On Wed, Jan 16, 2008, Hou, LiangX wrote: > Hi, all > > I am trying to define my own certificate verification function through > the API "SSL_CTX_set_cert_verify_callback". This own certificate > verification callback will > > check the thumbprint of the peer certificate. In this callback the > thumbprint of certificate is calculated through the API > > "X509_digest(const X509 *data, const EVP_MD *type, unsigned char *md, > unsigned int *len)". And the param of "data" to pass in is > X509_STORE_CTX::cert. > > I found the calculated result digest was different from what was > calucated by openssl command line. Is there something wrong with my > code? It looks like the following. >
What command line are you using to output the thumbprint? By default it uses md5, you need the -sha1 option to use SHA1. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Homepage: http://www.drh-consultancy.demon.co.uk ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
