On Thu Jun 12 18:16:55 2014, [email protected] wrote: > Hi, > > The Net-SSLeay perl module failed its testsuite after 1.0.1g -> 1.0.1h > update. > > The code looks like this: > > ... create more X509 certificate stuff ... > is(Net::SSLeay::X509_NAME_print_ex($name), "O=Company > Name,C=UK,CN=Common name text X509", "X509_NAME_print_ex"); > is(unpack("H*",Net::SSLeay::X509_NAME_digest($name, $sha1_digest)), > "044d7ea7fddced7b9b63799600b9989a63b36819", "X509_NAME_digest"); > > The sha1 sum of the ASN.1 encoding changed. > > The reason for this is commit > > git show 3009244da47b989c4cc59ba > commit 3009244da47b989c4cc59ba02cf81a4e9d8f8431 > Author: Dr. Stephen Henson <[email protected]> > Date: Sun Jun 1 15:03:00 2014 +0100 > > Set default global mask to UTF8 only. > > diff --git a/crypto/asn1/a_strnid.c b/crypto/asn1/a_strnid.c > index dedc488..8993264 100644 > --- a/crypto/asn1/a_strnid.c > +++ b/crypto/asn1/a_strnid.c > @@ -74,7 +74,7 @@ static int sk_table_cmp(const ASN1_STRING_TABLE * > const *a, > * certain software (e.g. Netscape) has problems with them. > */ > > -static unsigned long global_mask = 0xFFFFFFFFL; > +static unsigned long global_mask = B_ASN1_UTF8STRING; > > void ASN1_STRING_set_default_mask(unsigned long mask) > { > > Should this change the above behaviour? >
Yes it would change that behaviour. When OpenSSL is asked to construct a DN it uses various criteria to determine what string types to use. for DirectoryString. Before that change it was using some ancient rules which would use long obsolete type. After that change it is brought up to date. Because the string types change that means the encoding and hence the hash will change. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [email protected] Automated List Manager [email protected]
