Details

    • Type: Bug Bug
    • Status: Resolved Resolved
    • Priority: Major Major
    • Resolution: Fixed
    • Affects Version/s: JRuby 1.6.4, JRuby 1.6.5
    • Fix Version/s: JRuby-OSSL 0.7.5
    • Component/s: OpenSSL
    • Labels:
      None
    • Environment:
      Mac OSx, Linux
    • Number of attachments :
      0

      Description

      Connected to https to the following domain: https://secure.ally.com with certificate verification enabled.

      Here is the server certificate returned:

      -----BEGIN CERTIFICATE----- 
      MIIFLDCCBBSgAwIBAgIETCBFODANBgkqhkiG9w0BAQUFADCBsTELMAkGA1UEBhMC 
      VVMxFjAUBgNVBAoTDUVudHJ1c3QsIEluYy4xOTA3BgNVBAsTMHd3dy5lbnRydXN0 
      Lm5ldC9ycGEgaXMgaW5jb3Jwb3JhdGVkIGJ5IHJlZmVyZW5jZTEfMB0GA1UECxMW 
      KGMpIDIwMDkgRW50cnVzdCwgSW5jLjEuMCwGA1UEAxMlRW50cnVzdCBDZXJ0aWZp 
      Y2F0aW9uIEF1dGhvcml0eSAtIEwxRTAeFw0xMTA2MjEyMDE3NDVaFw0xMzA5MjIx 
      MTA4NDVaMIHRMQswCQYDVQQGEwJVUzENMAsGA1UECBMEVXRhaDEQMA4GA1UEBxMH 
      TUlEVkFMRTETMBEGCysGAQQBgjc8AgEDEwJVUzEVMBMGCysGAQQBgjc8AgECEwRV 
      dGFoMRIwEAYDVQQKEwlBbGx5IEJhbmsxHTAbBgNVBA8TFFByaXZhdGUgT3JnYW5p 
      emF0aW9uMRMwEQYDVQQLEwpXZWIgQ2xpZW50MS0wEwYDVQQFEww1NjIxNjcwLTAx 
      NDIwFgYDVQQDEw9zZWN1cmUuYWxseS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IB 
      DwAwggEKAoIBAQCVIT4+fFGSP7iSJUM9dFOStLM73qIJVnxWUnf8AvaNLIXBns3J 
      ReOqvcmES++5tbMbLgTSspBdPhV7EiBrF8ZT9WpnYGCyhjulNoaULgZtd8aLzAn7 
      D98QrkZmA0zKeGlUdFYagxNrWyNC2y2FqLhOuturfw12iW3mCgRPpZP5H0+1AUd+ 
      zmDvYGHB0n9+uudwPc4Myi6xa0DbZqThlvjTmJUbB/rEZcf8jxb7dhpW7rHRSBND 
      25PJXzHBK/KeTd1ZfFFu1QdP0DxsAXUBOmd41/qmu3WuP/k3XQSNP1UxZyBnH4iJ 
      SyyBMal6JeqAs+U/cFVIfEpBWB2xzteYnOINAgMBAAGjggEoMIIBJDALBgNVHQ8E 
      BAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMDMGCCsGAQUFBwEB 
      BCcwJTAjBggrBgEFBQcwAYYXaHR0cDovL29jc3AuZW50cnVzdC5uZXQwMwYDVR0f 
      BCwwKjAooCagJIYiaHR0cDovL2NybC5lbnRydXN0Lm5ldC9sZXZlbDFlLmNybDBB 
      BgNVHSAEOjA4MDYGCmCGSAGG+mwKAQIwKDAmBggrBgEFBQcCARYaaHR0cDovL3d3 
      dy5lbnRydXN0Lm5ldC9ycGEwHwYDVR0jBBgwFoAUW0GKssRDwb2/yFRBVZ3glq3/ 
      uaEwHQYDVR0OBBYEFH+oWBa4jDYaleW1GRiN5oKkmtc0MAkGA1UdEwQCMAAwDQYJ 
      KoZIhvcNAQEFBQADggEBAK1d5Nr2XpTqPnCH8tLhiV0/XBPlAZzJfH3qy3TUD+qc 
      jf1H2wmRiU40gU1LG5ma38qRHktkWRYmgjbhg87yMt0whSJhwm87/5Ov/9M/5JYz 
      rsEwD9JK21nbk/aMzDR/ExjakjEyh8jRZKge1MCaAvocfIQFliMP8CxaXR3YPokg 
      HHfhRrfRNN0rshWjPKFn9xUyABEhI2BkLfYGIQlgRO/a5jcE5aY2LyEtzluFqg7W 
      YVocGtM6udu6A2TRIWcbxSWRkjM91cVslWIPNlulgM4p6LF72uMDrZgaez3G7RAx 
      556okA2klvjA7yzSxfQiP3maZgXXlCTWuw7GUD6bRAM= 
      -----END CERTIFICATE----- 
      

      The error I receive is "hostname was not match with the server certificate" from lib/openssl/ssl.rb#121

      After some debugging, it appears that the certificate subject is not being parsed correctly and the CN field is being dropped.

        Issue Links

          Activity

          Hide
          Hiroshi Nakamura added a comment -

          Thank you, confirmed. You're right, openssl lib failed to parse subject of the certificate. I'll investigate it.

          Show
          Hiroshi Nakamura added a comment - Thank you, confirmed. You're right, openssl lib failed to parse subject of the certificate. I'll investigate it.
          Hide
          Hiroshi Nakamura added a comment -

          I've found that it's already fixed at master but not yet released... Can you try 0.7.5.dev at http://ci.jruby.org/job/jruby-ossl/ ?

          Show
          Hiroshi Nakamura added a comment - I've found that it's already fixed at master but not yet released... Can you try 0.7.5.dev at http://ci.jruby.org/job/jruby-ossl/ ?
          Hide
          Peter Krimmel added a comment -

          Tried it and it works. Thanks!

          Show
          Peter Krimmel added a comment - Tried it and it works. Thanks!
          Hide
          Hiroshi Nakamura added a comment -

          Thanks for confirmation. Closing.

          Show
          Hiroshi Nakamura added a comment - Thanks for confirmation. Closing.

            People

            • Assignee:
              Hiroshi Nakamura
              Reporter:
              Peter Krimmel
            • Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: