OpenSSL::X509::Certificate#to_text crashes with NPE

[cheald]

WEBRick::HTTPServer invokes then when trying to start up a server with an x509 cert. Minimum repro case (don't worry, it's a cert generated specifically for testing):

require 'openssl'
cert = OpenSSL::X509::Certificate.new <<-EOF
-----BEGIN CERTIFICATE-----
MIIFcjCCA1oCCQCa3TLZ9FJORzANBgkqhkiG9w0BAQsFADB6MQswCQYDVQQGEwJV
UzEVMBMGA1UECAwMVGhlIEludGVybmV0MRUwEwYDVQQHDAxUaGUgSW50ZXJuZXQx
FTATBgNVBAoMDE1hbnRpY29yZSBDQTESMBAGA1UECwwJTWFudGljb3JlMRIwEAYD
VQQDDAlsb2NhbGhvc3QwHhcNMTUwNDA2MDc1OTQ2WhcNMTUwNDA3MDc1OTQ2WjB8
MQswCQYDVQQGEwJVUzEVMBMGA1UECAwMVGhlIEludGVybmV0MRUwEwYDVQQHDAxU
aGUgSW50ZXJuZXQxFzAVBgNVBAoMDk1hbnRpY29yZSBIb3N0MRIwEAYDVQQLDAlN
YW50aWNvcmUxEjAQBgNVBAMMCWxvY2FsaG9zdDCCAiIwDQYJKoZIhvcNAQEBBQAD
ggIPADCCAgoCggIBANi9QKfRpmRXkfpcrLaI14gIT6VmDvrphQLhx8+JrEJihKv4
kXR061UFV2K52bfumoD+/vdj9DzQIAKMUXUn+Z8BfAsJR6wgocCE/I0a0NOurzMe
FTgdL6oo8pnxQ5lv7wxhUNMwXJcfcefIqBO91lKwajL9MAiOoHcfK5KNKHyowjqR
+KMUUhps4x0llkqcKZlFnhMuy2bhJDID/6xT07C6fzGH7e0ty+EWVKz7zG0mT4ek
ygZhusSkYOAp7q0FSPdR1KwB/Z5XlUjmrfvsfmSZ1kXWivJchv7cxKwu0c9fRGP5
HHSKmJn8yl5GhFt+RwTlC1O652sJylSyemh46UgNeKn9biBmKO3mgtLdnAT1tY/Z
KGByqRRmzsXcLQCP5HdKAwzjP/Lvf0k4RybmYkY14S9xnDrOojkN8yg9mZ3dzuvZ
ZRxv6EMU/Te86H9FcyBiX7IFR5sXpMTit0T6XOXmhULA9zKlHlEZ13CASjC1nMc1
rWeB6HKFJBS/Ag02it5onbqvkIsbbQqZyTwVT0yH/CYZO1YlNIvDyvmYSNm0avgZ
5pCzdBc3WlX+osVGuWMdilR93kNBI/MQRr+XDnDCXeAb3c43uBaYveYpakUDxJQB
QDSvTmAIFf8GpfyQFgLOO20CZ95LWgr/4PH2C9BPh6hciEbZgomxmuYy3PZ7AgMB
AAEwDQYJKoZIhvcNAQELBQADggIBAErx32pC6o94xIqazKDAJFnevoQjupjaW7Wc
d+QcBD/sZ5Zlfmv/MPeDaO4oGsKHHPecUojwzYg3H+BNLnjg9m7IWwqdaxuVLdt+
5sC3KFHlMtcw42Ux6XfKGecDHisJdEkoP/pPcwcfL7teZbt3dwtUh9h1dOcNFfsl
qMN7mRmDTWZIozncQCmAU6TKreZpGqeN8sTIyjvKXyXFjMhPeP0TOFfIKaUCHbyi
Ze/bREEp67G2XNxdJMAlY407RcQyoAGnbFIf/WBCiR8Y+/pnjc5n1Wc8UXXW6EVm
ObfdNkY/F4w5SPRSthn62msj7yaiAiZQ21Uwl0zb+Axvz2SS6f6NPDEinvyWIAo4
PX0p3ujl5OrYdNCe6/2cft5L73X1mAsBAtkmMXnVACm6cIPv4S3jYUXvpnfOYFCm
r91Lpir5muDzXjtXvXUUCp0Hp7ONr+Y3BI5C+Z+yiq9XHy56jv/az/h/8soEB+g5
7UrdKeDWrSUbOm85VLymiadggX+ZgxxDqCXEUPBFqgLwPe5FMLa07lUSnn2F0sK9
YVdE5HiXeoj+WE+WmRlEM3ZWujqDh8AJgaDip5hltCxWXTEBSLV4gHBKcphBbkf6
XBzK5QOuZdfCC6WJHA2Mesi3yZBbbO5Tw7vPCPdQ97pj0J3Tw1YVRPHMeJKJyF98
7/EXBJpK
-----END CERTIFICATE-----
EOF
cert.to_text

