Issue #4805 has been updated by Martin Bosslet.

Assignee changed from Martin Bosslet to Hiroshi NAKAMURA

Hi Hiroshi,

sorry for taking some time to answer, I was on vacation last week...
I think your patch is good! But there is one thing I don't like
about OpenSSL itself here - why do they hardcode the digest algorithm
in the first place?

There are situations where neither MD5 nor SHA-1 fits, OCSP requests
are a good example: The requested CertID is defined as

CertID          ::=     SEQUENCE {
       hashAlgorithm       AlgorithmIdentifier,
       issuerNameHash      OCTET STRING, -- Hash of Issuer's DN
       issuerKeyHash       OCTET STRING, -- Hash of Issuers public key
       serialNumber        CertificateSerialNumber }

This implies trouble for any SHA-2 family "hashAlgorithm". 

In addition to applying your patch I'd favor a Name#hash implementation
that takes an optional OpenSSL::Digest that specifies the hash algorithm 
to be used.
This would of course mean that we would have to implement the functionality
of X509_name_hash on our own. What do you think - would the benefit of a
cleaner solution outweigh the (partial) code duplication?

Regards,
Martin
 
----------------------------------------
Feature #4805: Add X509::Name#hash_old for 0.9.X compat
http://redmine.ruby-lang.org/issues/4805

Author: Hiroshi NAKAMURA
Status: Open
Priority: Normal
Assignee: Hiroshi NAKAMURA
Category: ext
Target version: 1.9.3


X509::Name#hash with OpenSSL 1.0.0 returns different value than with OpenSSL 0.9.X.
Attached patch adds X509::Name#hash_old when you need MD5 based same X509_NAME_hash value as OpenSSL 0.9.X.

Martin, how do you think about adding it?


-- 
http://redmine.ruby-lang.org