Should this work with Ruby 2.x? Its not for me

[rberger]

I'm running on Max OS X 10.9.3 and rvm.

I have a simple test script:

#!/usr/bin/env ruby
require 'openssl_pkcs8'

key = OpenSSL::PKey::RSA.new(1024)

result = key.to_pem_pkcs8

puts result

If I use ruby-1.9.3-p484 the test script works fine.

If I use rvm to switch to any of the following

ruby-2.0.0-p247 [ x86_64 ]
ruby-2.1.0 [ x86_64 ]
ruby-2.1.2 [ x86_64 ]

it doesn't work and I get something like:

./tst_pkim.rb:6: [BUG] Segmentation fault at 0x00000000000000

...

-- Control frame information -----------------------------------------------
c:0003 p:---- s:0009 e:000008 CFUNC  :to_pem_pkcs8
c:0002 p:0033 s:0006 E:001478 EVAL   ./tst_pkim.rb:6 [FINISH]
c:0001 p:0000 s:0002 E:000438 TOP    [FINISH]

./tst_pkim.rb:6:in `<main>'
./tst_pkim.rb:6:in `to_pem_pkcs8'

-- C level backtrace information -------------------------------------------
0   ruby                                0x00000001002851a6 rb_vm_bugreport + 134
1   ruby                                0x000000010013bc53 report_bug + 307
2   ruby                                0x000000010013bb14 rb_bug + 180
3   ruby                                0x0000000100208599 sigsegv + 153
4   libsystem_platform.dylib            0x00007fff8f4a65aa _sigtramp + 26
5   libcrypto.0.9.8.dylib               0x00007fff8ecba5b5 BN_num_bits + 21
6   ???                                 0x00000000ffffffff 0x0 + 4294967295

Is it something in my environment? Or something else?

[tadman]

I've noticed this problem, too. Something in the Ruby 2 core has changed and made this work-around non-functional.

I'm working to add PKCS8 support to krypt to avoid needing this module in the first place. When that's done then there will be support in Ruby 2.0 and 2.1.

[jkeiser]

Seeing the same here.

[rberger]

Heh, Yeah, I discovered the problem while trying to make chef_metal 0.11.beta2 work. Was about to let you (jkeiser) know once I got confirmation it wasn’t just me

[tadman]

I'm having some trouble getting this working again due to other issues piling on. OpenSSL, as the Heartbeed bug demonstrated, is a pretty awful codebase to work with.

Apple's been trying to cut ties with that toxic library and the default OpenSSL layer that ships with 10.9 has broken PKCS8 support making it harder to test this and develop a work-around.

[cielavenir]

Somehow (OSX 10.9.3) ruby 2.0.0p451 (2014-02-24 revision 45167) [universal.x86_64-darwin13] is not affected...

(PS: The main reason why I use this gem sometimes is that Chrome WebStore requires key.pem in PKCS8 format.)

[tadman]

That's an interesting combination. Do you have the OpenSSL library installed independent of the operating system, such as via Homebrew or MacPorts? Are you using RVM which sometimes installs its own version? I've had no trouble compiling 1.9.3 versions in the past, but 2.x has never worked for me, the internal structures have changed.

This sort of hack shouldn't be necessary as the Ruby OpenSSL library should have a to_pem function that takes an argument like format: :pkcs8 to do this properly in the first place. The difference between the OpenSSL key format and PKCS8 are minor but important. That Ruby can't emit these natively is a bug in my opinion.

[cielavenir]

I had just sudo gem install openssl_pkcs8.
And I think openssl is /System/Library/Frameworks/Ruby.framework/Versions/2.0/usr/lib/ruby/2.0.0/universal-darwin13/openssl.bundle...

[cielavenir]

somehow, ruby 2.0.0p384 (2014-01-12) [x86_64-linux-gnu] and ruby 2.1.2p95 (2014-05-08 revision 45877) [x86_64-linux-gnu] are also fine here...

[cielavenir]

Well, perhaps you can use https://github.com/cielavenir/openssl_pkcs8_pure, which also has DSA/EC and jruby support (only RSA though)