issue with X509_issuer_and_serial_hash returning different values under OpenSSL 3

adv2011 at rustichelli.net adv2011 at rustichelli.net
Wed Mar 8 18:58:16 UTC 2023


Thank you Viktor and Matt, now the cause is obvious, at least for a 
first part.

On 3/8/23 18:14, Viktor Dukhovni wrote:
> On Wed, Mar 08, 2023 at 11:36:37AM +0000, Matt Caswell wrote:
>
>> IIRC, I think the format of the output from X509_NAME_oneline may have
>> changed subtly from 1.0.2 to 3.0 (although I don't think it did between
>> 1.1.1 and 3.0??).
> Correct, the hash computation changed between 1.0.2 and 1.1.0 and not since.
> I get the same hashes for all 137 CA certs in the FreeBSD cert bundle
> using either 1.1.1t or 3.2-dev.  There should be no changes between
> 1.1.1 and 3.0.
>
> If there is a certificate that shows different output for:
>
>      $ /openssl-1.1.1-path/bin/openssl x509 -noout -subject_hash -in certfile.pem
>      $ /openssl-3.0-path/bin/openssl x509 -noout -subject_hash -in certfile.pem
>
> the OP is invited to post the certificate in question.
>



More information about the openssl-users mailing list