diff options
author | Dr. Stephen Henson <steve@openssl.org> | 2010-01-12 17:29:34 +0000 |
---|---|---|
committer | Dr. Stephen Henson <steve@openssl.org> | 2010-01-12 17:29:34 +0000 |
commit | 0e0c6821fab18a7d180d3c8dfe18e34fdd2afc54 (patch) | |
tree | ee03d9c49d86abec367ce5f68242900a72d17168 /doc | |
parent | 423c66f10e3762643020601bf76cec3309f1474d (diff) |
PR: 2136
Submitted by: Willy Weisz <weisz@vcpc.univie.ac.at>
Add options to output hash using older algorithm compatible with OpenSSL
versions before 1.0.0
Diffstat (limited to 'doc')
-rw-r--r-- | doc/apps/x509.pod | 16 |
1 files changed, 16 insertions, 0 deletions
diff --git a/doc/apps/x509.pod b/doc/apps/x509.pod index 09aaed421e..3002b08123 100644 --- a/doc/apps/x509.pod +++ b/doc/apps/x509.pod @@ -158,6 +158,16 @@ outputs the "hash" of the certificate issuer name. synonym for "-subject_hash" for backward compatibility reasons. +=item B<-subject_hash_old> + +outputs the "hash" of the certificate subject name using the older algorithm +as used by OpenSSL versions before 1.0.0. + +=item B<-issuer_hash_old> + +outputs the "hash" of the certificate issuer name using the older algorithm +as used by OpenSSL versions before 1.0.0. + =item B<-subject> outputs the subject name. @@ -837,4 +847,10 @@ L<x509v3_config(5)|x509v3_config(5)> Before OpenSSL 0.9.8, the default digest for RSA keys was MD5. +The hash algorithm used in the B<-subject_hash> and B<-issuer_hash> options +before OpenSSL 1.0.0 was based on the deprecated MD5 algorithm and the encoding +of the distinguished name. In OpenSSL 1.0.0 and later it is based on a +canonical version of the DN using SHA1. This means that any directories using +the old form must have their links rebuilt using B<c_rehash> or similar. + =cut |