This doesn't break on JRuby 1.7.19, but does on 9k.pre1 and head (presumably due to the version of jruby-openssl packaged). Debugging reveals that this.version is nil, so fix2int(this.version) throws an NPE.

[cheald]

Setting cert.version = 1 before calling #to_text avoids the crash, but the text indicates that the signature algorithm is null.

JRuby 1.7.19:

      [0]         Version: 1
             SerialNumber: 11159131363382283847
                 IssuerDN: C=US,ST=The Internet,L=The Internet,O=Manticore CA,OU=Manticore,CN=localhost
               Start Date: Mon Apr 06 00:59:46 MST 2015
               Final Date: Tue Apr 07 00:59:46 MST 2015
                SubjectDN: C=US,ST=The Internet,L=The Internet,O=Manticore Host,OU=Manticore,CN=localhost
               Public Key: RSA Public Key
                modulus: d8bd40a7d1a6645791fa5cacb688d788084fa5660efae98502e1c7cf89ac426284abf8917474eb55055762b9d9b7ee9a80fefef763f43cd020028c517527f99f017c0b0947ac20a1c084fc8d1ad0d3aeaf331e15381d2faa28f299f143996fef0c6150d3305c971f71e7c8a813bdd652b06a32fd30088ea0771f2b928d287ca8c23a91f8a314521a6ce31d25964a9c2999459e132ecb66e1243203ffac53d3b0ba7f3187eded2dcbe11654acfbcc6d264f87a4ca0661bac4a460e029eead0548f751d4ac01fd9e579548e6adfbec7e6499d645d68af25c86fedcc4ac2ed1cf5f4463f91c748a9899fcca5e46845b7e4704e50b53bae76b09ca54b27a6878e9480d78a9fd6e206628ede682d2dd9c04f5b58fd9286072a91466cec5dc2d008fe4774a030ce33ff2ef7f49384726e6624635e12f719c3acea2390df3283d999dddceebd9651c6fe84314fd37bce87f457320625fb205479b17a4c4e2b744fa5ce5e68542c0f732a51e5119d770804a30b59cc735ad6781e872852414bf020d368ade689dbaaf908b1b6d0a99c93c154f4c87fc26193b5625348bc3caf99848d9b46af819e690b37417375a55fea2c546b9631d8a547dde434123f31046bf970e70c25de01bddce37b81698bde6296a4503c494014034af4e600815ff06a5fc901602ce3b6d0267de4b5a0affe0f1f60bd04f87a85c8846d98289b19ae632dcf67b
        public exponent: 10001

      Signature Algorithm: SHA256withRSA
                Signature: 4af1df6a42ea8f78c48a9acca0c02459debe8423
                           ba98da5bb59c77e41c043fec6796657e6bff30f7
                           8368ee281ac2871cf79c5288f0cd88371fe04d2e
                           78e0f66ec85b0a9d6b1b952ddb7ee6c0b72851e5
                           32d730e36531e977ca19e7031e2b097449283ffa
                           4f73071f2fbb5e65bb77770b5487d87574e70d15
                           fb25a8c37b9919834d6648a339dc40298053a4ca
                           ade6691aa78df2c4c8ca3bca5f25c58cc84f78fd
                           133857c829a5021dbca265efdb444129ebb1b65c
                           dc5d24c025638d3b45c432a001a76c521ffd6042
                           891f18fbfa678dce67d5673c5175d6e8456639b7
                           dd36463f178c3948f452b619fada6b23ef26a202
                           2650db5530974cdbf80c6fcf6492e9fe8d3c3122
                           9efc96200a383d7d29dee8e5e4ead874d09eebfd
                           9c7ede4bef75f5980b0102d9263179d50029ba70
                           83efe12de36145efa677ce6050a6afdd4ba62af9
                           9ae0f35e3b57bd75140a9d07a7b38dafe637048e
                           42f99fb28aaf571f2e7a8effdacff87ff2ca0407
                           e839ed4add29e0d6ad251b3a6f3954bca689a760
                           817f99831c43a825c450f045aa02f03dee4530b6
                           b4ee55129e7d85d2c2bd615744e478977a88fe58
                           4f96991944337656ba3a8387c00981a0e2a79865
                           b42c565d310148b57880704a7298416e47fa5c1c
                           cae503ae65d7c20ba5891c0d8c7ac8b7c9905b6c
                           ee53c3bbcf08f750f7ba63d09dd3c3561544f1cc
                           789289c85f7ceff117049a4a

