> This page is helpful as well: > http://en.wikipedia.org/wiki/X.509 > > Under "Structure of a certificate", it shows that a > certificate consists of > an inner certificate (sometimes called the TBS certificate), > followed by the > certificate signature algorithm and the signature itself. The > signature is > on the hash of the data in the inner certificate object (not > include its > type and length bytes).
Thanks, I've been using that page pretty extensively as a reference too and I have to say that it is definitely one of the clearest explanations I've seen. I think that my problem has been that I've been including the outer type and length bytes when I hash the 'data'. The WP page implies that, but in the addled state that my brain's been in for the past day or two while looking at all the RFCs, commentaries, and so on, I overlooked it. Thanks, Anthony. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
