Viktor, Thank you for your help. I am using curl in a project actually. And I want to configure curl to do my custom authentication job. I am going to write an independent code and post it up with my cert. But before that I'd like to ask you whether it is caused by my cert. The cert looks like the following. I put certificate and private key together in a single file named "servercert.pem". Is it a correct or legal cert.pem file? -----BEGIN CERTIFICATE----- MIICYTCCAcoCCQCqu277Z+VLYTANBgkqhkiG9w0BAQUFADB1MQswCQYDVQQGEwJj bjELMAkGA1UEBxMCc2gxDjAMBgNVBAoTBWludGVsMRAwDgYDVQQLEwdTU0ctT1RD MRIwEAYDVQQDEwl3c21hbi1kZXYxIzAhBgkqhkiG9w0BCQEWFGxpYW5neC5ob3VA aW50ZWwuY29tMB4XDTA3MTEyMjA3NTU1NFoXDTA4MTEyMTA3NTU1NFowdTELMAkG A1UEBhMCY24xCzAJBgNVBAcTAnNoMQ4wDAYDVQQKEwVpbnRlbDEQMA4GA1UECxMH U1NHLU9UQzESMBAGA1UEAxMJd3NtYW4tZGV2MSMwIQYJKoZIhvcNAQkBFhRsaWFu Z3guaG91QGludGVsLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAoqY7 clxwXVbZeZLj3KGSSwqGR5nzHS7YGIWq/TOlkcGqD7HDtkkasFxTCSDC+isYjR5a SBVT6O6PeQiaGJH92lH18GsEYcP1A97+fQkRr4iQTOUiCRa9KQzT4oD40DQ68riV COjZ4hM3W9VIO9HcA8BXW6WVQYaz6GMl+Jzx6mECAwEAATANBgkqhkiG9w0BAQUF AAOBgQBFnLDfS+fE061exGM+NvCFsL+DcMgHsV4SM9WglEm8IbxzQbV5WFx8yYG6 1r3nCr2ufyVKMCVq53ps7cc7u7hKVUrymDhe1zd0eARjq3mLrZDWzsYlq8AmkhWp A4TZ2maCeRStdeuAA8fXthmI5QqfAyQ7TGRwhWGvfBNW3zTNog== -----END CERTIFICATE----- -----BEGIN RSA PRIVATE KEY----- MIICXgIBAAKBgQCipjtyXHBdVtl5kuPcoZJLCoZHmfMdLtgYhar9M6WRwaoPscO2 SRqwXFMJIML6KxiNHlpIFVPo7o95CJoYkf3aUfXwawRhw/UD3v59CRGviJBM5SIJ Fr0pDNPigPjQNDryuJUI6NniEzdb1Ug70dwDwFdbpZVBhrPoYyX4nPHqYQIDAQAB AoGBAI1SIE7ScLM5FgajEacPH9xhzaCC7BDMNejAo3wTFuYZPlkanLFSvYTFA0To GWFidpeO6uS820aFmVWRmsqEduqLOBIwiYbVEGEPzP/uPmskacqVkybo0NRRwDJE t0xJoLhG4lKZwmF63DAUShYUldWEebUPlvPj/iEYLkLZZrpRAkEAzQpHnaPV3Qj9 Znz73z72/VqxVKUZBVLKkJXiiCdT3b4MSum+eWHlUllr4yYngKpzLtOcPCI+9iz0 FdESKfkjLQJBAMsS1Ct13jh4DZK6qhUVMWKWGpkyi3sZABhRYqdKUTcW+A/5vAYl wB5UfWNdvY5AG6D1/+bYC3UUp5XtT0FDtIUCQDJQfXZvh8FvvU7zCJOlzdIp+S3+ PX+S62ZDgY1LqUbWpgmUBkue/DkS/GiHKlZmfVFWWBZhiPW73kGkRkLKghkCQQCW v1F1ObhO3v/kbmEX6XWRo6/3DYhxRuvFIZVEbmy/onNfGJo1TgzB9yJlgw7V7E0W PcdLjBFlRoHpUBLHdgUpAkEAhNLyWjZDtYSyd7C5Qj9qcp1wJ0LY+28HutbBSxkA aiUEtNQef4ReO4odK5cO4WZ1M86EHpkiHSPbY0gdagkKWQ== -----END RSA PRIVATE KEY-----
-----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Victor Duchovni Sent: 2008年1月17日 11:30 To: openssl-users@openssl.org Subject: Re: About certificate sha1 thumbprint On Thu, Jan 17, 2008 at 10:14:28AM +0800, Hou, LiangX wrote: > No. I try to convert binary digest to hexadecimal strings outside and compare > it with what is generated by the command-line tool. And I find they are > different. The strange thing is that the thumbprint generated by my > X509_digest begins with zero. That may be something wrong. Is it? > What's wrong with zero? The raw digest is a set of pseudo-random bytes, of none of the bytes or nibbles were ever zero, that would be strong evidence that the hash is flawed. You have not posted the relevant code, and your problem descriptions are vague. If you want help you need to post clear problem descriptions and a complete example constiting of a cert.pem file and code with working Makefile that computes the "wrong" digest for the certificate (different from what is reported by "openssl x509 -sha1 -fingerprint -noout -in cert.pem"). -- Viktor. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
