* ext/openssl/ossl_x509name.c: Add X509::Name#hash_old as a wrapper

  for X509_NAME_hash_old in OpenSSL 1.0.0. See #4805

* test/openssl/test_x509name.rb (test_hash): Make test pass with
  OpenSSL 1.0.0. 

* NEWS: Add it.


git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@32213 b2dd03c8-39d4-4d8f-98ff-823fe69b080e

5 files changed, 58 insertions, 0 deletions

diff --git a/ChangeLog b/ChangeLog
index 97ba243664..4848f6b9b7 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,13 @@
+Thu Jun 23 22:46:57 2011  Hiroshi Nakamura  <nahi@ruby-lang.org>
+
+	* ext/openssl/ossl_x509name.c: Add X509::Name#hash_old as a wrapper
+	  for X509_NAME_hash_old in OpenSSL 1.0.0. See #4805
+
+	* test/openssl/test_x509name.rb (test_hash): Make test pass with
+	  OpenSSL 1.0.0.
+
+	* NEWS: Add it.
+
 Thu Jun 23 19:30:53 2011  Hiroshi Nakamura  <nahi@ruby-lang.org>
 
 	* ext/openssl/ossl_ssl_session.c (ossl_ssl_session_set_time): Check
diff --git a/NEWS b/NEWS
index cf251786d3..8817111dea 100644
--- a/NEWS
+++ b/NEWS
@@ -177,6 +177,9 @@ with all sufficient information, see the ChangeLog file.
   * OpenSSL::PKey.read( file | string [, pwd] ) allows to read arbitrary
     public/private keys in DER-/PEM-encoded form with an optional password
     for encrypted PEM encodings.
+  * Add new method OpenSSL::X509::Name#hash_old as a wrapper of
+    X509_NAME_hash_old() defined from OpenSSL 1.0.0. It returns OpenSSL 0.9.8
+    compatible hash value.
 
 * optparse
   * support for bash/zsh completion.
diff --git a/ext/openssl/extconf.rb b/ext/openssl/extconf.rb
index 1bd5a0741c..d38af40b36 100644
--- a/ext/openssl/extconf.rb
+++ b/ext/openssl/extconf.rb
@@ -94,6 +94,7 @@ have_func("X509_CRL_add0_revoked")
 have_func("X509_CRL_set_issuer_name")
 have_func("X509_CRL_set_version")
 have_func("X509_CRL_sort")
+have_func("X509_NAME_hash_old")
 have_func("X509_STORE_get_ex_data")
 have_func("X509_STORE_set_ex_data")
 have_func("OBJ_NAME_do_all_sorted")
diff --git a/ext/openssl/ossl_x509name.c b/ext/openssl/ossl_x509name.c
index b75ae398cc..13e18eecf1 100644
--- a/ext/openssl/ossl_x509name.c
+++ b/ext/openssl/ossl_x509name.c
@@ -317,6 +317,27 @@ ossl_x509name_hash(VALUE self)
     return ULONG2NUM(hash);
 }
 
+#ifdef HAVE_X509_NAME_HASH_OLD
+/*
+ * call-seq:
+ *    name.hash_old => integer
+ *
+ * hash_old returns MD5 based hash used in OpenSSL 0.9.X.
+ */
+static VALUE
+ossl_x509name_hash_old(VALUE self)
+{
+    X509_NAME *name;
+    unsigned long hash;
+
+    GetX509Name(self, name);
+
+    hash = X509_NAME_hash_old(name);
+
+    return ULONG2NUM(hash);
+}
+#endif
+
 /*
  * call-seq:
  *    name.to_der => string
@@ -364,6 +385,9 @@ Init_ossl_x509name()
     rb_define_alias(cX509Name, "<=>", "cmp");
     rb_define_method(cX509Name, "eql?", ossl_x509name_eql, 1);
     rb_define_method(cX509Name, "hash", ossl_x509name_hash, 0);
+#ifdef HAVE_X509_NAME_HASH_OLD
+    rb_define_method(cX509Name, "hash_old", ossl_x509name_hash_old, 0);
+#endif
     rb_define_method(cX509Name, "to_der", ossl_x509name_to_der, 0);
 
     utf8str = INT2NUM(V_ASN1_UTF8STRING);
diff --git a/test/openssl/test_x509name.rb b/test/openssl/test_x509name.rb
index ef9925202a..cf5a8b0ab4 100644
--- a/test/openssl/test_x509name.rb
+++ b/test/openssl/test_x509name.rb
@@ -271,6 +271,26 @@ class OpenSSL::TestX509Name < Test::Unit::TestCase
 
     assert_equal -1, n1 <=> n2
   end
+
+  def name_hash(name)
+    # OpenSSL 1.0.0 uses SHA1 for canonical encoding (not just a der) of
+    # X509Name for X509_NAME_hash.
+    name.respond_to?(:hash_old) ? name.hash_old : name.hash
+  end
+
+  def test_hash
+    dn = "/DC=org/DC=ruby-lang/CN=www.ruby-lang.org"
+    name = OpenSSL::X509::Name.parse(dn)
+    d = Digest::MD5.digest(name.to_der)
+    expected = (d[0].ord & 0xff) | (d[1].ord & 0xff) << 8 | (d[2].ord & 0xff) << 16 | (d[3].ord & 0xff) << 24
+    assert_equal(expected, name_hash(name))
+    #
+    dn = "/DC=org/DC=ruby-lang/CN=baz.ruby-lang.org"
+    name = OpenSSL::X509::Name.parse(dn)
+    d = Digest::MD5.digest(name.to_der)
+    expected = (d[0].ord & 0xff) | (d[1].ord & 0xff) << 8 | (d[2].ord & 0xff) << 16 | (d[3].ord & 0xff) << 24
+    assert_equal(expected, name_hash(name))
+  end
 end
 
 end