[Pkg-openssl-devel] Bug#481944: openssl: x509(1ssl) contains confusing documentation of -hash, -subject_hash, and -issuer_hash

Daniel Kahn Gillmor dkg-debian.org at fifthhorseman.net
Mon May 19 18:05:05 UTC 2008 

Package: openssl
Version: 0.9.8g-10
Severity: normal

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

x509(1ssl) currently contains the following snippets of documentation
about command line options for "openssl x509" :

>       -subject_hash
>           outputs the "hash" of the certificate subject name. This is used in
>           OpenSSL to form an index to allow certificates in a directory to be
>           looked up by subject name.
>
>        -issuer_hash
>            outputs the "hash" of the certificate issuer name.
>
>        -hash
>            synonym for "-hash" for backward compatibility reasons.

The documentation for -hash is startlingly implausible -- what should
it actually mean?  Should it say 'a synonym for "-subject_hash"'?  or
'a synonym for "-issuer_hash"'?

Also, without identifying the hashing function used, it's hard to know
to how/when these hashes should be trusted or manipulated.  Maybe a
reference to c_rehash(1ssl) would be useful here?

Regards,

	--dkg

- -- System Information:
Debian Release: lenny/sid
  APT prefers testing
  APT policy: (500, 'testing'), (200, 'unstable'), (101, 'experimental')
Architecture: i386 (i686)

Kernel: Linux 2.6.24-1-686 (SMP w/1 CPU core)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages openssl depends on:
ii  libc6                  2.7-10            GNU C Library: Shared libraries
ii  libssl0.9.8            0.9.8g-10         SSL shared libraries
ii  zlib1g                 1:1.2.3.3.dfsg-12 compression library - runtime

openssl recommends no packages.

- -- no debconf information

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iQIVAwUBSDHBUMzS7ZTSFznpAQL3eg/+LUK+8erXM24BZOvq981NHKNqFW+UNsw4
6vSQ76Ca2VIHw5149SQNvCZLF3F89k9nite9Plu+TSl1iWGTx+SM8Uhq63LgI7yu
jdT0gzOQp6CC6HOyY2Gy+Ypk5eVpWWBBsq/ECNYCImvus47+iaMeOtnlzVFoJ68Y
oq+XTcctegphcg9WBtqxscuyRmE2TKbVxlj+63jNfTkUxlPqKYxB0k3td8RP65Y+
mCKuVOhhLAhINXMbs9b+kiwYWQiwbSPO6NYLFkVAW47w8VyuGmpqAnXk9f8oPYMB
WseSK62l36w9+ugc3vBYWvvIyeHxLw+oL7ovGP/NC/fN13KXMMqcV3sPevPSFtzP
4eiTCBMuq8OKM6r+SH8RypOPJpeA06KCVkRW6OBYIZMzsw3Xbb/QpJ4SWeyaDfgx
3MuNhPqkZaHLbUMs8pw1o3sBIwOb1sdo3KcN2YzKZTR5WUq2Hy1raEG4+szkbecb
Z3z70FaOBQtqmDQQoubnT7q+kTig7yMtOrq0+1k3Jygmz8g2ZUK1ZSjXsDoSruuL
2lWBMBl+mdfV3VibwV8L/66CxJWpwnZWf63iOcywLEY6aM/Bv6aPy6SKqXSmCZWY
7akpCYjRNRKF7ZaGBJ8CqY6y4FGCi5Sb8czrUelWhy5Fc4XmbfRnJsYo93V+OibE
HV/QMlfZwKE=
=v7nT
-----END PGP SIGNATURE-----

More information about the Pkg-openssl-devel mailing list