From bc603852659675cd0c7420dd4d126780f7ba6ee2 Mon Sep 17 00:00:00 2001 From: Michal Rokos Date: Sun, 7 Apr 2002 16:34:43 +0000 Subject: * Macros fixups * X509ExtFactory cleanup * fixed strptime warning on Linux * X509::Certificate#version has been changed! !!! WARNING !!! x509.version = 2 -> defines X509v3, (0 for v1, 1 for v2, ...) p x509.version -> 2, means that it is X509v3 !!! WARNING !!! --- ChangeLog | 10 ++++++++ lib/ssl.rb | 5 ---- missing/strptime.c | 2 +- ossl.c | 15 ++++++++--- ossl.h | 6 ++--- ossl_cipher.c | 9 +++---- ossl_ns_spki.c | 4 +-- ossl_pkey_dh.c | 8 +++--- ossl_pkey_dsa.c | 8 +++--- ossl_pkey_rsa.c | 8 +++--- ossl_x509.c | 12 ++++----- ossl_x509crl.c | 6 ++++- ossl_x509ext.c | 70 ++++++++++++++++++++-------------------------------- ossl_x509req.c | 6 ++--- ossl_x509store.c | 8 +++--- test/gen_ca_cert.rb | 2 +- test/gen_cert.rb | 2 +- test/ossl_x509.rb | 8 +++--- test/ossl_x509crl.rb | 1 + test/ossl_x509req.rb | 2 +- test/spki2cert.rb | 2 +- test/ssl/svr.rb | 2 +- 22 files changed, 98 insertions(+), 98 deletions(-) diff --git a/ChangeLog b/ChangeLog index e9f3389..07298c7 100644 --- a/ChangeLog +++ b/ChangeLog @@ -4,6 +4,16 @@ Copyright (C) 2001 Michal Rokos All rights reserved. $Log$ +Revision 1.37 2002/04/07 16:35:32 majkl + * Macros fixups + * X509ExtFactory cleanup + * fixed strptime warning on Linux + * X509::Certificate#version has been changed! + !!! WARNING !!! + x509.version = 2 -> defines X509v3, (0 for v1, 1 for v2, ...) + p x509.version -> 2, means that it is X509v3 + !!! WARNING !!! + Revision 1.36 2002/03/11 21:35:39 majkl * Cipher IV fixup diff --git a/lib/ssl.rb b/lib/ssl.rb index 1b0d4ca..6da79a7 100644 --- a/lib/ssl.rb +++ b/lib/ssl.rb @@ -57,11 +57,6 @@ module SSL __initialize(arg) end - alias builtin_version version - def version - builtin_version - 1 - end - alias __verify verify def verify(arg) case arg diff --git a/missing/strptime.c b/missing/strptime.c index 9178ec6..5b90259 100644 --- a/missing/strptime.c +++ b/missing/strptime.c @@ -36,7 +36,7 @@ #include #include -#ifdef WIN32 +#ifdef NT #define strncasecmp _strnicmp #else #ifndef HAVE_STRNCASECMP diff --git a/ossl.c b/ossl.c index 1711e3d..d46547f 100644 --- a/ossl.c +++ b/ossl.c @@ -8,18 +8,22 @@ * This program is licenced under the same licence as Ruby. * (See the file 'LICENCE'.) */ -#include "ossl.h" - -#if defined(NT) -# define strncasecmp _strnicmp +/* + * Surpress dumb warning about implicit declaration of strptime on Linux + */ +#if defined(__linux__) || defined(linux) +# define _GNU_SOURCE #endif +#include "ossl.h" /* * On Windows platform there is no strptime function * implementation in strptime.c */ #ifndef HAVE_STRPTIME # include "./missing/strptime.c" +#else +# include #endif /* @@ -69,6 +73,9 @@ asn1time_to_time(ASN1_UTCTIME *time) return rb_time_new(mktime(&tm), 0); /* or this one? */ } +/* + * This function is not exported to ruby.h + */ extern struct timeval rb_time_timeval(VALUE time); time_t diff --git a/ossl.h b/ossl.h index c56f26e..19b5c28 100644 --- a/ossl.h +++ b/ossl.h @@ -133,13 +133,13 @@ time_t