Hi, all,
Sorry to interrupt. I had put this thread to [EMAIL PROTECTED]
but it seemed that I could not get this ticket from
[EMAIL PROTECTED] So there may be something wrong with it. So I
am trying this mailing list instead and hope some of you can help me.
I am trying to define my own certificate verification function through
the API "SSL_CTX_set_cert_verify_callback". This own certificate
verification callback will
check the thumbprint of the peer certificate. In this callback the
thumbprint of certificate is calculated through the API
"X509_digest(const X509 *data, const EVP_MD *type, unsigned char *md,
unsigned int *len)". And the param of "data" to pass in is
X509_STORE_CTX::cert.
I found the calculated result digest was different from what was
calculated by openssl command line tool. Is there something wrong with
my code? It looks like the following.
static int ssl_certificate_thumbprint_verify_callback(X509_STORE_CTX
*ctx, void *arg)
{
unsigned char *thumbprint = (unsigned char *)arg;
X509 *cert = ctx->cert;
EVP_MD *tempDigest;
unsigned char tempFingerprint[EVP_MAX_MD_SIZE];
unsigned int tempFingerprintLen;
tempDigest = (EVP_MD*)EVP_sha1( );
if ( X509_digest(cert, tempDigest, tempFingerprint,
&tempFingerprintLen ) <= 0)
return 0;
if(!memcmp(tempFingerprint, thumbprint, tempFingerprintLen))
return 1;
return 0;
}
Thanks.
Liang
