This is the code I used:
(after the generate function code shown earlier in this thread - I have an m_pX509) - this is what I do with it:
m_strPEMText = X509ToPEM(m_pX509);
m_strFingerprint = GetSHAFingerprint(m_pX509);
::MessageBox(NULL, m_strFingerprint, "ORIGINAL FINGERPRINT", MB_OK);
m_strFingerprint = GetSHAFingerprint(m_pX509);
::MessageBox(NULL, m_strFingerprint, "ORIGINAL FINGERPRINT", MB_OK);
// create the same cert by reading it from PEM:
X509 * pSame = X509FromPEM(m_strPEMText);
::MessageBox(NULL, GetSHAFingerprint(pSame), "FINGERPRINT OF WROTE OUT, READ IN", MB_OK);
::MessageBox(NULL, GetSHAFingerprint(pSame), "FINGERPRINT OF WROTE OUT, READ IN", MB_OK);
CString CMyCertificate::GetSHAFingerprint(X509 * pX509)
{
unsigned char fp[20];
unsigned int nFPLength = 20;
if(!X509_digest(pX509, EVP_sha1(), fp, &nFPLength))
return "";
{
unsigned char fp[20];
unsigned int nFPLength = 20;
if(!X509_digest(pX509, EVP_sha1(), fp, &nFPLength))
return "";
m_strFingerprint = "";
CString strTemp;
for(unsigned int i = 0; i < nFPLength; i++)
{
strTemp.Format("%02x", (0xff & fp[i]));
m_strFingerprint += strTemp;
if(i != (nFPLength-1))
m_strFingerprint += ":";
}
for(unsigned int i = 0; i < nFPLength; i++)
{
strTemp.Format("%02x", (0xff & fp[i]));
m_strFingerprint += strTemp;
if(i != (nFPLength-1))
m_strFingerprint += ":";
}
return m_strFingerprint;
}
}
X509 * CMyCertificate::X509FromPEM(CString strPEM)
{
BIO * pMem = BIO_new_mem_buf((LPSTR)(LPCSTR)strPEM, -1);
BIO_seek(pMem, 0);
X509 * pResult = PEM_read_bio_X509(pMem, NULL, NULL, NULL);
CMySecurityBox::PrintAnyErrors();
BIO_free(pMem);
return pResult;
}
{
BIO * pMem = BIO_new_mem_buf((LPSTR)(LPCSTR)strPEM, -1);
BIO_seek(pMem, 0);
X509 * pResult = PEM_read_bio_X509(pMem, NULL, NULL, NULL);
CMySecurityBox::PrintAnyErrors();
BIO_free(pMem);
return pResult;
}
CString CMyCertificate::X509ToPEM(X509 * pX509)
{
BIO * pMem = BIO_new(BIO_s_mem());
{
BIO * pMem = BIO_new(BIO_s_mem());
if(!PEM_write_bio_X509(pMem, pX509))
{
BIO_free(pMem);
return ""; // failure
}
{
BIO_free(pMem);
return ""; // failure
}
CString S = "";
CString strTemp;
BIO_seek(pMem, 0);
char pData[4096];
int nLengthRead;
while((nLengthRead = BIO_read(pMem,pData,4096)) != -1)
{
strTemp = pData;
strTemp = strTemp.Mid(0, nLengthRead);
S += strTemp;
}
return S;
}
CString strTemp;
BIO_seek(pMem, 0);
char pData[4096];
int nLengthRead;
while((nLengthRead = BIO_read(pMem,pData,4096)) != -1)
{
strTemp = pData;
strTemp = strTemp.Mid(0, nLengthRead);
S += strTemp;
}
return S;
}
"Dr. Stephen Henson" <[EMAIL PROTECTED]> wrote:
On Sun, Oct 23, 2005, M G wrote:
> Hi Dr. Henson,
>
> Thanks in advance for taking a look: Here is my code that creates the certificate (I removed the checks on return values - they were fine)
>
> m_pX509 = X509_new();
>
> X509_set_version(m_pX509, 2);
> X509_gmtime_adj(X509_get_notBefore(m_pX509),0);
> X509_gmtime_adj(X509_get_notAfter(m_pX509), (long)60*60*24*nDaysValid);
> X509_set_pubkey(m_pX509, pEVP);
>
> X509_NAME * pName = X509_get_subject_name(m_pX509);
> X509_NAME_add_entry_by_txt(pName, "C", MBSTRING_ASC,szC,-1,-1,0);
> X509_NAME_add_entry_by_txt(pName, "C", MBSTRING_ASC,szO,-1,-1,0);
> X509_NAME_add_entry_by_txt(pName,"CN",MBSTRING_ASC,szCN,-1,-1,0);
>
> // self signed:
> X509_set_issuer_name(m_pX509, pName);
>
> X509_sign(m_pX509, pEVP, EVP_sha1());
>
> That is all I do... Am I missing something important?
>
> Thank you very much!
>
After adding a couple of lines of code to print out the digest of the
certificate and dump it as DER I still get exactly the same results.
What code are you using to produce the digest?
Steve.
--
Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage
OpenSSL project core developer and freelance consultant.
Funding needed! Details on homepage.
Homepage: http://www.drh-consultancy.demon.co.uk
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
Find your next car at Yahoo! Canada Autos
