[openssl.org #2854] [PATCH] Add display of old-style issuer hash to crl

Fri, 27 Jul 2012 06:54:41 -0700 

Inspired by the good work of Willy Weisz to add old-style 
compatibility
hashes to x509, I set out to do the same for crl.

This enhancement request shares the motivation of Weisz's code 
(mainlined
via PR-2136). Namely, to permit users to generate and display 
issuer name
hashes compatible with 0.9.x.

The attached patch modifies crl.c and crl.pod and applies cleanly 
to 1.0.1c.

Please consider its inclusion.

Best,
mancha

Add a flag to crl to generate legacy hashes as used by OpenSSL pre-1.0.
  -mancha

===============

--- a/apps/crl.c			2012-07-16
+++ b/apps/crl.c			2012-07-16
@@ -81,6 +81,9 @@ static const char *crl_usage[]={
 " -in arg         - input file - default stdin\n",
 " -out arg        - output file - default stdout\n",
 " -hash           - print hash value\n",
+#ifndef OPENSSL_NO_MD5
+" -hash_old       - print old-style (MD5) hash value\n",
+#endif
 " -fingerprint    - print the crl fingerprint\n",
 " -issuer         - print issuer DN\n",
 " -lastupdate     - lastUpdate field\n",
@@ -108,6 +111,9 @@ int MAIN(int argc, char **argv)
 	int informat,outformat;
 	char *infile=NULL,*outfile=NULL;
 	int hash=0,issuer=0,lastupdate=0,nextupdate=0,noout=0,text=0;
+#ifndef OPENSSL_NO_MD5
+	int hash_old=0;
+#endif
 	int fingerprint = 0, crlnumber = 0;
 	const char **pp;
 	X509_STORE *store = NULL;
@@ -192,6 +198,10 @@ int MAIN(int argc, char **argv)
 			text = 1;
 		else if (strcmp(*argv,"-hash") == 0)
 			hash= ++num;
+#ifndef OPENSSL_NO_MD5
+		else if (strcmp(*argv,"-hash_old") == 0)
+			hash_old= ++num;
+#endif
 		else if (strcmp(*argv,"-nameopt") == 0)
 			{
 			if (--argc < 1) goto bad;
@@ -304,6 +314,13 @@ bad:
 				BIO_printf(bio_out,"%08lx\n",
 					X509_NAME_hash(X509_CRL_get_issuer(x)));
 				}
+#ifndef OPENSSL_NO_MD5
+			if (hash_old == i)
+				{
+				BIO_printf(bio_out,"%08lx\n",
+					X509_NAME_hash_old(X509_CRL_get_issuer(x)));
+				}
+#endif
 			if (lastupdate == i)
 				{
 				BIO_printf(bio_out,"lastUpdate=");
--- a/doc/apps/crl.pod			2012-07-16
+++ b/doc/apps/crl.pod			2012-07-16
@@ -14,6 +14,7 @@
 [B<-out filename>]
 [B<-noout>]
 [B<-hash>]
+[B<-hash_old>]
 [B<-issuer>]
 [B<-lastupdate>]
 [B<-nextupdate>]
@@ -62,6 +63,11 @@
 output a hash of the issuer name. This can be use to lookup CRLs in
 a directory by issuer name.
 
+=item B<-hash_old>
+
+output a hash of the issuer name using the old algorithm as used by
+OpenSSL prior to version 1.0.0.
+
 =item B<-issuer>
 
 output the issuer name.

Reply via email to