About certificate sha1 thumbprint
This is a multi-part message in MIME format.
------_=_NextPart_001_01C8580C.DCCAF216
Content-Type: text/plain;
charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Hi, all,
Sorry to interrupt. I had put this thread to [email]openssl-users@openssl.org[/email]
but it seemed that I could not get this ticket from
[email]openssl-users@openssl.org[/email]. So there may be something wrong with it. So I
am trying this mailing list instead and hope some of you can help me.
I am trying to define my own certificate verification function through
the API "SSL_CTX_set_cert_verify_callback". This own certificate
verification callback will
check the thumbprint of the peer certificate. In this callback the
thumbprint of certificate is calculated through the API=20
"X509_digest(const X509 *data, const EVP_MD *type, unsigned char *md,
unsigned int *len)". And the param of "data" to pass in is
X509_STORE_CTX::cert.=20
I found the calculated result digest was different from what was
calculated by openssl command line tool. Is there something wrong with
my code? It looks like the following.
=20
static int ssl_certificate_thumbprint_verify_callback(X509_STORE_CTX
*ctx, void *arg)
{
unsigned char *thumbprint =3D (unsigned char *)arg;
X509 *cert =3D ctx->cert;
EVP_MD *tempDigest;
unsigned char tempFingerprint[EVP_MAX_MD_SIZE];
unsigned int tempFingerprintLen;
tempDigest =3D (EVP_MD*)EVP_sha1( );
if ( X509_digest(cert, tempDigest, tempFingerprint,
&tempFingerprintLen ) <=3D 0)
return 0;
if(!memcmp(tempFingerprint, thumbprint, tempFingerprintLen))
return 1;
return 0;
}
=20
Thanks.
=20
Liang
------_=_NextPart_001_01C8580C.DCCAF216
Content-Type: text/html;
charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
<html xmlns:o=3D"urn:schemas-microsoft-com:office:office" =
xmlns:w=3D"urn:schemas-microsoft-com:office:word" =
xmlns=3D"http://www.w3.org/TR/REC-html40">
<head>
<META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; =
charset=3Dus-ascii">
<meta name=3DGenerator content=3D"Microsoft Word 11 (filtered medium)">
<style>
<!--
/* Font Definitions */
@font-face
{font-family:宋体;
panose-1:2 1 6 0 3 1 1 1 1 1;}
@font-face
{font-family:"\@宋体";
panose-1:2 1 6 0 3 1 1 1 1 1;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
text-align:justify;
text-justify:inter-ideograph;
font-size:10.5pt;
font-family:"Times New Roman";}
a:link, span.MsoHyperlink
{color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{color:purple;
text-decoration:underline;}
span.EmailStyle17
{mso-style-type:personal-compose;
font-family:Arial;
color:windowtext;}
/* Page Definitions */
@page Section1
{size:595.3pt 841.9pt;
margin:72.0pt 90.0pt 72.0pt 90.0pt;
layout-grid:15.6pt;}
div.Section1
{page:Section1;}
-->
</style>
</head>
<body lang=3DZH-CN link=3Dblue vlink=3Dpurple =
style=3D'text-justify-trim:punctuation'>
<div class=3DSection1 style=3D'layout-grid:15.6pt'>
<p class=3DMsoNormal style=3D'layout-grid-mode:char'><font size=3D1 =
face=3DArial><span
lang=3DEN-US style=3D'font-size:9.0pt;font-family:Arial'>Hi, =
all,<o:p></o:p></span></font></p>
<p class=3DMsoNormal style=3D'layout-grid-mode:char'><font size=3D1 =
face=3DArial><span
lang=3DEN-US style=3D'font-size:9.0pt;font-family:Arial'> Sorry to =
interrupt.
