[Bug 918695] Re: "openssl x509 -hash" gves a wrong result

Steve Beattie sbeattie at ubuntu.com
Thu Jan 19 17:17:24 UTC 2012 

Hi Giacomo,

Ubuntu 11.10 was the first release to include openssl 1.0. With openssl
1.0, upstream changed the hash algorithm used when hashing the subject
of a certificate. You can generate the hash with the old algorithm with
the -subject_hash_old argument to the x509 command; e.g. on Ubuntu
11.10:

  $ /usr/bin/openssl x509 -subject_hash -noout -in /etc/ssl/certs/5ed36f99.0
  99d0fa06
  $ /usr/bin/openssl x509 -subject_hash_old -noout -in /etc/ssl/certs/5ed36f99.0
  5ed36f99

This is mentioned in the x509(1) manpage.

Thanks! Please feel free to report any other issues you find in Ubuntu.

** Visibility changed to: Public

** Changed in: openssl (Ubuntu)
       Status: New => Invalid

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to openssl in Ubuntu.
https://bugs.launchpad.net/bugs/918695

Title:
  "openssl x509 -hash" gves a wrong result

Status in “openssl” package in Ubuntu:
  Invalid

Bug description:
  $uname -a 
  Linux nb2-mariani 3.0.0-14-generic #23-Ubuntu SMP Mon Nov 21 20:28:43 UTC 2011 x86_64 x86_64 x86_64 GNU/Linux
  $ cat /etc/issue
  Ubuntu 11.10 \n \l

  
  $ openssl x509 -text -noout -in 5ed36f99.0 
  Certificate:
      Data:
          Version: 3 (0x2)
          Serial Number: 0 (0x0)
          Signature Algorithm: md5WithRSAEncryption
          Issuer: O=Root CA, OU=http://www.cacert.org, CN=CA Cert Signing Authority/emailAddress=support at cacert.org
          Validity
              Not Before: Mar 30 12:29:49 2003 GMT
              Not After : Mar 29 12:29:49 2033 GMT
          Subject: O=Root CA, OU=http://www.cacert.org, CN=CA Cert Signing Authority/emailAddress=support at cacert.org
          Subject Public Key Info:
              Public Key Algorithm: rsaEncryption
                  Public-Key: (4096 bit)
                  Modulus:
                      00:ce:22:c0:e2:46:7d:ec:36:28:07:50:96:f2:a0:
                      33:40:8c:4b:f1:3b:66:3f:31:e5:6b:02:36:db:d6:
                      7c:f6:f1:88:8f:4e:77:36:05:41:95:f9:09:f0:12:
  [...]

  
  $ ~/.globusonline/globusconnect/gt_amd64/bin/openssl x509 -hash -noout -in 5ed36f99.0 
  5ed36f99

  $ /usr/bin/openssl x509 -hash -noout -in 5ed36f99.0 
  99d0fa06

  The same hash,  5ed36f99, is obtained on other machines with debian and red hat.
  The same wrong one is obtained also in ubunto 11.10.

  Thanks.
     Giacomo

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/918695/+subscriptions

More information about the foundations-bugs mailing list