Hi, Steve,
I used "openssl dgst -sha1". Is there anything wrong with my code? Is =
it right to get certificate object by using "X509 *cert =3D ctx->cert;" =
in this case?=20
Thanks.
Liang

-----Original Message-----
From: owner-openssl-users@openssl.org =
[mailtowner-openssl-users@openssl.org] On Behalf Of Dr. Stephen Henson
Sent: 2008=C4=EA1=D4=C216=C8=D5 21:41
To: openssl-users@openssl.org
Subject: Re: About certificate sha1 thumbprint

On Wed, Jan 16, 2008, Hou, LiangX wrote:

> Hi, all
>=20
> I am trying to define my own certificate verification function =

through
> the API "SSL_CTX_set_cert_verify_callback". This own certificate
> verification callback will
>=20
> check the thumbprint of the peer certificate. In this callback the
> thumbprint of certificate is calculated through the API=20
>=20
> "X509_digest(const X509 *data, const EVP_MD *type, unsigned char *md,
> unsigned int *len)". And the param of "data" to pass in is
> X509_STORE_CTX::cert.=20
>=20
> I found the calculated result digest was different from what was
> calucated by openssl command line. Is there something wrong with my
> code? It looks like the following.
>=20


What command line are you using to output the thumbprint? By default it =
uses
md5, you need the -sha1 option to use SHA1.

Steve.
--
Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage
OpenSSL project core developer and freelance consultant.
Homepage: http://www.drh-consultancy.demon.co.uk
__________________________________________________ ____________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majordomo@openssl.org
__________________________________________________ ____________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majordomo@openssl.org