This is a multi-part message in MIME format.

------_=_NextPart_001_01C857EB.723742E8
Content-Type: text/plain;
charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

Hi, all

I am trying to define my own certificate verification function through
the API "SSL_CTX_set_cert_verify_callback". This own certificate
verification callback will

check the thumbprint of the peer certificate. In this callback the
thumbprint of certificate is calculated through the API=20

"X509_digest(const X509 *data, const EVP_MD *type, unsigned char *md,
unsigned int *len)". And the param of "data" to pass in is
X509_STORE_CTX::cert.=20

I found the calculated result digest was different from what was
calucated by openssl command line. Is there something wrong with my
code? It looks like the following.

=20

static int ssl_certificate_thumbprint_verify_callback(X509_ST ORE_CTX
*ctx, void *arg)

{

unsigned char *thumbprint =3D (unsigned char *)arg;

X509 *cert =3D ctx->cert;

EVP_MD *tempDigest;

unsigned char tempFingerprint[EVP_MAX_MD_SIZE];

unsigned int tempFingerprintLen;

tempDigest =3D (EVP_MD*)EVP_sha1( );

if ( X509_digest(cert, tempDigest, tempFingerprint,
&tempFingerprintLen ) <=3D 0)

return 0;

if(!memcmp(tempFingerprint, thumbprint, tempFingerprintLen))

return 1;

return 0;

}

=20

Thanks.

=20

Liang

=20


------_=_NextPart_001_01C857EB.723742E8
Content-Type: text/html;
charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

=3D"urn:schemas-microsoft-comfficeffice" =
xmlns:w=3D"urn:schemas-microsoft-comffice:word" =
xmlns=3D"http://www.w3.org/TR/REC-html40">


charset=3Dus-ascii">





style=3D'text-justify-trimunctuation'>



style=3D'font-size:
9.0pt;font-family:Arial'>Hi, all>>



style=3D'font-size:
9.0pt;font-family:Arial'>  I am trying to define my own =
certificate verification
function through the API “SSL_CTX_set_cert_verify_callback”. =
This own
certificate verification callback will>>



style=3D'font-size:
9.0pt;font-family:Arial'>check the thumbprint of the peer certificate. =
In this callback
the thumbprint of certificate is calculated through the API =
>>



style=3D'font-size:
9.0pt;font-family:Arial'>“X509_digest(const X509 *data, const =
EVP_MD
*type, unsigned char *md, unsigned int *len)”. And the param of =
“data”
to pass in is X509_STORE_CTX::cert. >>



style=3D'font-size:
9.0pt;font-family:Arial'>I found the calculated result digest was =
different
from what was calucated by openssl command line. Is there something =
wrong with
my code? It looks like the following.>>



style=3D'font-size:
9.0pt;font-family:Arial'>>



style=3D'font-size:
9.0pt;font-family:Arial'>static int
ssl_certificate_thumbprint_verify_callback(X509_ST ORE_CTX *ctx, void =
*arg)>>



style=3D'font-size:
9.0pt;font-family:Arial'>{>>



style=3D'font-size:
9.0pt;font-family:Arial'>        =
unsigned
char *thumbprint =3D (unsigned char *)arg;>>



style=3D'font-size:
9.0pt;font-family:Arial'>        =
X509
*cert =3D ctx->cert;>>



style=3D'font-size:
9.0pt;font-family:Arial'>        =
=
EVP_MD           &=
nbsp;           &n=
bsp;   
      *tempDigest;>>
=



style=3D'font-size:
9.0pt;font-family:Arial'>        =
unsigned
char   =
tempFingerprint[EVP_MAX_MD_SIZE];>>



style=3D'font-size:
9.0pt;font-family:Arial'>        =
unsigned
int      =
tempFingerprintLen;>>



style=3D'font-size:
9.0pt;font-family:Arial'>        =
tempDigest
=3D (EVP_MD*)EVP_sha1( );>>



style=3D'font-size:
9.0pt;font-family:Arial'>        =
if (
X509_digest(cert, tempDigest, tempFingerprint, &tempFingerprintLen ) =
<=3D
0)>>



style=3D'font-size:
9.0pt;font-family:Arial'>        =
           return
0;>>



style=3D'font-size:
9.0pt;font-family:Arial'>        =
if(!memcmp(tempFingerprint,
thumbprint, tempFingerprintLen))>>



style=3D'font-size:
9.0pt;font-family:Arial'>        =
           return
1;>>



style=3D'font-size:
9.0pt;font-family:Arial'>        =
return
0;>>



style=3D'font-size:
9.0pt;font-family:Arial'>}>>



style=3D'font-size:
9.0pt;font-family:Arial'>>



style=3D'font-size:
9.0pt;font-family:Arial'>Thanks.>>



style=3D'font-size:
9.0pt;font-family:Arial'>>



style=3D'font-size:
9.0pt;font-family:Arial'>Liang>>



lang=3DEN-US>>









------_=_NextPart_001_01C857EB.723742E8--
__________________________________________________ ____________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majordomo@openssl.org