On Thu, Jun 12, 2014 at 07:11:24PM +0200, Stephen Henson via RT wrote: > On Thu Jun 12 18:16:55 2014, [email protected] wrote: > > Hi, > > > > The Net-SSLeay perl module failed its testsuite after 1.0.1g -> 1.0.1h > > update. > > > > The code looks like this: > > > > ... create more X509 certificate stuff ... > > is(Net::SSLeay::X509_NAME_print_ex($name), "O=Company > > Name,C=UK,CN=Common name text X509", "X509_NAME_print_ex"); > > is(unpack("H*",Net::SSLeay::X509_NAME_digest($name, $sha1_digest)), > > "044d7ea7fddced7b9b63799600b9989a63b36819", "X509_NAME_digest"); > > > > The sha1 sum of the ASN.1 encoding changed. > > > > The reason for this is commit > > > > git show 3009244da47b989c4cc59ba > > commit 3009244da47b989c4cc59ba02cf81a4e9d8f8431 > > Author: Dr. Stephen Henson <[email protected]> > > Date: Sun Jun 1 15:03:00 2014 +0100 > > > > Set default global mask to UTF8 only. > > > > diff --git a/crypto/asn1/a_strnid.c b/crypto/asn1/a_strnid.c > > index dedc488..8993264 100644 > > --- a/crypto/asn1/a_strnid.c > > +++ b/crypto/asn1/a_strnid.c > > @@ -74,7 +74,7 @@ static int sk_table_cmp(const ASN1_STRING_TABLE * > > const *a, > > * certain software (e.g. Netscape) has problems with them. > > */ > > > > -static unsigned long global_mask = 0xFFFFFFFFL; > > +static unsigned long global_mask = B_ASN1_UTF8STRING; > > > > void ASN1_STRING_set_default_mask(unsigned long mask) > > { > > > > Should this change the above behaviour? > > > > Yes it would change that behaviour. When OpenSSL is asked to construct a DN it > uses various criteria to determine what string types to use. for > DirectoryString. Before that change it was using some ancient rules which > would > use long obsolete type. After that change it is brought up to date. > > Because the string types change that means the encoding and hence the hash > will > change.
Sounds sensible. The ticket could be closed again ;) Ciao, Marcus ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [email protected] Automated List Manager [email protected]
