On Wed, Jan 16, 2008, Hou, LiangX wrote:

> Hi, all
> I am trying to define my own certificate verification function through
> the API "SSL_CTX_set_cert_verify_callback". This own certificate
> verification callback will
> check the thumbprint of the peer certificate. In this callback the
> thumbprint of certificate is calculated through the API
> "X509_digest(const X509 *data, const EVP_MD *type, unsigned char *md,
> unsigned int *len)". And the param of "data" to pass in is
> X509_STORE_CTX::cert.
> I found the calculated result digest was different from what was
> calucated by openssl command line. Is there something wrong with my
> code? It looks like the following.

What command line are you using to output the thumbprint? By default it uses
md5, you need the -sha1 option to use SHA1.

Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage
OpenSSL project core developer and freelance consultant.
Homepage: http://www.drh-consultancy.demon.co.uk
__________________________________________________ ____________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majordomo@openssl.org