Hi Dr. Henson,
You were wondering what code I used to produce the
digest: I used my X509 certificate to get the
fingerprint with GetSHAFingerprint() - then I wrote
the X509 to PEM, then I read it back and called
GetSHAFingerprint() again and received a different
fingerprint. Is this supposed to happen? This is the
code that I used:
// any existing X509 cert:
m_strPEMText = X509ToPEM(m_pX509);
m_strFingerprint = GetSHAFingerprint(m_pX509);
::MessageBox(NULL, m_strFingerprint, "ORIGINAL
FINGERPRINT", MB_OK);
X509 * pSame = X509FromPEM(m_strPEMText);
::MessageBox(NULL, GetSHAFingerprint(pSame),
"FINGERPRINT OF WROTE OUT, READ IN", MB_OK);
//THE FUNCTIONS:
CString CMyCertificate::GetSHAFingerprint(X509 *
pX509)
{
unsigned char fp[20];
unsigned int nFPLength = 20;
if(!X509_digest(pX509, EVP_sha1(), fp, &nFPLength))
return "";
m_strFingerprint = "";
CString strTemp;
for(unsigned int i = 0; i < nFPLength; i++)
{
strTemp.Format("%02x", (0xff & fp[i]));
m_strFingerprint += strTemp;
if(i != (nFPLength-1))
m_strFingerprint += ":";
}
return m_strFingerprint;
}
X509 * CMyCertificate::X509FromPEM(CString strPEM)
{
BIO * pMem = BIO_new_mem_buf((LPSTR)(LPCSTR)strPEM,
-1);
BIO_seek(pMem, 0);
X509 * pResult = PEM_read_bio_X509(pMem, NULL, NULL,
NULL);
CMySecurityBox::PrintAnyErrors();
BIO_free(pMem);
return pResult;
}
CString CMyCertificate::X509ToPEM(X509 * pX509)
{
BIO * pMem = BIO_new(BIO_s_mem());
if(!PEM_write_bio_X509(pMem, pX509))
{
BIO_free(pMem);
return ""; // failure
}
CString S = "";
CString strTemp;
BIO_seek(pMem, 0);
char pData[4096];
int nLengthRead;
while((nLengthRead = BIO_read(pMem,pData,4096)) !=
-1)
{
strTemp = pData;
strTemp = strTemp.Mid(0, nLengthRead);
S += strTemp;
}
return S;
}
--- "Dr. Stephen Henson" <[EMAIL PROTECTED]> wrote:
> On Sun, Oct 23, 2005, M G wrote:
>
> > Hi Dr. Henson,
> >
> > Thanks in advance for taking a look: Here is my
> code that creates the certificate (I removed the
> checks on return values - they were fine)
> >
> > m_pX509 = X509_new();
> >
> > X509_set_version(m_pX509, 2);
> > X509_gmtime_adj(X509_get_notBefore(m_pX509),0);
> > X509_gmtime_adj(X509_get_notAfter(m_pX509),
> (long)60*60*24*nDaysValid);
> > X509_set_pubkey(m_pX509, pEVP);
> >
> > X509_NAME * pName =
> X509_get_subject_name(m_pX509);
> > X509_NAME_add_entry_by_txt(pName, "C",
> MBSTRING_ASC,szC,-1,-1,0);
> > X509_NAME_add_entry_by_txt(pName, "C",
> MBSTRING_ASC,szO,-1,-1,0);
> >
>
X509_NAME_add_entry_by_txt(pName,"CN",MBSTRING_ASC,szCN,-1,-1,0);
> >
> > // self signed:
> > X509_set_issuer_name(m_pX509, pName);
> >
> > X509_sign(m_pX509, pEVP, EVP_sha1());
> >
> > That is all I do... Am I missing something
> important?
> >
> > Thank you very much!
> >
>
> After adding a couple of lines of code to print out
> the digest of the
> certificate and dump it as DER I still get exactly
> the same results.
>
> What code are you using to produce the digest?
>
> Steve.
> --
> Dr Stephen N. Henson. Email, S/MIME and PGP keys:
> see homepage
> OpenSSL project core developer and freelance
> consultant.
> Funding needed! Details on homepage.
> Homepage: http://www.drh-consultancy.demon.co.uk
>
______________________________________________________________________
> OpenSSL Project
> http://www.openssl.org
> User Support Mailing List
> [email protected]
> Automated List Manager
> [EMAIL PROTECTED]
>
__________________________________________________________
Find your next car at http://autos.yahoo.ca
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [email protected]
Automated List Manager [EMAIL PROTECTED]