I had put this thread to <a =
href=3D"mailto:openssl-users@openssl.org">openssl-users@openssl.org</a>
but it seemed that I could not get this ticket from <a
href=3D"mailto:openssl-users@openssl.org">openssl-users@openssl.org</a>. =
So there
may be something wrong with it. So I am trying this mailing list instead =
and
hope some of you can help me.<o:p></o:p></span></font></p>
<p class=3DMsoNormal style=3D'layout-grid-mode:char'><font size=3D1 =
face=3DArial><span
lang=3DEN-US style=3D'font-size:9.0pt;font-family:Arial'> I =
am trying to
define my own certificate verification function through the API
“SSL_CTX_set_cert_verify_callback”. This own certificate =
verification callback
will<o:p></o:p></span></font></p>
<p class=3DMsoNormal style=3D'layout-grid-mode:char'><font size=3D1 =
face=3DArial><span
lang=3DEN-US style=3D'font-size:9.0pt;font-family:Arial'>check the =
thumbprint of
the peer certificate. In this callback the thumbprint of certificate is
calculated through the API <o:p></o:p></span></font></p>
<p class=3DMsoNormal style=3D'layout-grid-mode:char'><font size=3D1 =
face=3DArial><span
lang=3DEN-US =
style=3D'font-size:9.0pt;font-family:Arial'>“X509_digest(const =
X509
*data, const EVP_MD *type, unsigned char *md, unsigned int *len)”. =
And the
param of “data” to pass in is X509_STORE_CTX::cert. =
<o:p></o:p></span></font></p>
<p class=3DMsoNormal style=3D'layout-grid-mode:char'><font size=3D1 =
face=3DArial><span
lang=3DEN-US style=3D'font-size:9.0pt;font-family:Arial'>I found the =
calculated
result digest was different from what was calculated by openssl command =
line
tool. Is there something wrong with my code? It looks like the =
following.<o:p></o:p></span></font></p>
<p class=3DMsoNormal style=3D'layout-grid-mode:char'><font size=3D1 =
face=3DArial><span
lang=3DEN-US =
style=3D'font-size:9.0pt;font-family:Arial'><o:p> </o:p></span></fon=
t></p>
<p class=3DMsoNormal style=3D'layout-grid-mode:char'><font size=3D1 =
face=3DArial><span
lang=3DEN-US style=3D'font-size:9.0pt;font-family:Arial'>static int
ssl_certificate_thumbprint_verify_callback(X509_STORE_CTX *ctx, void =
*arg)<o:p></o:p></span></font></p>
<p class=3DMsoNormal style=3D'layout-grid-mode:char'><font size=3D1 =
face=3DArial><span
lang=3DEN-US =
style=3D'font-size:9.0pt;font-family:Arial'>{<o:p></o:p></span></font></p=[color=blue]
>[/color]
<p class=3DMsoNormal style=3D'layout-grid-mode:char'><font size=3D1 =
face=3DArial><span
lang=3DEN-US =
style=3D'font-size:9.0pt;font-family:Arial'>  =
;
unsigned char *thumbprint =3D (unsigned char =
*)arg;<o:p></o:p></span></font></p>
<p class=3DMsoNormal style=3D'layout-grid-mode:char'><font size=3D1 =
face=3DArial><span
lang=3DEN-US =
style=3D'font-size:9.0pt;font-family:Arial'>  =
;
X509 *cert =3D ctx->cert;<o:p></o:p></span></font></p>
<p class=3DMsoNormal style=3D'layout-grid-mode:char'><font size=3D1 =
face=3DArial><span
lang=3DEN-US =
style=3D'font-size:9.0pt;font-family:Arial'>  =
;
EVP_MD &=
nbsp; &n=
bsp;
*tempDigest;<o:p></o:p></span></font>=
</p>
