From: Martin Bosslet Date: 2011-06-09T06:14:51+09:00 Subject: [ruby-core:36861] [Ruby 1.9 - Feature #4805] Add X509::Name#hash_old for 0.9.X compat Issue #4805 has been updated by Martin Bosslet. Assignee changed from Martin Bosslet to Hiroshi NAKAMURA Hi Hiroshi, sorry for taking some time to answer, I was on vacation last week... I think your patch is good! But there is one thing I don't like about OpenSSL itself here - why do they hardcode the digest algorithm in the first place? There are situations where neither MD5 nor SHA-1 fits, OCSP requests are a good example: The requested CertID is defined as CertID ::= SEQUENCE { hashAlgorithm AlgorithmIdentifier, issuerNameHash OCTET STRING, -- Hash of Issuer's DN issuerKeyHash OCTET STRING, -- Hash of Issuers public key serialNumber CertificateSerialNumber } This implies trouble for any SHA-2 family "hashAlgorithm". In addition to applying your patch I'd favor a Name#hash implementation that takes an optional OpenSSL::Digest that specifies the hash algorithm to be used. This would of course mean that we would have to implement the functionality of X509_name_hash on our own. What do you think - would the benefit of a cleaner solution outweigh the (partial) code duplication? Regards, Martin ---------------------------------------- Feature #4805: Add X509::Name#hash_old for 0.9.X compat http://redmine.ruby-lang.org/issues/4805 Author: Hiroshi NAKAMURA Status: Open Priority: Normal Assignee: Hiroshi NAKAMURA Category: ext Target version: 1.9.3 X509::Name#hash with OpenSSL 1.0.0 returns different value than with OpenSSL 0.9.X. Attached patch adds X509::Name#hash_old when you need MD5 based same X509_NAME_hash value as OpenSSL 0.9.X. Martin, how do you think about adding it? -- http://redmine.ruby-lang.org