On Thu, Jan 17, 2008 at 10:14:28AM +0800, Hou, LiangX wrote:

> No. I try to convert binary digest to hexadecimal strings outside and compare it with what is generated by the command-line tool. And I find they are different. The strange thing is that the thumbprint generated by my X509_digest begins with zero. That may be something wrong. Is it?

What's wrong with zero? The raw digest is a set of pseudo-random bytes,
of none of the bytes or nibbles were ever zero, that would be strong
evidence that the hash is flawed.

You have not posted the relevant code, and your problem descriptions
are vague. If you want help you need to post clear problem descriptions
and a complete example constiting of a cert.pem file and code with
working Makefile that computes the "wrong" digest for the certificate
(different from what is reported by "openssl x509 -sha1 -fingerprint
-noout -in cert.pem").

__________________________________________________ ____________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majordomo@openssl.org