time_to_time_t(VALUE); #if defined(OSSL_DEBUG) # define OSSL_Raise(klass,text) \ - rb_raise(klass, "%s%s [in '%s', file: '%s', line: %d]", \ + rb_raise(klass, "%s%s [in '%s', ('%s':%d)]", \ text, OSSL_ErrMsg(), __func__, __FILE__, __LINE__) # define OSSL_Warn(text) \ - rb_warn("%s%s [in '%s', file: '%s', line: %d]", \ + rb_warn("%s%s [in '%s', ('%s':%d)]", \ text, OSSL_ErrMsg(), __func__, __FILE__, __LINE__) # define OSSL_Warning(text) \ - rb_warning("%s%s [in '%s', file: '%s', line: %d]", \ + rb_warning("%s%s [in '%s', ('%s':%d)]", \ text, OSSL_ErrMsg(), __func__, __FILE__, __LINE__) #else /*OSSL_DEBUG*/ # define OSSL_Raise(klass,text) \ diff --git a/ossl_cipher.c b/ossl_cipher.c index 48053fc..f908257 100644 --- a/ossl_cipher.c +++ b/ossl_cipher.c @@ -10,9 +10,7 @@ */ #include "ossl.h" -#define MakeCipher(obj, klass, ciphp) {\ - obj = Data_Make_Struct(klass, ossl_cipher, 0, ossl_cipher_free, ciphp);\ -} +#define MakeCipher(obj, klass, ciphp) obj = Data_Make_Struct(klass, ossl_cipher, 0, ossl_cipher_free, ciphp) #define GetCipher(obj, ciphp) Data_Get_Struct(obj, ossl_cipher, ciphp) /* @@ -66,6 +64,7 @@ ossl_cipher_get_NID(VALUE obj) ossl_cipher *ciphp = NULL; OSSL_Check_Type(obj, cCipher); + GetCipher(obj, ciphp); return ciphp->nid; /*EVP_CIPHER_CTX_nid(ciphp->ctx);*/ @@ -124,7 +123,7 @@ ossl_cipher_encrypt(int argc, VALUE *argv, VALUE self) * TODO: * random IV generation! */ - memcpy(iv, "OpenSSL for Ruby rulez!", EVP_MAX_IV_LENGTH); + memcpy(iv, "OpenSSL for Ruby rulez!", sizeof(iv)); /* RAND_add(data,i,0); where from take data? if (RAND_pseudo_bytes(iv, 8) < 0) { @@ -137,7 +136,7 @@ ossl_cipher_encrypt(int argc, VALUE *argv, VALUE self) memset(iv, 0, EVP_MAX_IV_LENGTH); memcpy(iv, RSTRING(init_v)->ptr, RSTRING(init_v)->len); } else - memcpy(iv, RSTRING(init_v)->ptr, EVP_MAX_IV_LENGTH); + memcpy(iv, RSTRING(init_v)->ptr, sizeof(iv)); } EVP_CIPHER_CTX_init(ciphp->ctx); diff --git a/ossl_ns_spki.c b/ossl_ns_spki.c index aa693af..6529365 100644 --- a/ossl_ns_spki.c +++ b/ossl_ns_spki.c @@ -10,7 +10,7 @@ */ #include "ossl.h" -#define WrapSPKI(obj, spkip) obj = Data_Wrap_Struct(cSPKI, 0, NETSCAPE_SPKI_free, spki) +#define WrapSPKI(obj, spki) obj = Data_Wrap_Struct(cSPKI, 0, NETSCAPE_SPKI_free, spki) #define GetSPKI(obj, spki) Data_Get_Struct(obj, NETSCAPE_SPKI, spki) /* @@ -181,7 +181,7 @@ ossl_spki_sign(VALUE self, VALUE key, VALUE digest) md = ossl_digest_get_EVP_MD(digest); if (rb_funcall(key, id_private_q, 0, NULL) == Qfalse) { - rb_raise(eSPKIError, "PRIVATE key needed to sign REQ!"); + rb_raise(eSPKIError, "PRIVATE key needed to sign SPKI!"); } pkey = ossl_pkey_get_EVP_PKEY(key); diff --git a/ossl_pkey_dh.c b/ossl_pkey_dh.c index 9c19ec5..82d2920 100644 --- a/ossl_pkey_dh.c +++ b/ossl_pkey_dh.c @@ -13,15 +13,15 @@ #include "ossl.h" #include "ossl_pkey.h" -#define MakeDH(obj, dhp) {\ +#define MakeDH(obj, dhp) do {\ obj = Data_Make_Struct(cDH, ossl_dh, 0, ossl_dh_free, dhp);\ dhp->pkey.get_EVP_PKEY = ossl_dh_get_EVP_PKEY;\ -} +} while (0) -#define GetDH(obj, dhp) {\ +#define GetDH(obj, dhp) do {\ Data_Get_Struct(obj, ossl_dh, dhp);\ if (!dhp->dh) rb_raise(eDHError, "not initialized!");\ -} +} while (0) #define DH_PRIVATE(dh) ((dh)->priv_key) diff --git a/ossl_pkey_dsa.c b/ossl_pkey_dsa.c index 03e2f59..22be74b 100644 --- a/ossl_pkey_dsa.c +++ b/ossl_pkey_dsa.c @@ -13,15 +13,15 @@ #include "ossl.h" #include "ossl_pkey.h" -#define MakeDSA(obj, dsap) {\ +#define MakeDSA(obj, dsap) do {\ obj = Data_Make_Struct(cDSA, ossl_dsa, 0, ossl_dsa_free, dsap);\ dsap->pkey.get_EVP_PKEY = ossl_dsa_get_EVP_PKEY;\ -} +} while (0) -#define GetDSA(obj, dsap) {\ +#define GetDSA(obj, dsap) do {\ Data_Get_Struct(obj, ossl_dsa, dsap);\ if (!dsap->dsa) rb_raise(eDSAError, "not initialized!");\ -} +} while (0) #define DSA_PRIVATE(dsa) ((dsa)->priv_key) diff --git a/ossl_pkey_rsa.c b/ossl_pkey_rsa.c index 01dc3a8..2f9a7cd 100644 --- a/ossl_pkey_rsa.c +++ b/ossl_pkey_rsa.c @@ -13,15 +13,15 @@ #include "ossl.h" #include "ossl_pkey.h" -#define MakeRSA(obj, rsap) {\ +#define MakeRSA(obj, rsap) do {\ obj = Data_Make_Struct(cRSA, ossl_rsa, 0, ossl_rsa_free, rsap);\ rsap->pkey.get_EVP_PKEY = ossl_rsa_get_EVP_PKEY;\ -} +} while (0) -#define GetRSA(obj, rsap) {\ +#define GetRSA(obj, rsap) do {\ Data_Get_Struct(obj, ossl_rsa, rsap);\ if (!rsap->rsa) rb_raise(eRSAError, "not initialized!");\ -} +} while (0) #define RSA_PRIVATE(rsa) ((rsa)->p && (rsa)->q) diff --git a/ossl_x509.c b/ossl_x509.c index da1dc49..f42d376 100644 --- a/ossl_x509.c +++ b/ossl_x509.c @@ -215,13 +215,13 @@ static VALUE ossl_x509_get_version(VALUE self) { X509 *x509 = NULL; - long version = 0; + long ver = 0; GetX509(self, x509); - version = X509_get_version(x509); + ver = X509_get_version(x509); - return INT2NUM(version+1); + return INT2NUM(ver); } static VALUE @@ -232,10 +232,10 @@ ossl_x509_set_version(VALUE self, VALUE version) GetX509(self, x509); - if ((ver = FIX2LONG(version)) <= 0) { - rb_raise(eX509CertificateError, "version must be > 0!"); + if ((ver = FIX2LONG(version)) < 0) { + rb_raise(eX509CertificateError, "version must be >= 0!"); } - if (!X509_set_version(x509, ver-1)) { + if (!X509_set_version(x509, ver)) { OSSL_Raise(eX509CertificateError, ""); } diff --git a/ossl_x509crl.c b/ossl_x509crl.c index dccc021..9f982e9 100644 --- a/ossl_x509crl.c +++ b/ossl_x509crl.c @@ -99,13 +99,17 @@ ossl_x509crl_set_version(VALUE self, VALUE version) { X509_CRL *crl = NULL; ASN1_INTEGER *asn1int = NULL; + long ver = 0; GetX509CRL(self, crl); + if ((ver = NUM2LONG(version)) < 0) { + rb_raise(eX509CRLError, "version must be >= 0!"); + } if (!(asn1int = ASN1_INTEGER_new())) { OSSL_Raise(eX509CRLError, ""); } - if (!ASN1_INTEGER_set(asn1int, NUM2LONG(version))) { + if (!ASN1_INTEGER_set(asn1int, ver)) { OSSL_Raise(eX509CRLError, ""); } diff --git a/ossl_x509ext.c b/ossl_x509ext.c index 05f59b9..42ebc31 100644 --- a/ossl_x509ext.c +++ b/ossl_x509ext.c @@ -10,11 +10,15 @@ */ #include "ossl.h" -#define WrapX509Ext(obj, ext) obj = Data_Wrap_Struct(cX509Extension, 0, X509_EXTENSION_free, ext) -#define GetX509Ext(obj, ext) Data_Get_Struct(obj, X509_EXTENSION, ext) +#define WrapX509Ext(obj, ext) \ + obj = Data_Wrap_Struct(cX509Extension, 