Issue #4805 has been updated by Martin Bosslet. Assignee changed from Martin Bosslet to Hiroshi NAKAMURA Hiroshi NAKAMURA wrote: > They're using the hash of name for c_rehash. You see files something > like hex encoded in certs dir of OpenSSL; > > d2adc77d.0@ > d537fba6.0@ > d78a75c7.0@ > d8274e24.0@ > ddc328ff.0@ > > (e.g. /etc/ssl/certs/ in Ubuntu) > > For that purpose, algorithm should be fixed so they don't get Digester > as a parameter for X509_NAME_hash and X509_NAME_hash_old I guess. OK, I see, thanks for the info! X509_NAME_hash(_old) has a special meaning internally. I checked, there also exists X509_NAME_digest for the general purpose usage I was thinking of. It's also what they use internally to create the CertIDs in their OCSP implementation. > Besides this, I don't know the reason why they change base digester > from MD5 to SHA1 at the version bump from 0.9.8 to 1.0.0. I could imagine that they changed for some sort of security reasons - a lot of official recommendations/guidelines advise to refrain from using MD5, so it could be a political reason... > I like 'X509::Name#hash' to be a wrapper of 'X509_NAME_hash' and > 'X509::Name#hash_old' is for 'X509::Name::hash_old'. I prefer to have > another name for hashing X509::Name if it's needed. Now that I have a better understanding of the context I completely agree. If we feel the need for a general-purpose method, we could probably also use X509::Name#digest in analogy to OpenSSL. If you'd like me to apply the patch, please feel free to reassign to me! Regards, Martin ---------------------------------------- Feature #4805: Add X509::Name#hash_old for 0.9.X compat http://redmine.ruby-lang.org/issues/4805 Author: Hiroshi NAKAMURA Status: Open Priority: Normal Assignee: Hiroshi NAKAMURA Category: ext Target version: 1.9.3 X509::Name#hash with OpenSSL 1.0.0 returns different value than with OpenSSL 0.9.X. Attached patch adds X509::Name#hash_old when you need MD5 based same X509_NAME_hash value as OpenSSL 0.9.X. Martin, how do you think about adding it? -- http://redmine.ruby-lang.org