Fixed issue with the Paddle Classic Signature Verifier

[deanpcmad]

On newer versions of OpenSSL, the original code fails with a OpenSSL::PKey::PKeyError: EVP_DigestVerifyInit: invalid digest error. This PR updates it so it uses the new style of verification.

[excid3]

Their docs still show using:

digest    = OpenSSL::Digest::SHA1.new
pub_key   = OpenSSL::PKey::RSA.new(public_key).public_key
verified  = pub_key.verify(digest, signature, data_serialized)

This doesn't work anymore? Do you know what the change in OpenSSL was?

If we know which version of OpenSSL is different, we can check the version number instead of using rescues.

[deanpcmad]

I believe since OpenSSL 3.0 because they removed support for SHA1

[excid3]

Does the new version work with an older OpenSSL? If so we could just use that across both versions.

[deanpcmad]

My update should work with both because it tries the older version first

[excid3]

Right, but I'd like to have a single path if we can.

[deanpcmad]

Well I'm unsure on the best way then, because it depends on the version of OpenSSL that someone would have installed. Most systems would have higher than v3 so we could remove the initial check and just use the updated version?

[excid3]

You should be able to write a test for each version and see if the new code works for both.