From a40f92ea4ed936117f7d490150b0195532a97493 Mon Sep 17 00:00:00 2001
From: Jeremy Barton <jbarton@microsoft.com>
Date: Sat, 25 Jan 2025 17:38:03 -0800
Subject: [PATCH] Handle OSSL 3.4 change to SAN:othername formatting

---
 .../System/PlatformDetection.Unix.cs          | 19 ++++++++++++++++---
 .../tests/AsnEncodedDataTests.cs              |  4 +++-
 2 files changed, 19 insertions(+), 4 deletions(-)

diff --git a/src/libraries/Common/tests/TestUtilities/System/PlatformDetection.Unix.cs b/src/libraries/Common/tests/TestUtilities/System/PlatformDetection.Unix.cs
index f0924cdedf5fdb..59c0b9a29d3932 100644
--- a/src/libraries/Common/tests/TestUtilities/System/PlatformDetection.Unix.cs
+++ b/src/libraries/Common/tests/TestUtilities/System/PlatformDetection.Unix.cs
@@ -51,9 +51,10 @@ public static partial class PlatformDetection
             throw new PlatformNotSupportedException();
 
         private static readonly Version s_openssl3Version = new Version(3, 0, 0);
-        public static bool IsOpenSsl3 => !IsApplePlatform && !IsWindows && !IsAndroid && !IsBrowser ?
-            GetOpenSslVersion() >= s_openssl3Version :
-            false;
+        private static readonly Version s_openssl3_4Version = new Version(3, 4, 0);
+
+        public static bool IsOpenSsl3 => IsOpenSslVersionAtLeast(s_openssl3Version);
+        public static bool IsOpenSsl3_4 => IsOpenSslVersionAtLeast(s_openssl3_4Version);
 
         /// <summary>
         /// If gnulibc is available, returns the release, such as "stable".
@@ -140,6 +141,18 @@ private static Version GetOpenSslVersion()
             return s_opensslVersion;
         }
 
+        // The "IsOpenSsl" properties answer false on Apple, even if OpenSSL is present for lightup,
+        // as they are answering the question "is OpenSSL the primary crypto provider".
+        private static bool IsOpenSslVersionAtLeast(Version minVersion)
+        {
+            if (IsApplePlatform || IsWindows || IsAndroid || IsBrowser)
+            {
+                return false;
+            }
+
+            return GetOpenSslVersion() >= minVersion;
+        }
+
         private static Version ToVersion(string versionString)
         {
             // In some distros/versions we cannot discover the distro version; return something valid.
diff --git a/src/libraries/System.Security.Cryptography/tests/AsnEncodedDataTests.cs b/src/libraries/System.Security.Cryptography/tests/AsnEncodedDataTests.cs
index cf9423739cd69d..a53d994649f4dc 100644
--- a/src/libraries/System.Security.Cryptography/tests/AsnEncodedDataTests.cs
+++ b/src/libraries/System.Security.Cryptography/tests/AsnEncodedDataTests.cs
@@ -112,11 +112,13 @@ public static void TestSubjectAlternativeName_Unix()
 
             string s = asnData.Format(false);
             bool isOpenSsl3 = PlatformDetection.IsOpenSsl3;
+            bool isOpenSsl3_4 = PlatformDetection.IsOpenSsl3_4;
 
             string expected = string.Join(
                 ", ",
                 // Choice[0]: OtherName
-                isOpenSsl3 ? "othername: UPN::subjectupn1@example.org" : "othername:<unsupported>",
+                isOpenSsl3_4 ? "othername: UPN:subjectupn1@example.org" :
+                    isOpenSsl3 ? "othername: UPN::subjectupn1@example.org" : "othername:<unsupported>",
                 // Choice[1]: Rfc822Name (EmailAddress)
                 "email:sanemail1@example.org",
                 // Choice[2]: DnsName