Giters

unixcharles / acme-client

A Ruby client for the letsencrypt's ACME protocol.

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Failing spec Acme::Client::CertificateRequest assigns the public key (FAILED - 1)

weppos opened this issue · comments

commented

I can't get the current test suite to work. I keep getting an error on the following spec:

Acme::Client::CertificateRequest
  assigns the public key (FAILED - 1)

Failures:

  1) Acme::Client::CertificateRequest assigns the public key
     Failure/Error: expect(request.csr.public_key.to_der).to eq(public_key_to_der(test_key))

       expected: "0Y0\x13\x06\a*\x86H\xCE=\x02\x01\x06\b*\x86H\xCE=\x03\x01\a\x03B\x00\x04-y\xF9y\x18\xE5E\xC0\x87\x99...\xA3+\xF6\x06\e\xC9{\x17%\x80\xCEI\x12+s\xC9\x06\xA6k\x8B\xB9P\xBC\x0FX,\x06\xF7\x0FwFp\xF9\x88\x9A"
            got: "0w\x02\x01\x01\x04 \x1C\xE3\xBF7\f\x96Q>\f$\xB4\xF8M!7\xED#d\xEF\xFD\xDE$\x900\xDAG=\xEC\xA1\xC1\xBE...\xA3+\xF6\x06\e\xC9{\x17%\x80\xCEI\x12+s\xC9\x06\xA6k\x8B\xB9P\xBC\x0FX,\x06\xF7\x0FwFp\xF9\x88\x9A"

       (compared using ==)

       Diff:
       @@ -1,2 +1,3 @@
       -0Y0*?H?*?H?=B-y?y?E???~?mU?7??6??L???????+?{%??I+s??k??P?X,?wFp???
       +0w ??7
              ?Q>
                 $??M!7?#d???$?0?G=????0?
       *?H?=?DB-y?y?E???~?mU?7??6??L???????+?{%??I+s??k??P?X,?wFp???

     # ./spec/certificate_request_spec.rb:101:in `block (2 levels) in <top (required)>'

Finished in 0.04114 seconds (files took 0.7615 seconds to load)
1 example, 1 failure

Failed examples:

rspec ./spec/certificate_request_spec.rb:98 # Acme::Client::CertificateRequest assigns the public key

Interestingly enough, the DER conversion seems to be causing the problem. I compared the PEM and it worked, but the DER does not.

(byebug) public_key_from_private(request.csr.public_key).to_pem == public_key_from_private(test_key).to_pem
true
(byebug) request.csr.public_key.to_der == public_key_to_der(test_key)
false

Anyone else is having the same issue?

commented

I'm seeing this too. I think this isn't visible to the devs, since the tests run on Travis with OpenSSL 1.0.2g 1 Mar 2016, and (I suspect) previous version of OpenSSL would replace the private key in a signing request with the public key as a side-effect of signing.

I think https://github.com/unixcharles/acme-client/pull/111/files/a988895a70da676ab3c818c096c89ee54f95c899 is the root cause, because when I altered the test to compare request.csr.public_key.to_der with test_key.to_der, it passed.

commented

#189 fix this. I'm giving up on fully understanding OpenSSL at this point.

Also switched to comparing in PEM. It make the diff much more obvious.