FYI: I'm continuing to work on this, but just an FYI there are definitely some 
problems with the pkcs7 portions of the library. I've attached a simple script 
that is breaking with the new 1.47 port. It thinks it signs the data 
successfully and all, but the to_pem / to_der generates invalid data. The 
script tries to open the generated signed.pem with openssl and openssl can't 
read it. This script passes fine with jruby 1.7.1.  

--  
Matt Hauck


On Wednesday, January 9, 2013 at 11:58 AM, Matt Hauck wrote:

> Hmm, the problem appears to be that the actual tests have changed. One of the 
> last tests failing after merging Lars' BC 1.47 changes is in 
> test_pkey_rsa.rb, which is entirely different on the jruby repo from what it 
> used to be in the jruby-openssl repo. The test is "test_load_pkey_rsa_enc". 
> The jruby repo's copy of that file doesn't even have any PEM loading tests…  
>  
> It looks like something got messed up (perhaps intentionally?) with the 
> openssl tests when they were merged to the main jruby repo  
>  
> --  
> Matt Hauck
>  
>  
> On Wednesday, January 9, 2013 at 10:07 AM, Matt Hauck wrote:
>  
> > Sorry for no context, I have a private fork of the old jruby-openssl gem 
> > (forked from 0.7.5) that we are still using internally due to some fixes 
> > that hadn't yet been accepted upstream. So I merged Lars' BC 1.47 changes 
> > back there and ran it against those test cases and got some failures, 
> > though running test:mri19 does not indicate any failures...
> >  
> > --  
> > Matt Hauck
> >  
> >  
> > On Wednesday, January 9, 2013 at 9:52 AM, Charles Oliver Nutter wrote:
> >  
> > > I'm not sure what you mean by the "old" openssl gem. If you run rake
> > > test:mri19 in the JRuby repo it will run the 1.9 version of the
> > > OpenSSL tests with known failures excluded.
> > >  
> > > - Charlie
> > >  
> > > On Wed, Jan 9, 2013 at 11:12 AM, Matt Hauck <mattha...@gmail.com 
> > > (mailto:mattha...@gmail.com)> wrote:
> > > > Hmm. I don't know if all the tests are passing. It is possible I am 
> > > > doing
> > > > something wrong. I copied over the source to the old jruby openssl gem
> > > > (since that's the only place I knew how to run the openssl tests), and 
> > > > some
> > > > of them were failing. The biggest change i needed to get them closer to
> > > > passing was in Recipient#_initialize.
> > > >  
> > > > How do you run the openssl tests only from the jruby repo?
> > > >  
> > > > --
> > > > Matt Hauck
> > > >  
> > > > On Wednesday, January 9, 2013 at 8:42 AM, Charles Oliver Nutter wrote:
> > > >  
> > > > Excellent, Lars! I'll take a look at it and probably roll it into
> > > > master if it runs green. It will be *very* nice to be current on
> > > > Bouncy Castle.
> > > >  
> > > > - Charlie
> > > >  
> > > > On Wed, Jan 9, 2013 at 1:40 AM, Lars Westergren
> > > > <lars.westerg...@gmail.com (mailto:lars.westerg...@gmail.com)> wrote:
> > > >  
> > > > I'm far from an expert on security, so if anyone is, a quick code 
> > > > inspect of
> > > > the above commit would be appreciated! All the build tests pass now, 
> > > > but I
> > > > haven't had time to try it out on a real application.
> > > >  
> > > > Regards,
> > > > Lars
> > > >  
> > > >  
> > > > On Wed, Jan 9, 2013 at 6:14 AM, Matt Hauck <mattha...@gmail.com 
> > > > (mailto:mattha...@gmail.com)> wrote:
> > > >  
> > > >  
> > > > Sweet. Perfect timing. It looks like it's pretty far along! I'm glad
> > > > people that know more about this stuff are already working on it. =)
> > > >  
> > > > --
> > > > Matt Hauck
> > > >  
> > > > On Tuesday, January 8, 2013 at 9:05 PM, Alex Tambellini wrote:
> > > >  
> > > > The upgrade to 1.47 is already being worked on here:
> > > >  
> > > >  
> > > > https://github.com/LarsWestergren/jruby/commit/c9f36d616bebe5a96c93908469d974c64de314fe
> > > >  
> > > > On Jan 8, 2013, at 11:10 PM, Matt Hauck <mattha...@gmail.com 
> > > > (mailto:mattha...@gmail.com)> wrote:
> > > >  
> > > > I am glad to hear that I will at least be able to upgrade to jruby 1.7.2
> > > > and replace out the built-in openssl support in case I need to make a 
> > > > fork
> > > > with this bouncy castle 1.47 support. I've got it compiling now with the
> > > > updated BC now, and am beginning to work through some more the more
> > > > difficult changes. The biggest has to do with deprecating X509Name in 
> > > > favor
> > > > of X500Name and the various implications of this.
> > > >  
> > > > --
> > > > Matt Hauck
> > > >  
> > > > On Tuesday, January 8, 2013 at 8:00 PM, Matt Hauck wrote:
> > > >  
> > > > Sadly not so. If you try replacing the bc*.jar files in build_lib with
> > > > bcprov and bcpkik 1.47 versions you will find the build fails with 100
> > > > errors.
> > > >  
> > > > --
> > > > Matt Hauck
> > > >  
> > > > On Tuesday, January 8, 2013 at 7:01 PM, kristian wrote:
> > > >  
> > > > Jruby 1.7.x comes with openssl bundled. I think from version 1.7.1 
> > > > onwards
> > > > bouncy castle gets a java package rewrite and is used only internally 
> > > > for
> > > > openssl. So you are free to add any version of bouncy castle as needed 
> > > > by
> > > > your application - just do not add the jruby-openssl since this will 
> > > > pull in
> > > > the old version.
> > > >  
> > > > Kristian
> > > >  
> > > >  
> > > > ---------------------------------------------------------------------
> > > > To unsubscribe from this list, please visit:
> > > >  
> > > > http://xircles.codehaus.org/manage_email
> > >  
> > > ---------------------------------------------------------------------
> > > To unsubscribe from this list, please visit:
> > >  
> > > http://xircles.codehaus.org/manage_email  
> >  
>  

Attachment: pkcs7sign.rb
Description: Binary data

---------------------------------------------------------------------
To unsubscribe from this list, please visit:

    http://xircles.codehaus.org/manage_email

Reply via email to