Parses the UTF-8 string representation of a distinguished name, according to RFC 2253.
See also to_utf8 for the opposite operation.
Parses the string representation of a distinguished name. Two different forms are supported:
OpenSSL format (X509_NAME_oneline()) used by to_s. For example: /DC=com/DC=example/CN=nobody
OpenSSL format (X509_NAME_print()) used by to_s(OpenSSL::X509::Name::COMPAT). For example: DC=com, DC=example, CN=nobody
Neither of them is standardized and has quirks and inconsistencies in handling of escaped characters or multi-valued RDNs.
Use of this method is discouraged in new applications. See Name.parse_rfc2253 and to_utf8 for the alternative.
Returns the human readable error string corresponding to the error code retrieved by error.
See also the man page X509_verify_cert_error_string(3).
Returns the depth of the chain. This is used in combination with error.
See also the man page X509_STORE_CTX_get_error_depth(3).
Returns the certificate which caused the error.
See also the man page X509_STORE_CTX_get_current_cert(3).
Returns the CRL which caused the error.
See also the man page X509_STORE_CTX_get_current_crl(3).
Signs data using a private key pkey. Unlike sign, data will not be hashed by digest automatically.
See verify_raw for the verification operation.
Added in version 3.0. See also the man page EVP_PKEY_sign(3).
digestA String that represents the message digest algorithm name, or nil if the PKey type requires no digest algorithm. Although this method will not hash data with it, this parameter may still be required depending on the signature algorithm.
dataA String. The data to be signed.
optionsA Hash that contains algorithm specific control operations to OpenSSL. See OpenSSL’s man page EVP_PKEY_CTX_ctrl_str(3) for details.
Example:
data = "Sign me!" hash = OpenSSL::Digest.digest("SHA256", data) pkey = OpenSSL::PKey.generate_key("RSA", rsa_keygen_bits: 2048) signopts = { rsa_padding_mode: "pss" } signature = pkey.sign_raw("SHA256", hash, signopts) # Creates a copy of the RSA key pkey, but without the private components pub_key = pkey.public_key puts pub_key.verify_raw("SHA256", signature, hash, signopts) # => true
Verifies the signature for the data using a public key pkey. Unlike verify, this method will not hash data with digest automatically.
Returns true if the signature is successfully verified, false otherwise. The caller must check the return value.
See sign_raw for the signing operation and an example code.
Added in version 3.0. See also the man page EVP_PKEY_verify(3).
signatureA String containing the signature to be verified.