This is a multi-part message in MIME format.

------_=_NextPart_001_01C8580C.DCCAF216
Content-Type: text/plain;
charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

Hi, all,

Sorry to interrupt. I had put this thread to openssl-users@openssl.org
but it seemed that I could not get this ticket from
openssl-users@openssl.org. So there may be something wrong with it. So I
am trying this mailing list instead and hope some of you can help me.

I am trying to define my own certificate verification function through
the API "SSL_CTX_set_cert_verify_callback". This own certificate
verification callback will

check the thumbprint of the peer certificate. In this callback the
thumbprint of certificate is calculated through the API=20

"X509_digest(const X509 *data, const EVP_MD *type, unsigned char *md,
unsigned int *len)". And the param of "data" to pass in is
X509_STORE_CTX::cert.=20

I found the calculated result digest was different from what was
calculated by openssl command line tool. Is there something wrong with
my code? It looks like the following.

=20

static int ssl_certificate_thumbprint_verify_callback(X509_ST ORE_CTX
*ctx, void *arg)

{

unsigned char *thumbprint =3D (unsigned char *)arg;

X509 *cert =3D ctx->cert;

EVP_MD *tempDigest;

unsigned char tempFingerprint[EVP_MAX_MD_SIZE];

unsigned int tempFingerprintLen;

tempDigest =3D (EVP_MD*)EVP_sha1( );

if ( X509_digest(cert, tempDigest, tempFingerprint,
&tempFingerprintLen ) <=3D 0)

return 0;

if(!memcmp(tempFingerprint, thumbprint, tempFingerprintLen))

return 1;

return 0;

}

=20

Thanks.

=20

Liang


------_=_NextPart_001_01C8580C.DCCAF216
Content-Type: text/html;
charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

=3D"urn:schemas-microsoft-comfficeffice" =
xmlns:w=3D"urn:schemas-microsoft-comffice:word" =
xmlns=3D"http://www.w3.org/TR/REC-html40">


charset=3Dus-ascii">





style=3D'text-justify-trimunctuation'>



face=3DArial> lang=3DEN-US style=3D'font-size:9.0pt;font-family:Arial'>Hi, =
all,>>



face=3DArial> lang=3DEN-US style=3D'font-size:9.0pt;font-family:Arial'> Sorry to =
interrupt.
I had put this thread to href=3D"mailtopenssl-users@openssl.org">openssl-users@openssl.org
but it seemed that I could not get this ticket from href=3D"mailtopenssl-users@openssl.org">openssl-users@openssl.org. =
So there
may be something wrong with it. So I am trying this mailing list instead =
and
hope some of you can help me.>>



face=3DArial> lang=3DEN-US style=3D'font-size:9.0pt;font-family:Arial'>  I =
am trying to
define my own certificate verification function through the API
“SSL_CTX_set_cert_verify_callback”. This own certificate =
verification callback
will>>



face=3DArial> lang=3DEN-US style=3D'font-size:9.0pt;font-family:Arial'>check the =
thumbprint of
the peer certificate. In this callback the thumbprint of certificate is
calculated through the API >>



face=3DArial> lang=3DEN-US =
style=3D'font-size:9.0pt;font-family:Arial'>“X509_digest(const =
X509
*data, const EVP_MD *type, unsigned char *md, unsigned int *len)”. =
And the
param of “data” to pass in is X509_STORE_CTX::cert. =
>>



face=3DArial> lang=3DEN-US style=3D'font-size:9.0pt;font-family:Arial'>I found the =
calculated
result digest was different from what was calculated by openssl command =
line
tool. Is there something wrong with my code? It looks like the =
following.>>



face=3DArial> lang=3DEN-US =
style=3D'font-size:9.0pt;font-family:Arial'>> t>



face=3DArial> lang=3DEN-US style=3D'font-size:9.0pt;font-family:Arial'>static int
ssl_certificate_thumbprint_verify_callback(X509_ST ORE_CTX *ctx, void =
*arg)>>



face=3DArial> lang=3DEN-US =
style=3D'font-size:9.0pt;font-family:Arial'>{>>

>


face=3DArial> lang=3DEN-US =
style=3D'font-size:9.0pt;font-family:Arial'>    &nbsp=
;   
unsigned char *thumbprint =3D (unsigned char =
*)arg;>>



face=3DArial> lang=3DEN-US =
style=3D'font-size:9.0pt;font-family:Arial'>    &nbsp=
;   
X509 *cert =3D ctx->cert;>>



face=3DArial> lang=3DEN-US =
style=3D'font-size:9.0pt;font-family:Arial'>    &nbsp=
;   
EVP_MD           &=
nbsp;           &n=
bsp;   
      *tempDigest;>>
=



face=3DArial> lang=3DEN-US =
style=3D'font-size:9.0pt;font-family:Arial'>    &nbsp=
;   
unsigned char   =
tempFingerprint[EVP_MAX_MD_SIZE];>>



face=3DArial> lang=3DEN-US =
style=3D'font-size:9.0pt;font-family:Arial'>    &nbsp=
;   
unsigned int      =
tempFingerprintLen;>>



face=3DArial> lang=3DEN-US =
style=3D'font-size:9.0pt;font-family:Arial'>    &nbsp=
;   
tempDigest =3D (EVP_MD*)EVP_sha1( );>>



face=3DArial> lang=3DEN-US =
style=3D'font-size:9.0pt;font-family:Arial'>    &nbsp=
;   
if ( X509_digest(cert, tempDigest, tempFingerprint, =
&tempFingerprintLen )
<=3D 0)>>



face=3DArial> lang=3DEN-US =
style=3D'font-size:9.0pt;font-family:Arial'>    &nbsp=
;            =
 
return 0;>>



face=3DArial> lang=3DEN-US =
style=3D'font-size:9.0pt;font-family:Arial'>    &nbsp=
;   
if(!memcmp(tempFingerprint, thumbprint, =
tempFingerprintLen))>>



face=3DArial> lang=3DEN-US =
style=3D'font-size:9.0pt;font-family:Arial'>    &nbsp=
;            =
 
return 1;>>



face=3DArial> lang=3DEN-US =
style=3D'font-size:9.0pt;font-family:Arial'>    &nbsp=
;   
return 0;>>



face=3DArial> lang=3DEN-US =
style=3D'font-size:9.0pt;font-family:Arial'>}>>

>

face=3DArial> lang=3DEN-US =
style=3D'font-size:9.0pt;font-family:Arial'>> t>



face=3DArial> lang=3DEN-US =
style=3D'font-size:9.0pt;font-family:Arial'>Thanks.>> nt>



face=3DArial> lang=3DEN-US =
style=3D'font-size:9.0pt;font-family:Arial'>> t>



face=3DArial> lang=3DEN-US =
style=3D'font-size:9.0pt;font-family:Arial'>Liang>>
>









------_=_NextPart_001_01C8580C.DCCAF216--
__________________________________________________ ____________________
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager majordomo@openssl.org