OpenSSL 1.0.0: New CApath hashes!

| | TrackBacks (0)
A real case of RTFM of OpenSSL ...

After un upgrade of OpenSSL to Version 1.0.0 (from 0.9.8) the certificate authority chain of my certificate did not show up any more (was not given by the TLS server). A look in the OpenSSL manual could have helped to save 20 minutes of error searching :)

A

for i in *.pem; do ln -s $i `openssl x509 -noout -subject_hash -in $i`.0; done

was enough to restore the hash index links for my CA certs (the files did not have any whitespace or punctuation marks in their filename so $i was enough).

The manual states:

-subject_hash
outputs the ``hash'' of the certificate subject name. This is used in OpenSSL to form an index to allow certificates in a directory to be lookedup by subject name.

-subject_hash_old
outputs the ``hash'' of the certificate subject name using the olde ralgorithm as used by OpenSSL versions before 1.0.0.

0 TrackBacks

Listed below are links to blogs that reference this entry: OpenSSL 1.0.0: New CApath hashes!.

TrackBack URL for this entry: http://southbrain.com/mt/mt-tb.cgi/201

December 2015

Sun Mon Tue Wed Thu Fri Sat
    1 2 3 4 5
6 7 8 9 10 11 12
13 14 15 16 17 18 19
20 21 22 23 24 25 26
27 28 29 30 31    

About

This blog is owned by:

Pascal Gienger
J├Ągerstrasse 77
8406 Winterthur
Switzerland


Google+: Profile
YouTube Channel: pascalgienger