-
Notifications
You must be signed in to change notification settings - Fork 165
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
re-examination about SSLContext#add_certificate_chain_file
#305
Comments
I agree. Was |
Line 33 in 62287be
|
So we could consider remove it before it’s released if we can implement the alternatives in time... do you have time to make PR? |
So sorry... I could not make the PR by the next release. |
Don't be sorry, I'll see if I can take a stab. @hsbt if we decide to change this, what is the latest time we can merge this into Ruby 2.7? |
@ioquatix I sent PR(plan 1).
You may review this later, I think. #257 (comment) |
Let's revert the changes for now, as it cannot be included in the 2.2.0 release. My comment on ruby#257: > A blocker is OpenSSL::SSL::SSLContext#add_certificate_chain_file. It > has a pending change and I don't want to include it in an incomplete > state. > > The initial implementation in commit 46e4bdb was not really > useful. The issue is described in ruby#305. ruby#309 extended it > to take the corresponding private key together. However, the new > implementation was incompatible on Windows and was reverted by ruby#320 to > the initial one. > > (The prerequisite to implement it in) an alternative way is ruby#288, and > it's still cooking. This effectively reverts the following commits: - dacd089 ("ssl: suppress test failure with SSLContext#add_certificate_chain_file", 2020-03-09) - 46e4bdb ("Add support for SSL_CTX_use_certificate_chain_file. Fixes ruby#254.", 2019-06-13)
SSLContext#add_certificate_chain_file()
is able to load a chain certificates file. I want to re-examine this API.As commented, the old setters(
SSLContext#cert=
,key=
,extra_chain_cert=
) are deprecated.If
add_certificate_chain_file
is used, it is needed to callkey=
to load the private key associated with certificates.That is, as provided
add_certificate_chain_file
and then it would be requiredkey=
.The API that parses a chain certificates file is so nice and I think that is needed. So, I suggest 2 plans.
add_certificate_chain_file
to accept the path to the private key. Also, it is needed to rename too.Certificate.load_file
and deprecateadd_certificate_chain_file
.The text was updated successfully, but these errors were encountered: