<GitHub176>
jruby-openssl/master 75242d4 kares: at last, do BN comparison `==` vs `eql?` properly - just like MRI version
<GitHub176>
[jruby-openssl] kares pushed 3 new commits to master: https://git.io/vFsVR
<GitHub176>
jruby-openssl/master 6e213fd kares: get `BN.new("...", 0)` working as OpenSSL does - using MPI format
<GitHub176>
jruby-openssl/master 67820b9 kares: [build] we're fine with less jruby (1.7.x) profiles
zacts has quit [Ping timeout: 246 seconds]
dave__ has joined #jruby
dave__ has quit [Remote host closed the connection]
dave__ has joined #jruby
claudiuinberlin has joined #jruby
drbobbeaty has quit [Quit: My MacBook Pro has gone to sleep. ZZZzzz…]
drbobbeaty has joined #jruby
claudiuinberlin has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
vtunka has joined #jruby
claudiuinberlin has joined #jruby
drbobbeaty has quit [Quit: My MacBook Pro has gone to sleep. ZZZzzz…]
vtunka has quit [Quit: Leaving]
dave__ has quit [Remote host closed the connection]
dave__ has joined #jruby
vtunka has joined #jruby
claudiuinberlin has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
claudiuinberlin has joined #jruby
vtunka has quit [Quit: Leaving]
shellac has joined #jruby
vtunka has joined #jruby
shellac has quit [Ping timeout: 240 seconds]
shellac has joined #jruby
dave__ has quit [Remote host closed the connection]
dave__ has joined #jruby
<GitHub17>
[jruby-openssl] kares pushed 2 new commits to master: https://git.io/vFsQm
<GitHub17>
jruby-openssl/master c1901f2 kares: allow for SSLContext#dup to work (copy-ing Ruby level i-variables only)
<GitHub17>
jruby-openssl/master ec7b8e7 kares: [test] include start_server from 2.3 + setup tests as in MRI's repo
drbobbeaty has joined #jruby
vtunka has quit [Quit: Leaving]
dave__ has quit [Remote host closed the connection]
dave__ has joined #jruby
dave__ has quit [Remote host closed the connection]
dave__ has joined #jruby
dave__ has quit [Remote host closed the connection]
claudiuinberlin has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
dave__ has joined #jruby
shellac has quit [Quit: Computer has gone to sleep.]
shellac has joined #jruby
dave__ has quit [Remote host closed the connection]
dave__ has joined #jruby
Antiarc has quit [Remote host closed the connection]
Antiarc has joined #jruby
claudiuinberlin has joined #jruby
lance|afk is now known as lanceball
<headius>
kares: ok, keep us posted
<kares>
will do - fixed some issues but still not sure about the hang (and had to switch to non-oss work mode)
<kares>
are you guys only waiting for jossl with 9.1.14 at this point?
<headius>
well most things are ready to go
<headius>
I've not found a solution to the cert issue
<kares>
yeah that might be a deep diver
<kares>
was looking into the verify CB which is setup in Ruby (and is different on JRuby vs MRI) so maybe that might be related?
<headius>
CB?
<headius>
I'm looking at the verify code, yeah
<headius>
I'm trying to confirm how the chain verification decides to stop digging
<headius>
the google cert is issued by geotrust, which should be a CA, so stop digging there?
<headius>
but it doesn't, it looks for geotrust issuer which is the bad equifax cert
<headius>
I'm also trying to understand why we have this logic in the first place
<headius>
shouldn't this be built into X.509 logic already?
<kares>
ah right sorry - yeah this should be all underneath the surface - the Ruby part should not be involved
<kares>
but just to be sure I'll give it a try ...
<headius>
I'm looking at StoreContext.verifyCertificate
<headius>
it builds the chain and then verifies it...it's just weird that this code has to be hand-written
vtunka has joined #jruby
<kares>
has to since user might hand set verification - so we need to bypass JSSE
<kares>
(I mean bypass its defaults)
<kares>
in the past I was thinking about providing a Java only default that would ignore all user settings
<kares>
UPDATE: for my ubuntu with the same ca-certificates packages it seems to work
<kares>
or I am doing smt wrong :(
shellac has quit [Read error: Connection reset by peer]
<headius>
really?
<headius>
kares: where is the logic that determines how/where we lookup certs?
<headius>
I just don't understand where this cert is coming from
<headius>
kares: this is baffling
<headius>
I don't understand where this Equifax is coming from
<kares>
headius: honestly I'm not sure I can point you to an exact place, net/http sets store etc which than gets looked-up
<kares>
are you testing that net/http code only or were you able to minimize the reproducer?
<headius>
still going through that net/http code
<headius>
but I straced and only saw it access the java keystore
<headius>
that's a good point though
vtunka has quit [Quit: Leaving]
<GitHub105>
[jruby] saxenadeepakkumar opened issue #4836: Getting error while giving fully qualified path to parse file with yard-cucumber https://git.io/vFGl4
<GitHub59>
[jruby-openssl] kares pushed 1 new commit to master: https://git.io/vFGBp
<GitHub59>
jruby-openssl/master 2ced388 kares: fix signature-alg to default to NULL and report it as 0.0 (like MRI)
<headius>
aaargh
<kares>
ok so the hang from the CI suite seems to not want to reproduce locally and I already tried giving it slightly more memozy on CI
<kares>
this is what I meant previously - having different verify_certificate_identity hack then MRI in .rb parts