Going from OpenSSL 0.9.8n to 1.0.0, OpenSSL changed the algorithm for the
certificate subject/issuer hash. See
http://www.openssl.org/news/changelog.html
>
> The best thing to do is:
>
> 1. Make sure that mod_cosign is compiled to use the same version of
> OpenSSL that Apache HTTP Server is using. If not, recompile it. Then,
>
> 2. Regenerate all of the hash symlinks. If mod_cosign and Apache HTTP
> Server are using a version of OpenSSL that uses the old hash algorithms,
> then either use the command-line "openssl" utililty from that same version,
> or, if you use a newer version, you can use the -subject_hash_old and
> -issuer_hash_old options to the "openssl x.509" command to get the correct
> hashes.
>
mod_cosign and mod_ssl are compiled against the same version of openssl
/usr/lib/libssl.0.9.8.dylib (compatibility version 0.9.8, current version
47.0.0)
/usr/lib/libcrypto.0.9.8.dylib (compatibility version 0.9.8, current
version 47.0.0)
but the c_rehash in my path seems to be from macports. I tried the on in
/usr/bin, but got the same has values. :p
I'll try the command line options.
Liam
------------------------------------------------------------------------------
Everyone hates slow websites. So do we.
Make your web apps faster with AppDynamics
Download AppDynamics Lite for free today:
http://p.sf.net/sfu/appdyn_d2d_feb
_______________________________________________
Cosign-discuss mailing list
Cosign-discuss@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/cosign-discuss
