No. I try to convert binary digest to hexadecimal strings outside and compare it with what is generated by the command-line tool. And I find they are different. The strange thing is that the thumbprint generated by my X509_digest begins with zero. That may be something wrong. Is it?
Liang -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Victor Duchovni Sent: 2008年1月17日 9:25 To: openssl-users@openssl.org Subject: Re: About certificate sha1 thumbprint On Thu, Jan 17, 2008 at 09:11:01AM +0800, Hou, LiangX wrote: > I used "openssl dgst -sha1". Is there anything wrong with my code? Is it > right to get certificate object by using "X509 *cert = ctx->cert;" in this > case? You have not shown sufficient code for reasonable conclusions to be made. A simple error could be that you are comparing the ASCII digest "xx:xx:..." with the binary digest generation by X509_digest(). The command-line tool just calls X509_digest() and converts the result to ASCII hex format. Not surprisingly, this agrees with calculations done in C-code in other applications. -- Viktor. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
