jruby-openssl cannot verify certificate CN
-------------------------------------------
Key: JRUBY-6255
URL: https://jira.codehaus.org/browse/JRUBY-6255
Project: JRuby
Issue Type: Bug
Components: OpenSSL
Affects Versions: JRuby 1.6.5, JRuby 1.6.4
Environment: Mac OSx, Linux
Reporter: Peter Krimmel
Priority: Minor
Connected to https to the following domain: https://secure.ally.com with
certificate verification enabled.
Here is the server certificate returned:
-----BEGIN CERTIFICATE-----
MIIFLDCCBBSgAwIBAgIETCBFODANBgkqhkiG9w0BAQUFADCBsTELMAkGA1UEBhMC
VVMxFjAUBgNVBAoTDUVudHJ1c3QsIEluYy4xOTA3BgNVBAsTMHd3dy5lbnRydXN0
Lm5ldC9ycGEgaXMgaW5jb3Jwb3JhdGVkIGJ5IHJlZmVyZW5jZTEfMB0GA1UECxMW
KGMpIDIwMDkgRW50cnVzdCwgSW5jLjEuMCwGA1UEAxMlRW50cnVzdCBDZXJ0aWZp
Y2F0aW9uIEF1dGhvcml0eSAtIEwxRTAeFw0xMTA2MjEyMDE3NDVaFw0xMzA5MjIx
MTA4NDVaMIHRMQswCQYDVQQGEwJVUzENMAsGA1UECBMEVXRhaDEQMA4GA1UEBxMH
TUlEVkFMRTETMBEGCysGAQQBgjc8AgEDEwJVUzEVMBMGCysGAQQBgjc8AgECEwRV
dGFoMRIwEAYDVQQKEwlBbGx5IEJhbmsxHTAbBgNVBA8TFFByaXZhdGUgT3JnYW5p
emF0aW9uMRMwEQYDVQQLEwpXZWIgQ2xpZW50MS0wEwYDVQQFEww1NjIxNjcwLTAx
NDIwFgYDVQQDEw9zZWN1cmUuYWxseS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCVIT4+fFGSP7iSJUM9dFOStLM73qIJVnxWUnf8AvaNLIXBns3J
ReOqvcmES++5tbMbLgTSspBdPhV7EiBrF8ZT9WpnYGCyhjulNoaULgZtd8aLzAn7
D98QrkZmA0zKeGlUdFYagxNrWyNC2y2FqLhOuturfw12iW3mCgRPpZP5H0+1AUd+
zmDvYGHB0n9+uudwPc4Myi6xa0DbZqThlvjTmJUbB/rEZcf8jxb7dhpW7rHRSBND
25PJXzHBK/KeTd1ZfFFu1QdP0DxsAXUBOmd41/qmu3WuP/k3XQSNP1UxZyBnH4iJ
SyyBMal6JeqAs+U/cFVIfEpBWB2xzteYnOINAgMBAAGjggEoMIIBJDALBgNVHQ8E
BAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMDMGCCsGAQUFBwEB
BCcwJTAjBggrBgEFBQcwAYYXaHR0cDovL29jc3AuZW50cnVzdC5uZXQwMwYDVR0f
BCwwKjAooCagJIYiaHR0cDovL2NybC5lbnRydXN0Lm5ldC9sZXZlbDFlLmNybDBB
BgNVHSAEOjA4MDYGCmCGSAGG+mwKAQIwKDAmBggrBgEFBQcCARYaaHR0cDovL3d3
dy5lbnRydXN0Lm5ldC9ycGEwHwYDVR0jBBgwFoAUW0GKssRDwb2/yFRBVZ3glq3/
uaEwHQYDVR0OBBYEFH+oWBa4jDYaleW1GRiN5oKkmtc0MAkGA1UdEwQCMAAwDQYJ
KoZIhvcNAQEFBQADggEBAK1d5Nr2XpTqPnCH8tLhiV0/XBPlAZzJfH3qy3TUD+qc
jf1H2wmRiU40gU1LG5ma38qRHktkWRYmgjbhg87yMt0whSJhwm87/5Ov/9M/5JYz
rsEwD9JK21nbk/aMzDR/ExjakjEyh8jRZKge1MCaAvocfIQFliMP8CxaXR3YPokg
HHfhRrfRNN0rshWjPKFn9xUyABEhI2BkLfYGIQlgRO/a5jcE5aY2LyEtzluFqg7W
YVocGtM6udu6A2TRIWcbxSWRkjM91cVslWIPNlulgM4p6LF72uMDrZgaez3G7RAx
556okA2klvjA7yzSxfQiP3maZgXXlCTWuw7GUD6bRAM=
-----END CERTIFICATE-----
The error I receive is "hostname was not match with the server certificate"
from lib/openssl/ssl.rb#121
After some debugging, it appears that the certificate subject is not being
parsed correctly and the CN field is being dropped.
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe from this list, please visit:
http://xircles.codehaus.org/manage_email
