commit | 4ac0b38cfc955373a0f0a939b9fb537a07fa8978 | [log] [tgz] |
---|---|---|
author | Adam Langley <agl@chromium.org> | Fri Jun 20 15:25:14 2014 -0700 |
committer | Adam Langley <agl@chromium.org> | Fri Jun 20 15:31:01 2014 -0700 |
tree | d9576d2ab7a52a0fe6c342c23dff3ef0ecff502f | |
parent | 3ffd70ec3692f577a947295152fb041ff4b8607b [diff] |
Try both old and new X.509 hashes. Ensure the library can find the right files under /etc/ssl/certs when running on older systems. There are many symbolic links under /etc/ssl/certs created by using hash of the PEM certificates in order for OpenSSL to find those certificates. Openssl has a tool to help you create hash symbolic links (tools/c_rehash). However newer versions of the library changed the hash algorithm, which makes it unable to run properly on systems that use the old /etc/ssl/certs layout (e.g. Ubuntu Lucid). This patch gives a way to find a certificate according to its hash by using both the old and new algorithms. http://crbug.com/111045 is used to track this issue. (Imported from Chromium: http://src.chromium.org/viewvc/chrome/trunk/deps/third_party/openssl/patches.chromium/0003-x509_hash_name_algorithm_change.patch?revision=231571) Change-Id: Idbc27aba7685c991f8b94cfea38cf4f3f4b38adc