No. I try to convert binary digest to hexadecimal strings outside and =
compare it with what is generated by the command-line tool. And I find =
they are different. The strange thing is that the thumbprint generated =
by my X509_digest begins with zero. That may be something wrong. Is it?

Liang

-----Original Message-----
From: owner-openssl-users@openssl.org =
[mailtowner-openssl-users@openssl.org] On Behalf Of Victor Duchovni
Sent: 2008=C4=EA1=D4=C217=C8=D5 9:25
To: openssl-users@openssl.org
Subject: Re: About certificate sha1 thumbprint

On Thu, Jan 17, 2008 at 09:11:01AM +0800, Hou, LiangX wrote:

> I used "openssl dgst -sha1". Is there anything wrong with my code? =

Is it right to get certificate object by using "X509 *cert =3D =
ctx->cert;" in this case?=20

You have not shown sufficient code for reasonable conclusions to be =
made.
A simple error could be that you are comparing the ASCII digest =
"xx:xx:..."
with the binary digest generation by X509_digest().

The command-line tool just calls X509_digest() and converts the result
to ASCII hex format. Not surprisingly, this agrees with calculations
done in C-code in other applications.

--=20
Viktor.
__________________________________________________ ____________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majordomo@openssl.org
__________________________________________________ ____________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majordomo@openssl.org