CRL check fails if the issuing CA uses EC key pair

[tsaarni]

The CRL file may be issued by a CA that uses EC key pair. Validating peer certificates (of any key type) against CRL from this kind of CA currently fails.

The problem is that jruby-openssl currently cannot verify the CRL file if it is signed with EC public key. The execution will end up in the default branch here, which fails when the key type is not RSA

jruby-openssl/src/main/java/org/jruby/ext/openssl/SecurityHelper.java

Lines 613 to 618 in 94aa9f4

	else {
	BigInteger mod = ((RSAPublicKey) publicKey).getModulus();
	BigInteger exp = ((RSAPublicKey) publicKey).getPublicExponent();
	AsymmetricKeyParameter rsaKey = new RSAKeyParameters(false, mod, exp);
	verifierProvider = new BcRSAContentVerifierProviderBuilder(digestAlgFinder).build(rsaKey);
	}