Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

OpenSSL::ASN1::ObjectId#== raises for OIDs without a known name #791

Closed
segiddins opened this issue Aug 23, 2024 · 1 comment
Closed

OpenSSL::ASN1::ObjectId#== raises for OIDs without a known name #791

segiddins opened this issue Aug 23, 2024 · 1 comment

Comments

@segiddins
Copy link
Contributor

#!/usr/bin/env ruby

require "openssl"

oid = OpenSSL::ASN1::ObjectId.new("2.5.29.14")
pp oid
pp oid.long_name
pp oid.short_name
pp oid == oid

oid = OpenSSL::ASN1::ObjectId.new("1.3.6.1.4.1.57264.1.8")
pp oid
pp oid.long_name
pp oid.short_name
pp oid == oid

outputs

#<OpenSSL::ASN1::ObjectId:0x0000000103269748 @indefinite_length=false, @tag=6, @tag_class=:UNIVERSAL, @tagging=nil, @value="2.5.29.14">
"X509v3 Subject Key Identifier"
"subjectKeyIdentifier"
true
#<OpenSSL::ASN1::ObjectId:0x0000000103308e38 @indefinite_length=false, @tag=6, @tag_class=:UNIVERSAL, @tagging=nil, @value="1.3.6.1.4.1.57264.1.8">
nil
nil
[Untitled.rb:15](coderunner://Untitled.rb#(245,0)!):in `==': OBJ_txt2nid (OpenSSL::ASN1::ASN1Error)
	from Untitled.rb:15:in `<main>'

when I would expect both oids to compare equal. I am unsure why OBJ_txt2nid is being used instead of comparing the underlying oid value

on 3.2.0
OpenSSL 3.2.0 23 Nov 2023

rhenium added a commit to rhenium/ruby-openssl that referenced this issue Aug 24, 2024
Compare by the dotted decimal notation rather than the NID.

OpenSSL::ASN1::ObjectId can store OIDs that are not registered in
OpenSSL's internal table. NID is not defined for such an OID, but it is
not an error.

The == method also should not raise TypeError if the other object is
not an instance of OpenSSL::ASN1::ObjectId.

Fixes: ruby#791
rhenium added a commit to rhenium/ruby-openssl that referenced this issue Aug 24, 2024
Compare by the dotted decimal notation rather than the NID.

OpenSSL::ASN1::ObjectId can store OIDs that are not registered in
OpenSSL's internal table. NID is not defined for such an OID, but it is
not an error.

The == method also should not raise TypeError if the other object is
not an instance of OpenSSL::ASN1::ObjectId.

Fixes: ruby#791
@rhenium
Copy link
Member

rhenium commented Aug 24, 2024

comparing the underlying oid value

It should be implemented this way (or by OBJ_cmp() on ASN1_OBJECT objects).

#792 will fix it.

hsbt pushed a commit to hsbt/ruby that referenced this issue Nov 14, 2024
Compare by the dotted decimal notation rather than the NID.

OpenSSL::ASN1::ObjectId can store OIDs that are not registered in
OpenSSL's internal table. NID is not defined for such an OID, but it is
not an error.

The == method also should not raise TypeError if the other object is
not an instance of OpenSSL::ASN1::ObjectId.

Fixes: ruby/openssl#791
hsbt pushed a commit to ruby/ruby that referenced this issue Nov 14, 2024
Compare by the dotted decimal notation rather than the NID.

OpenSSL::ASN1::ObjectId can store OIDs that are not registered in
OpenSSL's internal table. NID is not defined for such an OID, but it is
not an error.

The == method also should not raise TypeError if the other object is
not an instance of OpenSSL::ASN1::ObjectId.

Fixes: ruby/openssl#791
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Development

No branches or pull requests

2 participants