Details
-
Type:
Bug
-
Status:
Resolved
-
Priority:
Major
-
Resolution: Fixed
-
Affects Version/s: JRuby 1.6.4, JRuby 1.6.5
-
Fix Version/s: JRuby-OSSL 0.7.5
-
Component/s: OpenSSL
-
Labels:None
-
Environment:Mac OSx, Linux
-
Number of attachments :
Description
Connected to https to the following domain: https://secure.ally.com with certificate verification enabled.
Here is the server certificate returned:
-----BEGIN CERTIFICATE----- MIIFLDCCBBSgAwIBAgIETCBFODANBgkqhkiG9w0BAQUFADCBsTELMAkGA1UEBhMC VVMxFjAUBgNVBAoTDUVudHJ1c3QsIEluYy4xOTA3BgNVBAsTMHd3dy5lbnRydXN0 Lm5ldC9ycGEgaXMgaW5jb3Jwb3JhdGVkIGJ5IHJlZmVyZW5jZTEfMB0GA1UECxMW KGMpIDIwMDkgRW50cnVzdCwgSW5jLjEuMCwGA1UEAxMlRW50cnVzdCBDZXJ0aWZp Y2F0aW9uIEF1dGhvcml0eSAtIEwxRTAeFw0xMTA2MjEyMDE3NDVaFw0xMzA5MjIx MTA4NDVaMIHRMQswCQYDVQQGEwJVUzENMAsGA1UECBMEVXRhaDEQMA4GA1UEBxMH TUlEVkFMRTETMBEGCysGAQQBgjc8AgEDEwJVUzEVMBMGCysGAQQBgjc8AgECEwRV dGFoMRIwEAYDVQQKEwlBbGx5IEJhbmsxHTAbBgNVBA8TFFByaXZhdGUgT3JnYW5p emF0aW9uMRMwEQYDVQQLEwpXZWIgQ2xpZW50MS0wEwYDVQQFEww1NjIxNjcwLTAx NDIwFgYDVQQDEw9zZWN1cmUuYWxseS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IB DwAwggEKAoIBAQCVIT4+fFGSP7iSJUM9dFOStLM73qIJVnxWUnf8AvaNLIXBns3J ReOqvcmES++5tbMbLgTSspBdPhV7EiBrF8ZT9WpnYGCyhjulNoaULgZtd8aLzAn7 D98QrkZmA0zKeGlUdFYagxNrWyNC2y2FqLhOuturfw12iW3mCgRPpZP5H0+1AUd+ zmDvYGHB0n9+uudwPc4Myi6xa0DbZqThlvjTmJUbB/rEZcf8jxb7dhpW7rHRSBND 25PJXzHBK/KeTd1ZfFFu1QdP0DxsAXUBOmd41/qmu3WuP/k3XQSNP1UxZyBnH4iJ SyyBMal6JeqAs+U/cFVIfEpBWB2xzteYnOINAgMBAAGjggEoMIIBJDALBgNVHQ8E BAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMDMGCCsGAQUFBwEB BCcwJTAjBggrBgEFBQcwAYYXaHR0cDovL29jc3AuZW50cnVzdC5uZXQwMwYDVR0f BCwwKjAooCagJIYiaHR0cDovL2NybC5lbnRydXN0Lm5ldC9sZXZlbDFlLmNybDBB BgNVHSAEOjA4MDYGCmCGSAGG+mwKAQIwKDAmBggrBgEFBQcCARYaaHR0cDovL3d3 dy5lbnRydXN0Lm5ldC9ycGEwHwYDVR0jBBgwFoAUW0GKssRDwb2/yFRBVZ3glq3/ uaEwHQYDVR0OBBYEFH+oWBa4jDYaleW1GRiN5oKkmtc0MAkGA1UdEwQCMAAwDQYJ KoZIhvcNAQEFBQADggEBAK1d5Nr2XpTqPnCH8tLhiV0/XBPlAZzJfH3qy3TUD+qc jf1H2wmRiU40gU1LG5ma38qRHktkWRYmgjbhg87yMt0whSJhwm87/5Ov/9M/5JYz rsEwD9JK21nbk/aMzDR/ExjakjEyh8jRZKge1MCaAvocfIQFliMP8CxaXR3YPokg HHfhRrfRNN0rshWjPKFn9xUyABEhI2BkLfYGIQlgRO/a5jcE5aY2LyEtzluFqg7W YVocGtM6udu6A2TRIWcbxSWRkjM91cVslWIPNlulgM4p6LF72uMDrZgaez3G7RAx 556okA2klvjA7yzSxfQiP3maZgXXlCTWuw7GUD6bRAM= -----END CERTIFICATE-----
The error I receive is "hostname was not match with the server certificate" from lib/openssl/ssl.rb#121
After some debugging, it appears that the certificate subject is not being parsed correctly and the CN field is being dropped.
Issue Links
- duplicates
-
JRUBY-5834
Jruby-openssl not happy with activemerchant 1.10.0
-
Thank you, confirmed. You're right, openssl lib failed to parse subject of the certificate. I'll investigate it.