<p class=3DMsoNormal style=3D'layout-grid-mode:char'><font size=3D1 =
face=3DArial><span
lang=3DEN-US =
style=3D'font-size:9.0pt;font-family:Arial'>  =
;
unsigned char =
tempFingerprint[EVP_MAX_MD_SIZE];<o:p></o:p></span></font></p>
<p class=3DMsoNormal style=3D'layout-grid-mode:char'><font size=3D1 =
face=3DArial><span
lang=3DEN-US =
style=3D'font-size:9.0pt;font-family:Arial'>  =
;
unsigned int =
tempFingerprintLen;<o:p></o:p></span></font></p>
<p class=3DMsoNormal style=3D'layout-grid-mode:char'><font size=3D1 =
face=3DArial><span
lang=3DEN-US =
style=3D'font-size:9.0pt;font-family:Arial'>  =
;
tempDigest =3D (EVP_MD*)EVP_sha1( );<o:p></o:p></span></font></p>
<p class=3DMsoNormal style=3D'layout-grid-mode:char'><font size=3D1 =
face=3DArial><span
lang=3DEN-US =
style=3D'font-size:9.0pt;font-family:Arial'>  =
;
if ( X509_digest(cert, tempDigest, tempFingerprint, =
&tempFingerprintLen )
<=3D 0)<o:p></o:p></span></font></p>
<p class=3DMsoNormal style=3D'layout-grid-mode:char'><font size=3D1 =
face=3DArial><span
lang=3DEN-US =
style=3D'font-size:9.0pt;font-family:Arial'>  =
; =
return 0;<o:p></o:p></span></font></p>
<p class=3DMsoNormal style=3D'layout-grid-mode:char'><font size=3D1 =
face=3DArial><span
lang=3DEN-US =
style=3D'font-size:9.0pt;font-family:Arial'>  =
;
if(!memcmp(tempFingerprint, thumbprint, =
tempFingerprintLen))<o:p></o:p></span></font></p>
<p class=3DMsoNormal style=3D'layout-grid-mode:char'><font size=3D1 =
face=3DArial><span
lang=3DEN-US =
style=3D'font-size:9.0pt;font-family:Arial'>  =
; =
return 1;<o:p></o:p></span></font></p>
<p class=3DMsoNormal style=3D'layout-grid-mode:char'><font size=3D1 =
face=3DArial><span
lang=3DEN-US =
style=3D'font-size:9.0pt;font-family:Arial'>  =
;
return 0;<o:p></o:p></span></font></p>
<p class=3DMsoNormal style=3D'layout-grid-mode:char'><font size=3D1 =
face=3DArial><span
lang=3DEN-US =
style=3D'font-size:9.0pt;font-family:Arial'>}<o:p></o:p></span></font></p=[color=blue]
>[/color]
<p class=3DMsoNormal style=3D'layout-grid-mode:char'><font size=3D1 =
face=3DArial><span
lang=3DEN-US =
style=3D'font-size:9.0pt;font-family:Arial'><o:p> </o:p></span></fon=
t></p>
<p class=3DMsoNormal style=3D'layout-grid-mode:char'><font size=3D1 =
face=3DArial><span
lang=3DEN-US =
style=3D'font-size:9.0pt;font-family:Arial'>Thanks.<o:p></o:p></span></fo=
nt></p>
<p class=3DMsoNormal style=3D'layout-grid-mode:char'><font size=3D1 =
face=3DArial><span
lang=3DEN-US =
style=3D'font-size:9.0pt;font-family:Arial'><o:p> </o:p></span></fon=
t></p>
<p class=3DMsoNormal style=3D'layout-grid-mode:char'><font size=3D1 =
face=3DArial><span
lang=3DEN-US =
style=3D'font-size:9.0pt;font-family:Arial'>Liang<o:p></o:p></span></font=[color=blue]
></p>[/color]
</div>
</body>
</html>
------_=_NextPart_001_01C8580C.DCCAF216--
______________________________________________________________________
OpenSSL Project [url]http://www.openssl.org[/url]
Development Mailing List [email]openssl-dev@openssl.org[/email]
Automated List Manager [email]majordomo@openssl.org[/email]
