This is a discussion on About certificate sha1 thumbprint - Openssl ; This is a multi-part message in MIME format. ------_=_NextPart_001_01C857EB.723742E8 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Hi, all I am trying to define my own certificate verification function through the API "SSL_CTX_set_cert_verify_callback". This own certificate verification callback will check the thumbprint of ...
This is a multi-part message in MIME format.=3D"urn:schemas-microsoft-com
------_=_NextPart_001_01C857EB.723742E8
Content-Type: text/plain;
charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Hi, all
I am trying to define my own certificate verification function through
the API "SSL_CTX_set_cert_verify_callback". This own certificate
verification callback will
check the thumbprint of the peer certificate. In this callback the
thumbprint of certificate is calculated through the API=20
"X509_digest(const X509 *data, const EVP_MD *type, unsigned char *md,
unsigned int *len)". And the param of "data" to pass in is
X509_STORE_CTX::cert.=20
I found the calculated result digest was different from what was
calucated by openssl command line. Is there something wrong with my
code? It looks like the following.
=20
static int ssl_certificate_thumbprint_verify_callback(X509_ST ORE_CTX
*ctx, void *arg)
{
unsigned char *thumbprint =3D (unsigned char *)arg;
X509 *cert =3D ctx->cert;
EVP_MD *tempDigest;
unsigned char tempFingerprint[EVP_MAX_MD_SIZE];
unsigned int tempFingerprintLen;
tempDigest =3D (EVP_MD*)EVP_sha1( );
if ( X509_digest(cert, tempDigest, tempFingerprint,
&tempFingerprintLen ) <=3D 0)
return 0;
if(!memcmp(tempFingerprint, thumbprint, tempFingerprintLen))
return 1;
return 0;
}
=20
Thanks.
=20
Liang
=20
------_=_NextPart_001_01C857EB.723742E8
Content-Type: text/html;
charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
fficeffice" =ffice:word" =
unctuation'>
style=3D'font-size:
9.0pt;font-family:Arial'>Hi, all
style=3D'font-size:
9.0pt;font-family:Arial'> I am trying to define my own =
certificate verification
function through the API “SSL_CTX_set_cert_verify_callback”. =
This own
certificate verification callback will
style=3D'font-size:
9.0pt;font-family:Arial'>check the thumbprint of the peer certificate. =
In this callback
the thumbprint of certificate is calculated through the API =
style=3D'font-size:
9.0pt;font-family:Arial'>“X509_digest(const X509 *data, const =
EVP_MD
*type, unsigned char *md, unsigned int *len)”. And the param of =
“data”
to pass in is X509_STORE_CTX::cert.
style=3D'font-size:
9.0pt;font-family:Arial'>I found the calculated result digest was =
different
from what was calucated by openssl command line. Is there something =
wrong with
my code? It looks like the following.
style=3D'font-size:
9.0pt;font-family:Arial'>
style=3D'font-size:
9.0pt;font-family:Arial'>static int
ssl_certificate_thumbprint_verify_callback(X509_ST ORE_CTX *ctx, void =
*arg)
style=3D'font-size:
9.0pt;font-family:Arial'>{
style=3D'font-size:
9.0pt;font-family:Arial'> =
unsigned
char *thumbprint =3D (unsigned char *)arg;
style=3D'font-size:
9.0pt;font-family:Arial'> =
X509
*cert =3D ctx->cert;
style=3D'font-size:
9.0pt;font-family:Arial'> =
=
EVP_MD &=
nbsp; &n=
bsp;
*tempDigest;
style=3D'font-size:
9.0pt;font-family:Arial'> =
unsigned
char =
tempFingerprint[EVP_MAX_MD_SIZE];
style=3D'font-size:
9.0pt;font-family:Arial'> =
unsigned
int =
tempFingerprintLen;
style=3D'font-size:
9.0pt;font-family:Arial'> =
tempDigest
=3D (EVP_MD*)EVP_sha1( );
style=3D'font-size:
9.0pt;font-family:Arial'> =
if (
X509_digest(cert, tempDigest, tempFingerprint, &tempFingerprintLen ) =
<=3D
0)
style=3D'font-size:
9.0pt;font-family:Arial'> =
return
0;
style=3D'font-size:
9.0pt;font-family:Arial'> =
if(!memcmp(tempFingerprint,
thumbprint, tempFingerprintLen))
style=3D'font-size:
9.0pt;font-family:Arial'> =
return
1;
style=3D'font-size:
9.0pt;font-family:Arial'> =
return
0;
style=3D'font-size:
9.0pt;font-family:Arial'>}
style=3D'font-size:
9.0pt;font-family:Arial'>
style=3D'font-size:
9.0pt;font-family:Arial'>Thanks.
style=3D'font-size:
9.0pt;font-family:Arial'>
style=3D'font-size:
9.0pt;font-family:Arial'>Liang
lang=3DEN-US>
