > On Wed, Jan 23, 2013 at 3:10 PM, Matt Hauck <mattha...@gmail.com > > (mailto:mattha...@gmail.com)> wrote: > > > > The first one fails probably because when it changes the version, it expects > > that the outputted der would have been different, and thus does not match > > the signature anymore. > > > > > > That sounds good to me :-) Perhaps you can figure out the right way > > for us to support version= with the new PKCS10 rewrite you did? > > > > - Charlie > > > > --------------------------------------------------------------------- > > To unsubscribe from this list, please visit: > > > > http://xircles.codehaus.org/manage_email > > > > > > --------------------------------------------------------------------- > > To unsubscribe from this list, please visit: > > > > http://xircles.codehaus.org/manage_email > > --------------------------------------------------------------------- > To unsubscribe from this list, please visit: > > http://xircles.codehaus.org/manage_email