jruby-head:

    Certificate:
        Data:
            Version: 2 (0x1)
            Serial Number:
                9a:dd:32:d9:f4:52:4e:47
        Signature Algorithm: null
            Issuer: /C=US/ST=The Internet/L=The Internet/O=Manticore CA/OU=Manticore/CN=localhost
            Validity
                Not Before: Apr  6 07:59:46 2015 GMT
                Not After : Apr  7 07:59:46 2015 GMT
            Subject: /C=US/ST=The Internet/L=The Internet/O=Manticore Host/OU=Manticore/CN=localhost
            Subject Public Key Info:
                Public Key Algorithm: RSA
                    Public-Key: (4096 bit)
                    Modulus:
                        00:d8:bd:40:a7:d1:a6:64:57:91:fa:5c:ac:b6:88:
                        d7:88:08:4f:a5:66:0e:fa:e9:85:02:e1:c7:cf:89:
                        ac:42:62:84:ab:f8:91:74:74:eb:55:05:57:62:b9:
                        d9:b7:ee:9a:80:fe:fe:f7:63:f4:3c:d0:20:02:8c:
                        51:75:27:f9:9f:01:7c:0b:09:47:ac:20:a1:c0:84:
                        fc:8d:1a:d0:d3:ae:af:33:1e:15:38:1d:2f:aa:28:
                        f2:99:f1:43:99:6f:ef:0c:61:50:d3:30:5c:97:1f:
                        71:e7:c8:a8:13:bd:d6:52:b0:6a:32:fd:30:08:8e:
                        a0:77:1f:2b:92:8d:28:7c:a8:c2:3a:91:f8:a3:14:
                        52:1a:6c:e3:1d:25:96:4a:9c:29:99:45:9e:13:2e:
                        cb:66:e1:24:32:03:ff:ac:53:d3:b0:ba:7f:31:87:
                        ed:ed:2d:cb:e1:16:54:ac:fb:cc:6d:26:4f:87:a4:
                        ca:06:61:ba:c4:a4:60:e0:29:ee:ad:05:48:f7:51:
                        d4:ac:01:fd:9e:57:95:48:e6:ad:fb:ec:7e:64:99:
                        d6:45:d6:8a:f2:5c:86:fe:dc:c4:ac:2e:d1:cf:5f:
                        44:63:f9:1c:74:8a:98:99:fc:ca:5e:46:84:5b:7e:
                        47:04:e5:0b:53:ba:e7:6b:09:ca:54:b2:7a:68:78:
                        e9:48:0d:78:a9:fd:6e:20:66:28:ed:e6:82:d2:dd:
                        9c:04:f5:b5:8f:d9:28:60:72:a9:14:66:ce:c5:dc:
                        2d:00:8f:e4:77:4a:03:0c:e3:3f:f2:ef:7f:49:38:
                        47:26:e6:62:46:35:e1:2f:71:9c:3a:ce:a2:39:0d:
                        f3:28:3d:99:9d:dd:ce:eb:d9:65:1c:6f:e8:43:14:
                        fd:37:bc:e8:7f:45:73:20:62:5f:b2:05:47:9b:17:
                        a4:c4:e2:b7:44:fa:5c:e5:e6:85:42:c0:f7:32:a5:
                        1e:51:19:d7:70:80:4a:30:b5:9c:c7:35:ad:67:81:
                        e8:72:85:24:14:bf:02:0d:36:8a:de:68:9d:ba:af:
                        90:8b:1b:6d:0a:99:c9:3c:15:4f:4c:87:fc:26:19:
                        3b:56:25:34:8b:c3:ca:f9:98:48:d9:b4:6a:f8:19:
