pkcs7: allow recipient's certificate to be omitted for PKCS7#decrypt #183
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
rhenium
changed the title
rhenium
force-pushed
the
ky/pkcs7-decrypt-without-recipients-certificate
branch
from
a51a2d7
to
769b557
Compare
The recipient's certificate is not mandatory for PKCS7_decrypt(). Make it possible to call OpenSSL::PKCS7#decrypt with only the private key to match the functionality. Reference: ruby#182
cmd-ntrf
added a commit
to cmd-ntrf/hiera-eyaml
that referenced
this pull request
Apr 29, 2024
In PKCS7 RFC, the recipient certificate is not mandatory when decrypting. This is also how it is implemented in OpenSSL PKCS7_decrypt(). However, it is only since version 2.2.0 of ruby-openssl that it is possible to call OpenSSL::PKCS7#decrypt with only the private key. Ref: ruby/openssl#183 The issue of hiera-eyaml requiring the public key when decrypting has been brought before in voxpupuli#137, but ruby-openssl was yet patched.
cmd-ntrf
added a commit
to cmd-ntrf/hiera-eyaml
that referenced
this pull request
Apr 29, 2024
In PKCS7 RFC, the recipient certificate is not mandatory when decrypting. This is also how it is implemented in OpenSSL PKCS7_decrypt(). However, it is only since version 2.2.0 of ruby-openssl that it is possible to call OpenSSL::PKCS7#decrypt with only the private key. Ref: ruby/openssl#183 The issue of hiera-eyaml requiring the public key when decrypting has been brought before in voxpupuli#137, but ruby-openssl was yet patched.
cmd-ntrf
added a commit
to cmd-ntrf/hiera-eyaml
that referenced
this pull request
May 1, 2024
In PKCS7 RFC, the recipient certificate is not mandatory when decrypting. This is also how it is implemented in OpenSSL PKCS7_decrypt(). However, it is only since version 2.2.0 of ruby-openssl that it is possible to call OpenSSL::PKCS7#decrypt with only the private key. Ref: ruby/openssl#183 The issue of hiera-eyaml requiring the public key when decrypting has been brought before in voxpupuli#137, but ruby-openssl was yet patched.
cmd-ntrf
added a commit
to cmd-ntrf/hiera-eyaml
that referenced
this pull request
May 1, 2024
In PKCS7 RFC, the recipient certificate is not mandatory when decrypting. This is also how it is implemented in OpenSSL PKCS7_decrypt(). However, it is only since version 2.2.0 of ruby-openssl that it is possible to call OpenSSL::PKCS7#decrypt with only the private key. Ref: ruby/openssl#183 The issue of hiera-eyaml requiring the public key when decrypting has been brought before in voxpupuli#137, but ruby-openssl was yet patched.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
The recipient's certificate is not mandatory for PKCS7_decrypt(). Make
it possible to call OpenSSL::PKCS7#decrypt with only the private key to
match the functionality with PKCS7_decrypt().
Reference: #182