Compare certificates byte-by-byte as DER

This is to accommodate for the concerns raised by @kse-clearhaus in #7 (comment) See also ruby/openssl#158
clearhaus · May 22, 2018 · 76c7555 · 76c7555
1 parent 3dd3367
commit 76c7555
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/lib/pedicel/base.rb b/lib/pedicel/base.rb
@@ -184,7 +184,7 @@ def self.extract_certificates(signature:, config: Pedicel::DEFAULT_CONFIG)
     end
 
     def self.verify_root_certificate(root:, trusted_root:)
-      raise SignatureError, 'root certificate is not trusted' unless root == trusted_root
+      raise SignatureError, 'root certificate is not trusted' unless root.to_der == trusted_root.to_der
 
       true
     end