Skip to content
This repository has been archived by the owner on Dec 7, 2018. It is now read-only.

Update create_certs.rb #237

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Update create_certs.rb #237

wants to merge 1 commit into from

Conversation

micah
Copy link

@micah micah commented Dec 6, 2016

The newer ruby-certificate-authority will cause the Reel::Server::HTTPS test to fail with the following:

Reel::Server::HTTPS verifies client SSL certs when provided with a CA
     Failure/Error: response = http.request(request)

     OpenSSL::SSL::SSLError:
       SSL_connect returned=1 errno=0 state=unknown state: sslv3 alert unsupported certificate
     # /usr/lib/ruby/2.3.0/net/http.rb:933:in `connect_nonblock'
     # /usr/lib/ruby/2.3.0/net/http.rb:933:in `connect'
     # /usr/lib/ruby/2.3.0/net/http.rb:863:in `do_start'
     # /usr/lib/ruby/2.3.0/net/http.rb:852:in `start'
     # /usr/lib/ruby/2.3.0/net/http.rb:1398:in `request'
     # ./spec/reel/https_server_spec.rb:70:in `block (3 levels) in <top (required)>'
     # ./spec/reel/https_server_spec.rb:115:in `with_reel_https_server'
     # ./spec/reel/https_server_spec.rb:62:in `block (2 levels) in <top (required)>'
     # /usr/lib/ruby/vendor_ruby/rspec/core/example.rb:254:in `instance_exec'
     # /usr/lib/ruby/vendor_ruby/rspec/core/example.rb:254:in `block in run'
     # /usr/lib/ruby/vendor_ruby/rspec/core/example.rb:496:in `block in with_around_and_singleton_context_hooks'
     # /usr/lib/ruby/vendor_ruby/rspec/core/example.rb:453:in `block in with_around_example_hooks'
     # /usr/lib/ruby/vendor_ruby/rspec/core/hooks.rb:464:in `block in run'
     # /usr/lib/ruby/vendor_ruby/rspec/core/hooks.rb:602:in `run_around_example_hooks_for'
     # /usr/lib/ruby/vendor_ruby/rspec/core/hooks.rb:464:in `run'
     # /usr/lib/ruby/vendor_ruby/rspec/core/example.rb:453:in `with_around_example_hooks'
     # /usr/lib/ruby/vendor_ruby/rspec/core/example.rb:496:in `with_around_and_singleton_context_hooks'
     # /usr/lib/ruby/vendor_ruby/rspec/core/example.rb:251:in `run'
     # /usr/lib/ruby/vendor_ruby/rspec/core/example_group.rb:627:in `block in run_examples'
     # /usr/lib/ruby/vendor_ruby/rspec/core/example_group.rb:623:in `map'
     # /usr/lib/ruby/vendor_ruby/rspec/core/example_group.rb:623:in `run_examples'
     # /usr/lib/ruby/vendor_ruby/rspec/core/example_group.rb:589:in `run'
     # /usr/lib/ruby/vendor_ruby/rspec/core/runner.rb:113:in `block (3 levels) in run_specs'
     # /usr/lib/ruby/vendor_ruby/rspec/core/runner.rb:113:in `map'
     # /usr/lib/ruby/vendor_ruby/rspec/core/runner.rb:113:in `block (2 levels) in run_specs'
     # /usr/lib/ruby/vendor_ruby/rspec/core/configuration.rb:1835:in `with_suite_hooks'
     # /usr/lib/ruby/vendor_ruby/rspec/core/runner.rb:112:in `block in run_specs'
     # /usr/lib/ruby/vendor_ruby/rspec/core/reporter.rb:77:in `report'
     # /usr/lib/ruby/vendor_ruby/rspec/core/runner.rb:111:in `run_specs'
     # /usr/lib/ruby/vendor_ruby/rspec/core/runner.rb:87:in `run'
     # /usr/lib/ruby/vendor_ruby/rspec/core/runner.rb:71:in `run'
     # /usr/lib/ruby/vendor_ruby/rspec/core/runner.rb:45:in `invoke'
     # /usr/bin/rspec:4:in `<main>'

The unsupported certificate error is because the client cert that is created was not created with the correct x509v3 extension that is needed for client authentication, and when the cert is checked, this fails

The newer ruby-certificate-authority will cause the Reel::Server::HTTPS test to fail with the following:

```
Reel::Server::HTTPS verifies client SSL certs when provided with a CA
     Failure/Error: response = http.request(request)

     OpenSSL::SSL::SSLError:
       SSL_connect returned=1 errno=0 state=unknown state: sslv3 alert unsupported certificate
     # /usr/lib/ruby/2.3.0/net/http.rb:933:in `connect_nonblock'
     # /usr/lib/ruby/2.3.0/net/http.rb:933:in `connect'
     # /usr/lib/ruby/2.3.0/net/http.rb:863:in `do_start'
     # /usr/lib/ruby/2.3.0/net/http.rb:852:in `start'
     # /usr/lib/ruby/2.3.0/net/http.rb:1398:in `request'
     # ./spec/reel/https_server_spec.rb:70:in `block (3 levels) in <top (required)>'
     # ./spec/reel/https_server_spec.rb:115:in `with_reel_https_server'
     # ./spec/reel/https_server_spec.rb:62:in `block (2 levels) in <top (required)>'
     # /usr/lib/ruby/vendor_ruby/rspec/core/example.rb:254:in `instance_exec'
     # /usr/lib/ruby/vendor_ruby/rspec/core/example.rb:254:in `block in run'
     # /usr/lib/ruby/vendor_ruby/rspec/core/example.rb:496:in `block in with_around_and_singleton_context_hooks'
     # /usr/lib/ruby/vendor_ruby/rspec/core/example.rb:453:in `block in with_around_example_hooks'
     # /usr/lib/ruby/vendor_ruby/rspec/core/hooks.rb:464:in `block in run'
     # /usr/lib/ruby/vendor_ruby/rspec/core/hooks.rb:602:in `run_around_example_hooks_for'
     # /usr/lib/ruby/vendor_ruby/rspec/core/hooks.rb:464:in `run'
     # /usr/lib/ruby/vendor_ruby/rspec/core/example.rb:453:in `with_around_example_hooks'
     # /usr/lib/ruby/vendor_ruby/rspec/core/example.rb:496:in `with_around_and_singleton_context_hooks'
     # /usr/lib/ruby/vendor_ruby/rspec/core/example.rb:251:in `run'
     # /usr/lib/ruby/vendor_ruby/rspec/core/example_group.rb:627:in `block in run_examples'
     # /usr/lib/ruby/vendor_ruby/rspec/core/example_group.rb:623:in `map'
     # /usr/lib/ruby/vendor_ruby/rspec/core/example_group.rb:623:in `run_examples'
     # /usr/lib/ruby/vendor_ruby/rspec/core/example_group.rb:589:in `run'
     # /usr/lib/ruby/vendor_ruby/rspec/core/runner.rb:113:in `block (3 levels) in run_specs'
     # /usr/lib/ruby/vendor_ruby/rspec/core/runner.rb:113:in `map'
     # /usr/lib/ruby/vendor_ruby/rspec/core/runner.rb:113:in `block (2 levels) in run_specs'
     # /usr/lib/ruby/vendor_ruby/rspec/core/configuration.rb:1835:in `with_suite_hooks'
     # /usr/lib/ruby/vendor_ruby/rspec/core/runner.rb:112:in `block in run_specs'
     # /usr/lib/ruby/vendor_ruby/rspec/core/reporter.rb:77:in `report'
     # /usr/lib/ruby/vendor_ruby/rspec/core/runner.rb:111:in `run_specs'
     # /usr/lib/ruby/vendor_ruby/rspec/core/runner.rb:87:in `run'
     # /usr/lib/ruby/vendor_ruby/rspec/core/runner.rb:71:in `run'
     # /usr/lib/ruby/vendor_ruby/rspec/core/runner.rb:45:in `invoke'
     # /usr/bin/rspec:4:in `<main>'
```

The unsupported certificate error is because the client cert that is created was not created with the correct x509v3 extension that is needed for client authentication, and when the cert is checked, this fails
@kenichi kenichi mentioned this pull request May 15, 2017
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant