Viktor,
Thank you for your help. I am using curl in a project actually. And I =
want to configure curl to do my custom authentication job. I am going to =
write an independent code and post it up with my cert. But before that =
I'd like to ask you whether it is caused by my cert. The cert looks like =
the following. I put certificate and private key together in a single =
file named "servercert.pem". Is it a correct or legal cert.pem file?=20
-----BEGIN CERTIFICATE-----
MIICYTCCAcoCCQCqu277Z+VLYTANBgkqhkiG9w0BAQUFADB1MQ swCQYDVQQGEwJj
bjELMAkGA1UEBxMCc2gxDjAMBgNVBAoTBWludGVsMRAwDgYDVQ QLEwdTU0ctT1RD
MRIwEAYDVQQDEwl3c21hbi1kZXYxIzAhBgkqhkiG9w0BCQEWFG xpYW5neC5ob3VA
aW50ZWwuY29tMB4XDTA3MTEyMjA3NTU1NFoXDTA4MTEyMTA3NT U1NFowdTELMAkG
A1UEBhMCY24xCzAJBgNVBAcTAnNoMQ4wDAYDVQQKEwVpbnRlbD EQMA4GA1UECxMH
U1NHLU9UQzESMBAGA1UEAxMJd3NtYW4tZGV2MSMwIQYJKoZIhv cNAQkBFhRsaWFu
Z3guaG91QGludGVsLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQ AwgYkCgYEAoqY7
clxwXVbZeZLj3KGSSwqGR5nzHS7YGIWq/TOlkcGqD7HDtkkasFxTCSDC+isYjR5a
SBVT6O6PeQiaGJH92lH18GsEYcP1A97+fQkRr4iQTOUiCRa9KQ zT4oD40DQ68riV
COjZ4hM3W9VIO9HcA8BXW6WVQYaz6GMl+Jzx6mECAwEAATANBg kqhkiG9w0BAQUF
AAOBgQBFnLDfS+fE061exGM+NvCFsL+DcMgHsV4SM9WglEm8Ib xzQbV5WFx8yYG6
1r3nCr2ufyVKMCVq53ps7cc7u7hKVUrymDhe1zd0eARjq3mLrZ DWzsYlq8AmkhWp
A4TZ2maCeRStdeuAA8fXthmI5QqfAyQ7TGRwhWGvfBNW3zTNog =3D=3D
-----END CERTIFICATE-----
-----BEGIN RSA PRIVATE KEY-----
MIICXgIBAAKBgQCipjtyXHBdVtl5kuPcoZJLCoZHmfMdLtgYha r9M6WRwaoPscO2
SRqwXFMJIML6KxiNHlpIFVPo7o95CJoYkf3aUfXwawRhw/UD3v59CRGviJBM5SIJ
Fr0pDNPigPjQNDryuJUI6NniEzdb1Ug70dwDwFdbpZVBhrPoYy X4nPHqYQIDAQAB
AoGBAI1SIE7ScLM5FgajEacPH9xhzaCC7BDMNejAo3wTFuYZPl kanLFSvYTFA0To
GWFidpeO6uS820aFmVWRmsqEduqLOBIwiYbVEGEPzP/uPmskacqVkybo0NRRwDJE
t0xJoLhG4lKZwmF63DAUShYUldWEebUPlvPj/iEYLkLZZrpRAkEAzQpHnaPV3Qj9
Znz73z72/VqxVKUZBVLKkJXiiCdT3b4MSum+eWHlUllr4yYngKpzLtOcPCI +9iz0
FdESKfkjLQJBAMsS1Ct13jh4DZK6qhUVMWKWGpkyi3sZABhRYq dKUTcW+A/5vAYl
wB5UfWNdvY5AG6D1/+bYC3UUp5XtT0FDtIUCQDJQfXZvh8FvvU7zCJOlzdIp+S3+
PX+S62ZDgY1LqUbWpgmUBkue/DkS/GiHKlZmfVFWWBZhiPW73kGkRkLKghkCQQCW
v1F1ObhO3v/kbmEX6XWRo6/3DYhxRuvFIZVEbmy/onNfGJo1TgzB9yJlgw7V7E0W
PcdLjBFlRoHpUBLHdgUpAkEAhNLyWjZDtYSyd7C5Qj9qcp1wJ0 LY+28HutbBSxkA
aiUEtNQef4ReO4odK5cO4WZ1M86EHpkiHSPbY0gdagkKWQ=3D= 3D
-----END RSA PRIVATE KEY-----


-----Original Message-----
From: owner-openssl-users@openssl.org =
[mailtowner-openssl-users@openssl.org] On Behalf Of Victor Duchovni
Sent: 2008=C4=EA1=D4=C217=C8=D5 11:30
To: openssl-users@openssl.org
Subject: Re: About certificate sha1 thumbprint

On Thu, Jan 17, 2008 at 10:14:28AM +0800, Hou, LiangX wrote:

> No. I try to convert binary digest to hexadecimal strings outside and =

compare it with what is generated by the command-line tool. And I find =
they are different. The strange thing is that the thumbprint generated =
by my X509_digest begins with zero. That may be something wrong. Is it?
>=20


What's wrong with zero? The raw digest is a set of pseudo-random bytes,
of none of the bytes or nibbles were ever zero, that would be strong
evidence that the hash is flawed.

You have not posted the relevant code, and your problem descriptions
are vague. If you want help you need to post clear problem descriptions
and a complete example constiting of a cert.pem file and code with
working Makefile that computes the "wrong" digest for the certificate
(different from what is reported by "openssl x509 -sha1 -fingerprint
-noout -in cert.pem").

--=20
Viktor.
__________________________________________________ ____________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majordomo@openssl.org
__________________________________________________ ____________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majordomo@openssl.org