Staff Software Engineer

Residency Update

Welcome to my update as Ruby Central’s security engineer in residence, sponsored by AWS.

My goal is to write a short update every week, chronicling what I’ve been working on, and reminding myself that I was, in fact, productive.

This week I spent a bunch of time refactoring the Sigstore implementation, and banged my head against timestamping verification, which is mostly implemented but not yet working.


Discovered some more jruby issues

made a PR to ruby/openssl to add tbs certificate support

significantly refactored the usage of x509 extensions to properly parse them, vs using only debug strings

started preparations for donating the implementation to the sigstore org

fixed tbs der implementation to work on linux by directly manipulating ASN.1

fixed support for running on ruby 3.0

started work on timestamp verification, but it’s not working yet because of some issues with the ruby openssl bindings


Finished support for running on jruby

also got truffleruby working