                        e6:90:b3:74:17:37:5a:55:fe:a2:c5:46:b9:63:1d:
                        8a:54:7d:de:43:41:23:f3:10:46:bf:97:0e:70:c2:
                        5d:e0:1b:dd:ce:37:b8:16:98:bd:e6:29:6a:45:03:
                        c4:94:01:40:34:af:4e:60:08:15:ff:06:a5:fc:90:
                        16:02:ce:3b:6d:02:67:de:4b:5a:0a:ff:e0:f1:f6:
                        0b:d0:4f:87:a8:5c:88:46:d9:82:89:b1:9a:e6:32:
                        dc:f6:7b
                    Exponent: 65537 (0x10001)
        Signature Algorithm: null
             4a:f1:df:6a:42:ea:8f:78:c4:8a:9a:cc:a0:c0:24:59:de:be:
             84:23:ba:98:da:5b:b5:9c:77:e4:1c:04:3f:ec:67:96:65:7e:
             6b:ff:30:f7:83:68:ee:28:1a:c2:87:1c:f7:9c:52:88:f0:cd:
             88:37:1f:e0:4d:2e:78:e0:f6:6e:c8:5b:0a:9d:6b:1b:95:2d:
             db:7e:e6:c0:b7:28:51:e5:32:d7:30:e3:65:31:e9:77:ca:19:
             e7:03:1e:2b:09:74:49:28:3f:fa:4f:73:07:1f:2f:bb:5e:65:
             bb:77:77:0b:54:87:d8:75:74:e7:0d:15:fb:25:a8:c3:7b:99:
             19:83:4d:66:48:a3:39:dc:40:29:80:53:a4:ca:ad:e6:69:1a:
             a7:8d:f2:c4:c8:ca:3b:ca:5f:25:c5:8c:c8:4f:78:fd:13:38:
             57:c8:29:a5:02:1d:bc:a2:65:ef:db:44:41:29:eb:b1:b6:5c:
             dc:5d:24:c0:25:63:8d:3b:45:c4:32:a0:01:a7:6c:52:1f:fd:
             60:42:89:1f:18:fb:fa:67:8d:ce:67:d5:67:3c:51:75:d6:e8:
             45:66:39:b7:dd:36:46:3f:17:8c:39:48:f4:52:b6:19:fa:da:
             6b:23:ef:26:a2:02:26:50:db:55:30:97:4c:db:f8:0c:6f:cf:
             64:92:e9:fe:8d:3c:31:22:9e:fc:96:20:0a:38:3d:7d:29:de:
             e8:e5:e4:ea:d8:74:d0:9e:eb:fd:9c:7e:de:4b:ef:75:f5:98:
             0b:01:02:d9:26:31:79:d5:00:29:ba:70:83:ef:e1:2d:e3:61:
             45:ef:a6:77:ce:60:50:a6:af:dd:4b:a6:2a:f9:9a:e0:f3:5e:
             3b:57:bd:75:14:0a:9d:07:a7:b3:8d:af:e6:37:04:8e:42:f9:
             9f:b2:8a:af:57:1f:2e:7a:8e:ff:da:cf:f8:7f:f2:ca:04:07:
             e8:39:ed:4a:dd:29:e0:d6:ad:25:1b:3a:6f:39:54:bc:a6:89:
             a7:60:81:7f:99:83:1c:43:a8:25:c4:50:f0:45:aa:02:f0:3d:
             ee:45:30:b6:b4:ee:55:12:9e:7d:85:d2:c2:bd:61:57:44:e4:
             78:97:7a:88:fe:58:4f:96:99:19:44:33:76:56:ba:3a:83:87:
             c0:09:81:a0:e2:a7:98:65:b4:2c:56:5d:31:01:48:b5:78:80:
             70:4a:72:98:41:6e:47:fa:5c:1c:ca:e5:03:ae:65:d7:c2:0b:
             a5:89:1c:0d:8c:7a:c8:b7:c9:90:5b:6c:ee:53:c3:bb:cf:08:
             f7:50:f7:ba:63:d0:9d:d3:c3:56:15:44:f1:cc:78:92:89:c8:
             5f:7c:ef:f1:17:04:9a:4a

[kares]

Thanks Chris, will try to test with JRuby's suite and prepare for a release. In case I forgot just //cc me ...