[openssl-dev] [openssl.org #4529] Output of -hash option incompatible 64-bit Linux vs 32-bit Linux
Stephen Henson via RT
rt at openssl.org
Mon May 2 19:13:25 UTC 2016
On Mon May 02 19:00:03 2016, John.Withers at irs.gov wrote:
>
> I successfully built and deployed to a 64-bit RHEL 5.11 server (using
> a local installation path) and was able to configure the issuer
> certificate cache for my applications. I built a separate package for
> 32-bit RHEL 5.11 (again, using a local installation path). After
> installation, I observed that the -hash option of the openssl command
> (and hence the c_rehash utility) computed incorrect subject hashes for
> the issuer certificates in the cache. Identical certificates from the
> 64-bit installation were installed but the hash values were different.
> Tracing the operation of the s_client module with strace indicated
> that the hash values computed internally matched the hash values
> produced on the 64-bit system. I replicated the symbolic links for
> the issuer certificates from the 64-bit system to the 32-bit system
> and the certificates presented by the remote server for my application
> were verified.
>
That shouldn't happen: the alrgorithms used are independent of the platform so
whether it is 32 or 64 bits or a completely different OS shouldn't matter.
Is it possible you were accidentally using OpenSSL 0.9.8 (maybe the system
version) at some point? The hash algorithm used is different between 0.9.8 and
1.0.0+
Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
--
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4529
Please log in as guest with password guest if prompted
More information about the openssl-dev
mailing list