From c23ac14cba2df76fa049f1d1304bf7863ed24b08 Mon Sep 17 00:00:00 2001 From: Bert Belder Date: Tue, 11 Sep 2012 19:06:07 +0200 Subject: [PATCH] openssl: backward compatibility after x509 hash function change There are many symbolic links under /etc/ssl/certs created by using hash of the pem certificates in order for OpenSSL to find those certificate. Openssl has a tool to help you create hash symbolic links. (See tools/c_rehash) However the new openssl changed the hash algorithm, Unless you compile/install the latest openssl library and re-create all related symbolic links, the new openssl can not find some certificates because the links of those certificates were created by using old hash algorithm, which causes some tests failed. This patch gives a way to find a certificate according to its hash by using both new algorithm and old algorithm. crbug.com/111045 is used to track this issue. This patch is taken from the Chromium project. --- deps/openssl/openssl/crypto/x509/by_dir.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/deps/openssl/openssl/crypto/x509/by_dir.c b/deps/openssl/openssl/crypto/x509/by_dir.c index 27ca515..03293ac 100644 --- a/deps/openssl/openssl/crypto/x509/by_dir.c +++ b/deps/openssl/openssl/crypto/x509/by_dir.c @@ -287,6 +287,8 @@ static int get_cert_by_subject(X509_LOOKUP *xl, int type, X509_NAME *name, int ok=0; int i,j,k; unsigned long h; + unsigned long hash_array[2]; + int hash_index; BUF_MEM *b=NULL; X509_OBJECT stmp,*tmp; const char *postfix=""; @@ -323,6 +325,11 @@ static int get_cert_by_subject(X509_LOOKUP *xl, int type, X509_NAME *name, ctx=(BY_DIR *)xl->method_data; h=X509_NAME_hash(name); + hash_array[0]=h; + hash_array[1]=X509_NAME_hash_old(name); + for (hash_index=0; hash_index < 2; hash_index++) + { + h=hash_array[hash_index]; for (i=0; i < sk_BY_DIR_ENTRY_num(ctx->dirs); i++) { BY_DIR_ENTRY *ent; @@ -476,6 +483,7 @@ static int get_cert_by_subject(X509_LOOKUP *xl, int type, X509_NAME *name, goto finish; } } + } finish: if (b != NULL) BUF_MEM_free(b); return(ok); -- 2.7.4