Re: About certificate sha1 thumbprint
On Wed, Jan 16, 2008, Hou, LiangX wrote:
> Hi, all
> I am trying to define my own certificate verification function through
> the API "SSL_CTX_set_cert_verify_callback". This own certificate
> verification callback will
> check the thumbprint of the peer certificate. In this callback the
> thumbprint of certificate is calculated through the API
> "X509_digest(const X509 *data, const EVP_MD *type, unsigned char *md,
> unsigned int *len)". And the param of "data" to pass in is
> I found the calculated result digest was different from what was
> calucated by openssl command line. Is there something wrong with my
> code? It looks like the following.
What command line are you using to output the thumbprint? By default it uses
md5, you need the -sha1 option to use SHA1.
Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage
OpenSSL project core developer and freelance consultant.
OpenSSL Project [url]http://www.openssl.org[/url]
User Support Mailing List [email]firstname.lastname@example.org[/email]
Automated List Manager [email]email@example.com[/email]