Handle OSSL 3.4 change to SAN:othername formatting

bartonjs · web-flow · commit a40f92ea4ed9 · 2025-01-25T17:38:03.000-08:00
diff --git a/src/libraries/Common/tests/TestUtilities/System/PlatformDetection.Unix.cs b/src/libraries/Common/tests/TestUtilities/System/PlatformDetection.Unix.cs
@@ -51,9 +51,10 @@ public static partial class PlatformDetection
             throw new PlatformNotSupportedException();
 
         private static readonly Version s_openssl3Version = new Version(3, 0, 0);
-        public static bool IsOpenSsl3 => !IsApplePlatform && !IsWindows && !IsAndroid && !IsBrowser ?
-            GetOpenSslVersion() >= s_openssl3Version :
-            false;
+        private static readonly Version s_openssl3_4Version = new Version(3, 4, 0);
+
+        public static bool IsOpenSsl3 => IsOpenSslVersionAtLeast(s_openssl3Version);
+        public static bool IsOpenSsl3_4 => IsOpenSslVersionAtLeast(s_openssl3_4Version);
 
         /// <summary>
         /// If gnulibc is available, returns the release, such as "stable".
@@ -140,6 +141,18 @@ private static Version GetOpenSslVersion()
             return s_opensslVersion;
         }
 
+        // The "IsOpenSsl" properties answer false on Apple, even if OpenSSL is present for lightup,
+        // as they are answering the question "is OpenSSL the primary crypto provider".
+        private static bool IsOpenSslVersionAtLeast(Version minVersion)
+        {
+            if (IsApplePlatform || IsWindows || IsAndroid || IsBrowser)
+            {
+                return false;
+            }
+
+            return GetOpenSslVersion() >= minVersion;
+        }
+
         private static Version ToVersion(string versionString)
         {
             // In some distros/versions we cannot discover the distro version; return something valid.
diff --git a/src/libraries/System.Security.Cryptography/tests/AsnEncodedDataTests.cs b/src/libraries/System.Security.Cryptography/tests/AsnEncodedDataTests.cs
@@ -112,11 +112,13 @@ public static void TestSubjectAlternativeName_Unix()
 
             string s = asnData.Format(false);
             bool isOpenSsl3 = PlatformDetection.IsOpenSsl3;
+            bool isOpenSsl3_4 = PlatformDetection.IsOpenSsl3_4;
 
             string expected = string.Join(
                 ", ",
                 // Choice[0]: OtherName
-                isOpenSsl3 ? "othername: UPN::subjectupn1@example.org" : "othername:<unsupported>",
+                isOpenSsl3_4 ? "othername: UPN:subjectupn1@example.org" :
+                    isOpenSsl3 ? "othername: UPN::subjectupn1@example.org" : "othername:<unsupported>",
                 // Choice[1]: Rfc822Name (EmailAddress)
                 "email:sanemail1@example.org",
                 // Choice[2]: DnsName
