* ext/openssl/ossl_x509name.c: Add X509::Name#hash_old as a wrapper

for X509_NAME_hash_old in OpenSSL 1.0.0. See #4805 * test/openssl/test_x509name.rb (test_hash): Make test pass with OpenSSL 1.0.0. * NEWS: Add it. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@32213 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2011-06-23 13:51:55 +00:00 · 2011-06-23 13:51:55 +00:00 · bf2e60cda7
--- a/10
+++ b/10
@ -1,3 +1,13 @@
+Thu Jun 23 22:46:57 2011  Hiroshi Nakamura  <nahi@ruby-lang.org>
+
+	* ext/openssl/ossl_x509name.c: Add X509::Name#hash_old as a wrapper
+	  for X509_NAME_hash_old in OpenSSL 1.0.0. See #4805
+
+	* test/openssl/test_x509name.rb (test_hash): Make test pass with
+	  OpenSSL 1.0.0.
+
+	* NEWS: Add it.
+
 Thu Jun 23 19:30:53 2011  Hiroshi Nakamura  <nahi@ruby-lang.org>

 	* ext/openssl/ossl_ssl_session.c (ossl_ssl_session_set_time): Check
--- a/3
+++ b/3
@ -177,6 +177,9 @@ with all sufficient information, see the ChangeLog file.
  * OpenSSL::PKey.read( file | string [, pwd] ) allows to read arbitrary
    public/private keys in DER-/PEM-encoded form with an optional password
    for encrypted PEM encodings.
+  * Add new method OpenSSL::X509::Name#hash_old as a wrapper of
+    X509_NAME_hash_old() defined from OpenSSL 1.0.0. It returns OpenSSL 0.9.8
+    compatible hash value.

 * optparse
  * support for bash/zsh completion.
--- a/ext/openssl/extconf.rb
+++ b/ext/openssl/extconf.rb
@ -94,6 +94,7 @@ have_func("X509_CRL_add0_revoked")
 have_func("X509_CRL_set_issuer_name")
 have_func("X509_CRL_set_version")
 have_func("X509_CRL_sort")
+have_func("X509_NAME_hash_old")
 have_func("X509_STORE_get_ex_data")
 have_func("X509_STORE_set_ex_data")
 have_func("OBJ_NAME_do_all_sorted")
--- a/ext/openssl/ossl_x509name.c
+++ b/ext/openssl/ossl_x509name.c
@ -317,6 +317,27 @@ ossl_x509name_hash(VALUE self)
    return ULONG2NUM(hash);
 }

+#ifdef HAVE_X509_NAME_HASH_OLD
+/*
+ * call-seq:
+ *    name.hash_old => integer
+ *
+ * hash_old returns MD5 based hash used in OpenSSL 0.9.X.
+ */
+static VALUE
+ossl_x509name_hash_old(VALUE self)
+{
+    X509_NAME *name;
+    unsigned long hash;
+
+    GetX509Name(self, name);
+
+    hash = X509_NAME_hash_old(name);
+
+    return ULONG2NUM(hash);
+}
+#endif
+
 /*
 * call-seq:
 *    name.to_der => string
@ -364,6 +385,9 @@ Init_ossl_x509name()
    rb_define_alias(cX509Name, "<=>", "cmp");
    rb_define_method(cX509Name, "eql?", ossl_x509name_eql, 1);
    rb_define_method(cX509Name, "hash", ossl_x509name_hash, 0);
+#ifdef HAVE_X509_NAME_HASH_OLD
+    rb_define_method(cX509Name, "hash_old", ossl_x509name_hash_old, 0);
+#endif
    rb_define_method(cX509Name, "to_der", ossl_x509name_to_der, 0);

    utf8str = INT2NUM(V_ASN1_UTF8STRING);
--- a/test/openssl/test_x509name.rb
+++ b/test/openssl/test_x509name.rb
@ -271,6 +271,26 @@ class OpenSSL::TestX509Name < Test::Unit::TestCase

    assert_equal -1, n1 <=> n2
  end
+
+  def name_hash(name)
+    # OpenSSL 1.0.0 uses SHA1 for canonical encoding (not just a der) of
+    # X509Name for X509_NAME_hash.
+    name.respond_to?(:hash_old) ? name.hash_old : name.hash
+  end
+
+  def test_hash
+    dn = "/DC=org/DC=ruby-lang/CN=www.ruby-lang.org"
+    name = OpenSSL::X509::Name.parse(dn)
+    d = Digest::MD5.digest(name.to_der)
+    expected = (d[0].ord & 0xff) | (d[1].ord & 0xff) << 8 | (d[2].ord & 0xff) << 16 | (d[3].ord & 0xff) << 24
+    assert_equal(expected, name_hash(name))
+    #
+    dn = "/DC=org/DC=ruby-lang/CN=baz.ruby-lang.org"
+    name = OpenSSL::X509::Name.parse(dn)
+    d = Digest::MD5.digest(name.to_der)
+    expected = (d[0].ord & 0xff) | (d[1].ord & 0xff) << 8 | (d[2].ord & 0xff) << 16 | (d[3].ord & 0xff) << 24
+    assert_equal(expected, name_hash(name))
+  end
 end

 end