Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This allows usage of JWKs with OpenSSL v3, which is the default in Ubuntu 22.04. OpenSSL v1.1.1 (the current default in many OSes) is EOL later in 2023.
rake test
successfully executes with OpenSSL v1.1.1, so this should be fully backwards compatible. None of that code has changed, but instead it's routed to if the OpenSSL version matches.I haven't been able to make an isolated environment with OpenSSL v3; I think it would be much easier to do once PR 106 is merged.
That said, I did pull in this branch to my service which is running Ubuntu 22.04 with OpenSSL v3, and I was able to successfully generate QR codes once again.
The Ruby OpenSSL support for parameters is currently lacking, so using the ASN data to manually create keys seems to be "state of the art". See ruby/openssl#369 (comment) and ruby/openssl#369 (comment) for specifically using ASNs.
Once ruby/openssl#555 is merged it's likely that a lot of the "ugly" code with ASNs can be cleaned up and made simpler, but this gets everything working in the mean time.