Re: issue with X509_issuer_and_serial_hash returning different values under OpenSSL 3

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 




Thank you Viktor and Matt, now the cause is obvious, at least for a first part.

On 3/8/23 18:14, Viktor Dukhovni wrote:
On Wed, Mar 08, 2023 at 11:36:37AM +0000, Matt Caswell wrote:

IIRC, I think the format of the output from X509_NAME_oneline may have
changed subtly from 1.0.2 to 3.0 (although I don't think it did between
1.1.1 and 3.0??).
Correct, the hash computation changed between 1.0.2 and 1.1.0 and not since.
I get the same hashes for all 137 CA certs in the FreeBSD cert bundle
using either 1.1.1t or 3.2-dev.  There should be no changes between
1.1.1 and 3.0.

If there is a certificate that shows different output for:

     $ /openssl-1.1.1-path/bin/openssl x509 -noout -subject_hash -in certfile.pem
     $ /openssl-3.0-path/bin/openssl x509 -noout -subject_hash -in certfile.pem

the OP is invited to post the certificate in question.





[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux