On Thu, Jan 17, 2008 at 09:11:01AM +0800, Hou, LiangX wrote:

> I used "openssl dgst -sha1". Is there anything wrong with my code? Is it right to get certificate object by using "X509 *cert = ctx->cert;" in this case?

You have not shown sufficient code for reasonable conclusions to be made.
A simple error could be that you are comparing the ASCII digest "xx:xx:..."
with the binary digest generation by X509_digest().

The command-line tool just calls X509_digest() and converts the result
to ASCII hex format. Not surprisingly, this agrees with calculations
done in C-code in other applications.

__________________________________________________ ____________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majordomo@openssl.org