0, X509_EXTENSION_free, ext) +#define GetX509Ext(obj, ext) \ + Data_Get_Struct(obj, X509_EXTENSION, ext) -#define MakeX509ExtFactory(obj, extfactoryp) obj = Data_Make_Struct(cX509ExtensionFactory, ossl_x509extfactory, 0, ossl_x509extfactory_free, extfactoryp) -#define GetX509ExtFactory(obj, extfactoryp) Data_Get_Struct(obj, ossl_x509extfactory, extfactoryp) +#define MakeX509ExtFactory(obj, ctx) \ + obj = Data_Make_Struct(cX509ExtensionFactory, X509V3_CTX, 0, CRYPTO_free, ctx) +#define GetX509ExtFactory(obj, ctx) \ + Data_Get_Struct(obj, X509V3_CTX, ctx) /* * Classes @@ -23,22 +27,6 @@ VALUE cX509Extension; VALUE cX509ExtensionFactory; VALUE eX509ExtensionError; -/* - * Structs - */ -typedef struct ossl_x509extfactory_st { - X509V3_CTX ctx; -} ossl_x509extfactory; - - -static void -ossl_x509extfactory_free(ossl_x509extfactory *extfactoryp) -{ - if (extfactoryp) { - free(extfactoryp); - } -} - /* * Public */ @@ -85,10 +73,10 @@ ossl_x509ext_get_X509_EXTENSION(VALUE obj) static VALUE ossl_x509extfactory_s_new(int argc, VALUE *argv, VALUE klass) { - ossl_x509extfactory *extfactoryp = NULL; + X509V3_CTX *ctx = NULL; VALUE obj; - MakeX509ExtFactory(obj, extfactoryp); + MakeX509ExtFactory(obj, ctx); rb_obj_call_init(obj, argc, argv); @@ -98,12 +86,11 @@ ossl_x509extfactory_s_new(int argc, VALUE *argv, VALUE klass) static VALUE ossl_x509extfactory_set_issuer_cert(VALUE self, VALUE cert) { - ossl_x509extfactory *extfactoryp = NULL; + X509V3_CTX *ctx = NULL; - GetX509ExtFactory(self, extfactoryp); + GetX509ExtFactory(self, ctx); - OSSL_Check_Type(cert, cX509Certificate); - (extfactoryp->ctx).issuer_cert = ossl_x509_get_X509(cert); + ctx->issuer_cert = ossl_x509_get_X509(cert); return cert; } @@ -111,12 +98,11 @@ ossl_x509extfactory_set_issuer_cert(VALUE self, VALUE cert) static VALUE ossl_x509extfactory_set_subject_cert(VALUE self, VALUE cert) { - ossl_x509extfactory *extfactoryp = NULL; + X509V3_CTX *ctx = NULL; - GetX509ExtFactory(self, extfactoryp); + GetX509ExtFactory(self, ctx); - OSSL_Check_Type(cert, cX509Certificate); - (extfactoryp->ctx).subject_cert = ossl_x509_get_X509(cert); + ctx->subject_cert = ossl_x509_get_X509(cert); return cert; } @@ -124,12 +110,11 @@ ossl_x509extfactory_set_subject_cert(VALUE self, VALUE cert) static VALUE ossl_x509extfactory_set_subject_req(VALUE self, VALUE req) { - ossl_x509extfactory *extfactoryp = NULL; + X509V3_CTX *ctx = NULL; - GetX509ExtFactory(self, extfactoryp); + GetX509ExtFactory(self, ctx); - OSSL_Check_Type(req, cX509Request); - (extfactoryp->ctx).subject_req = ossl_x509req_get_X509_REQ(req); + ctx->subject_req = ossl_x509req_get_X509_REQ(req); return req; } @@ -137,12 +122,11 @@ ossl_x509extfactory_set_subject_req(VALUE self, VALUE req) static VALUE ossl_x509extfactory_set_crl(VALUE self, VALUE crl) { - ossl_x509extfactory *extfactoryp = NULL; + X509V3_CTX *ctx = NULL; - GetX509ExtFactory(self, extfactoryp); + GetX509ExtFactory(self, ctx); - OSSL_Check_Type(crl, cX509CRL); - (extfactoryp->ctx).crl = ossl_x509crl_get_X509_CRL(crl); + ctx->crl = ossl_x509crl_get_X509_CRL(crl); return crl; } @@ -150,10 +134,10 @@ ossl_x509extfactory_set_crl(VALUE self, VALUE crl) static VALUE ossl_x509extfactory_initialize(int argc, VALUE *argv, VALUE self) { - ossl_x509extfactory *extfactoryp = NULL; + /*X509V3_CTX *ctx = NULL;*/ VALUE issuer_cert, subject_cert, subject_req, crl; - GetX509ExtFactory(self, extfactoryp); + /*GetX509ExtFactory(self, ctx);*/ rb_scan_args(argc, argv, "04", &issuer_cert, &subject_cert, &subject_req, &crl); @@ -184,13 +168,13 @@ ossl_x509extfactory_initialize(int argc, VALUE *argv, VALUE self) static VALUE ossl_x509extfactory_create_ext_from_array(VALUE self, VALUE ary) { - ossl_x509extfactory *extfactoryp = NULL; + X509V3_CTX *ctx = NULL; X509_EXTENSION *ext = NULL; int nid = NID_undef; char *value = NULL; VALUE item, obj; - GetX509ExtFactory(self, extfactoryp); + GetX509ExtFactory(self, ctx); Check_Type(ary, T_ARRAY); @@ -220,7 +204,7 @@ ossl_x509extfactory_create_ext_from_array(VALUE self, VALUE ary) } else value = strdup(RSTRING(item)->ptr); - if (!(ext = X509V3_EXT_conf_nid(NULL, &(extfactoryp->ctx), nid, value))) { + if (!(ext = X509V3_EXT_conf_nid(NULL, ctx, nid, value))) { free(value); OSSL_Raise(eX509ExtensionError, ""); } diff --git a/ossl_x509req.c b/ossl_x509req.c index 2a43542..ee7e76d 100644 --- a/ossl_x509req.c +++ b/ossl_x509req.c @@ -181,10 +181,10 @@ ossl_x509req_set_version(VALUE self, VALUE version) GetX509Req(self, req); - if ((ver = NUM2INT(version)) <= 0) { - rb_raise(eX509RequestError, "version must be > 0!"); + if ((ver = NUM2INT(version)) < 0) { + rb_raise(eX509RequestError, "version must be >= 0!"); } - if (!X509_REQ_set_version(req, version)) { + if (!X509_REQ_set_version(req, ver)) { OSSL_Raise(eX509RequestError, ""); } diff --git a/ossl_x509store.c b/ossl_x509store.c index a90d4b8..8dcb143 100644 --- a/ossl_x509store.c +++ b/ossl_x509store.c @@ -11,14 +11,12 @@ #include "ossl.h" #include -#define MakeX509Store(obj, storep) {\ - obj = Data_Make_Struct(cX509Store, ossl_x509store, 0, ossl_x509store_free, storep);\ -} +#define MakeX509Store(obj, storep) obj = Data_Make_Struct(cX509Store, ossl_x509store, 0, ossl_x509store_free, storep) #define GetX509Store_unsafe(obj, storep) Data_Get_Struct(obj, ossl_x509store, storep) -#define GetX509Store(obj, storep) {\ +#define GetX509Store(obj, storep) do {\ GetX509Store_unsafe(obj, storep);\ if (!storep->store) rb_raise(eX509StoreError, "not initialized!");\ -} +} while (0) /* * Classes diff --git a/test/gen_ca_cert.rb b/test/gen_ca_cert.rb index 0a07f0b..798a323 100755 --- a/test/gen_ca_cert.rb +++ b/test/gen_ca_cert.rb @@ -14,7 +14,7 @@ p new.not_before = Time.now p new.not_after = Time.now + (2*365*24*60*60) p new.public_key = key p new.serial = 0 -p new.version = 3 +p new.version = 2 ef = ExtensionFactory.new ef.subject_certificate = new p ext1 = ef.create_extension("basicConstraints","CA:TRUE,pathlen:0") diff --git a/test/gen_cert.rb b/test/gen_cert.rb index 9d33f48..27bd2af 100755 --- a/test/gen_cert.rb +++ b/test/gen_cert.rb @@ -17,7 +17,7 @@ p new.not_before = Time.now p new.not_after = Time.now + (365*24*60*60) p new.public_key = key p new.serial = 1 -p new.version = 3 +p new.version = 2 ef = ExtensionFactory.new ef.subject_certificate = new ef.issuer_certificate = ca diff --git a/test/ossl_x509.rb b/test/ossl_x509.rb index 2feb780..6d6261e 100755 --- a/test/ossl_x509.rb +++ b/test/ossl_x509.rb @@ -37,7 +37,7 @@ p x509 = Certificate.new(File.open("./01cert.pem").read) p key = RSA.new(1024) p new = Certificate.new -name = [['C', 'CZ'],['O','Rokos'],['CN','pokusXXX']] +name = [['O','Ruby'],['OU','Test'],['CN','test001'],['C','CZ']] #p n = Name.new(name) #p n.to_h #p n.to_a @@ -49,7 +49,7 @@ p new.not_before = Time.now p new.not_after = Time.now + (60*60*24*365) p new.public_key = key #x509.public_key p new.serial = 999999999 -p new.version = 3 +p new.version = 2 #p new.extensions #each_with_index {|e, i| p e.to_a} maker = ExtensionFactory.new(nil, new) #only subject p ext1 = maker.create_extension(["basicConstraints","CA:FALSE,pathlen:5"]) @@ -57,7 +57,7 @@ p ext1 = maker.create_extension(["basicConstraints","CA:FALSE,pathlen:5"]) #p ext1.to_h #p ext1.to_s #exit -p ext2 = maker.create_extension(["nsComment","OK, man!!!"]) +p ext2 = maker.create_extension(["nsComment","Generated by OpenSSL for Ruby."]) ###p digest = Digest::SHA1.new(new.public_key.to_der) ###p ext3 = maker.create_extension(["subjectKeyIdentifier", digest.hexdigest]) p ext3 = maker.create_extension(["subjectKeyIdentifier", "hash"]) @@ -67,6 +67,8 @@ p ext4 = maker.create_extension(["authorityKeyIdentifier", "keyid:always,issuer: #puts ext1.to_s p new.add_extension(ext4) p new.sign(key, Digest::MD5.new) +puts "===TEXT===" +puts new.to_text puts "===PEM===" puts new.to_pem puts "===DER===" diff --git a/test/ossl_x509crl.rb b/test/ossl_x509crl.rb index 01e8091..7e19ac0 100755 --- a/test/ossl_x509crl.rb +++ b/test/ossl_x509crl.rb @@ -8,6 +8,7 @@ include PKey p ca = Certificate.new(File.open("./cacert.pem").read) p key = ca.public_key p crl = CRL.new(File.open("./01crl.pem").read) +puts crl.to_text p crl.issuer.to_s p crl.verify key p crl.verify RSA.new(1024) diff --git a/test/ossl_x509req.rb b/test/ossl_x509req.rb index 21701c5..215888e 100755 --- a/test/ossl_x509req.rb +++ b/test/ossl_x509req.rb @@ -20,4 +20,4 @@ p req.sign(pkey, Digest::MD5.new) p req.verify key p req.verify pkey p req.verify k2 - +puts req.to_text diff --git a/test/spki2cert.rb b/test/spki2cert.rb index 1bec365..a59796d 100755 --- a/test/spki2cert.rb +++ b/test/spki2cert.rb @@ -23,7 +23,7 @@ p new.not_before = Time.now p new.not_after = Time.now + (365*24*60*60) p new.public_key = key p new.serial = 2 -p new.version = 3 +p new.version = 2 ef = ExtensionFactory.new ef.subject_certificate = new ef.issuer_certificate = ca diff --git a/test/ssl/svr.rb b/test/ssl/svr.rb index 10a7d2d..0494342 100755 --- a/test/ssl/svr.rb +++ b/test/ssl/svr.rb @@ -32,7 +32,7 @@ p [ $OPT_p, $OPT_k, $OPT_c ] p cert = X509::Certificate.new(File.open($OPT_c).read) else cert = X509::Certificate.new - cert.version = 3 + cert.version = 2 cert.serial = 0 name = X509::Name.new([["C","CZ"],["O","Ruby"],["CN","Test"]]) cert.subject = name -- cgit v1.2.3