There are many symbolic links under /etc/ssl/certs created by using hash of
the pem certificates in order for OpenSSL to find those certificate.
Openssl has a tool to help you create hash symbolic links. (See tools/c_rehash)
However the new openssl changed the hash algorithm, Unless you compile/install
the latest openssl library and re-create all related symbolic links, the new
openssl can not find some certificates because the links of those certificates
were created by using old hash algorithm, which causes some tests failed.
This patch gives a way to find a certificate according to its hash by using both
new algorithm and old algorithm.
crbug.com/111045 is used to track this issue.
This patch is taken from the Chromium project.
int ok=0;
int i,j,k;
unsigned long h;
+ unsigned long hash_array[2];
+ int hash_index;
BUF_MEM *b=NULL;
X509_OBJECT stmp,*tmp;
const char *postfix="";
ctx=(BY_DIR *)xl->method_data;
h=X509_NAME_hash(name);
+ hash_array[0]=h;
+ hash_array[1]=X509_NAME_hash_old(name);
+ for (hash_index=0; hash_index < 2; hash_index++)
+ {
+ h=hash_array[hash_index];
for (i=0; i < sk_BY_DIR_ENTRY_num(ctx->dirs); i++)
{
BY_DIR_ENTRY *ent;
goto finish;
}
}
+ }
finish:
if (b != NULL) BUF_MEM_free(b);
return(ok);