On August 17, 2012 11:00 , Phil Pishioneri <p...@psu.edu> wrote: > Starting with version 1 of openssl, it uses a different algorithm to > compute the hash. You can get the old and new values from it: > > pgp$ /opt/local/bin/openssl x509 -subject_hash -subject_hash_old > -noout -in umwebCA.pem > 5cc1e784 > 4700e8dd
D'oh! Thanks, Phil, I think you've hit the nail on the head. I had no idea that OpenSSL had changed their hash algorithm. Shawn, what version of the OpenSSL libraries are your installations of mod_cosign and mod_ssl linked against? And is this from the same version of OpenSSL that the "openssl" executable is from? [root@minos certs]# ldd /usr/lib64/httpd/modules/mod_cosign.so | grep ssl libssl.so.10 => /usr/lib64/libssl.so.10 (0x00007f7910dd4000) [root@minos certs]# ldd /usr/lib64/httpd/modules/mod_ssl.so | grep ssl libssl.so.10 => /usr/lib64/libssl.so.10 (0x00007f6e0e383000) [root@minos certs]# rpm -q -f /usr/lib64/libssl.so.10 openssl-1.0.0-20.el6_2.5.x86_64 [root@minos certs]# openssl version OpenSSL 1.0.0-fips 29 Mar 2010 [root@minos certs]# If all three use the same OpenSSL version and you still have a problem, then the hash symlink is not the problem and we'll have to look elsewhere. On the other hand, if you are using one version of OpenSSL for either mod_cosign or mod_ssl and a different version of OpenSSL for the "openssl" executable, then the problem is definitely the hash symlink and you should probably use the same version of OpenSSL from the command line that you're using to compile mod_cosign. -- Mark Montague m...@catseye.org ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ _______________________________________________ Cosign-discuss mailing list Cosign-discuss@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/cosign-discuss