Welcome to the "trac"-ing site of http-access2!
[soap4r] [httpclient] [openpgp4u] [pkcs1] [logger] [csv] [vtr]

Ticket #221 (closed defect: fixed)

Opened 1 year ago

Last modified 1 year ago

httpclient 2.1.5 reports loading failed for httpclient/cacert.p7s

Reported by: user Assigned to: nahi
Priority: highest Milestone: 2.1.5
Component: core Version: 2.0
Keywords: Cc:

Description 

$ cat httpclient-test.rb 
require 'rubygems'
require 'httpclient'

puts "httpclient version #{HTTPClient::VERSION}"

HTTPClient::SSLConfig.new nil

$ ruby httpclient-test.rb 
httpclient version 2.1.5
cacerts: /Library/Ruby/Gems/1.8/gems/httpclient-2.1.5/lib/httpclient/cacert.p7s loading failed

I think I'm doing the openssl(1) equivalent command by extracting the embedded certificate in HTTPClient::SSL_Config and running openssl this way: 

$ openssl verify -CAfile cafile -verbose /Library/Ruby/Gems/1.8/gems/httpclient-2.1.5/lib/httpclient/cacert.p7s
/Library/Ruby/Gems/1.8/gems/httpclient-2.1.5/lib/httpclient/cacert.p7s: /C=SE/O=AddTrust AB/OU=AddTrust TTP Network/CN=AddTrust Class 1 CA Root
error 18 at 0 depth lookup:self signed certificate
OK

Change History

06/18/09 09:47:14 changed by nahi

  • priority changed from normal to highest.
  • milestone changed from undefined to 2.1.6.

Thank you for filing this ticket. Would you please tell me the result of the following command? 

$ openssl verify -verbose -purpose smimesign /Library/Ruby/Gems/1.8/gems/httpclient-2.1.5/lib/httpclient/cacert.p7s

I get this on Linux box. 

/usr/local/lib/ruby/gems/1.8/gems/httpclient-2.1.5/lib/httpclient/cacert.p7s: OK

06/19/09 08:57:26 changed by user

I get: 

$ openssl verify -verbose -purpose smimesign /Library/Ruby/Gems/1.8/gems/httpclient-2.1.5/lib/httpclient/cacert.p7s
/Library/Ruby/Gems/1.8/gems/httpclient-2.1.5/lib/httpclient/cacert.p7s: /C=SE/O=AddTrust AB/OU=AddTrust TTP Network/CN=AddTrust Class 1 CA Root
error 18 at 0 depth lookup:self signed certificate
/C=SE/O=AddTrust AB/OU=AddTrust TTP Network/CN=AddTrust Class 1 CA Root
error 26 at 0 depth lookup:unsupported certificate purpose
OK

I am on OS X 10.5.7 using the built-in ruby and OpenSSL: 

$ uname -a
Darwin pincer-tip.local 9.7.0 Darwin Kernel Version 9.7.0: Tue Mar 31 22:52:17 PDT 2009; root:xnu-1228.12.14~1/RELEASE_I386 i386
$ ruby -v
ruby 1.8.6 (2008-08-11 patchlevel 287) [universal-darwin9.0]
$ openssl version
OpenSSL 0.9.7l 28 Sep 2006

06/19/09 16:01:40 changed by nahi

Thank you. New bundled CA certs seems to include unloadable CA cert with old openssl. I'll look into it and create 2.1.5.2 in a few days.

06/25/09 23:40:56 changed by nahi

(In [282]) * added cacert_sha1.p7s signed with another dist cert by sha1WithRSAEncryption. see #221.

06/26/09 00:10:27 changed by nahi

  • status changed from new to closed.
  • resolution set to fixed.
  • milestone changed from 2.1.6 to 2.1.5.

I posted 2.1.5.2. [282] should close this.

06/27/09 06:04:29 changed by user

I can confirm this as fixed, thanks! --drbrain