New submission from Bernhard Herzog <bh at intevation.de>:
There's a difference in the issuer name hashes generated by openssl and
aegypten. The openssl text output for an ocsp request generated by aegypten:
Version: 1 (0x0)
Requestor List:
Certificate ID:
Hash Algorithm: sha1
Issuer Name Hash: 7D597949BA828A1B504AFB6096539D8975674786
Issuer Key Hash: 87DEBA43AED7FEA2362719F6E6538C8939EFA2F8
Serial Number: 14
and generated by openssl:
Version: 1 (0x0)
Requestor List:
Certificate ID:
Hash Algorithm: sha1
Issuer Name Hash: EB315FDF5D627BDB7ACB6DD728FD5B5AF8B5032B
Issuer Key Hash: 87DEBA43AED7FEA2362719F6E6538C8939EFA2F8
Serial Number: 14
Both are for the same certificate issued by testZS5. Note that the key hash and
the serial number are the same in both cases but the name hash differs.
Interestingly, the name hash of the request generated by dirmngr can be found in
a a request generated by openssl for the testZS5 ca cert which was issued by
WurzelZS3:
Version: 1 (0x0)
Requestor List:
Certificate ID:
Hash Algorithm: sha1
Issuer Name Hash: 7D597949BA828A1B504AFB6096539D8975674786
Issuer Key Hash: A0D6957DB6577AA9FF2DF59CA411BA9F07EF09CF
Serial Number: 02
----------
assignedto: werner
messages: 957
nosy: bh, werner
priority: bug
status: unread
title: wrong issuer name hash in OCSP request
topic: DirMngr
______________________________________________________
Aegypten issue tracker <aegypten-issues at intevation.de>
<https://intevation.de/roundup/aegypten/issue196>
______________________________________________________