Hi Dr. Henson, You were wondering what code I used to produce the digest: I used my X509 certificate to get the fingerprint with GetSHAFingerprint() - then I wrote the X509 to PEM, then I read it back and called GetSHAFingerprint() again and received a different fingerprint. Is this supposed to happen? This is the code that I used:
// any existing X509 cert: m_strPEMText = X509ToPEM(m_pX509); m_strFingerprint = GetSHAFingerprint(m_pX509); ::MessageBox(NULL, m_strFingerprint, "ORIGINAL FINGERPRINT", MB_OK); X509 * pSame = X509FromPEM(m_strPEMText); ::MessageBox(NULL, GetSHAFingerprint(pSame), "FINGERPRINT OF WROTE OUT, READ IN", MB_OK); //THE FUNCTIONS: CString CMyCertificate::GetSHAFingerprint(X509 * pX509) { unsigned char fp[20]; unsigned int nFPLength = 20; if(!X509_digest(pX509, EVP_sha1(), fp, &nFPLength)) return ""; m_strFingerprint = ""; CString strTemp; for(unsigned int i = 0; i < nFPLength; i++) { strTemp.Format("%02x", (0xff & fp[i])); m_strFingerprint += strTemp; if(i != (nFPLength-1)) m_strFingerprint += ":"; } return m_strFingerprint; } X509 * CMyCertificate::X509FromPEM(CString strPEM) { BIO * pMem = BIO_new_mem_buf((LPSTR)(LPCSTR)strPEM, -1); BIO_seek(pMem, 0); X509 * pResult = PEM_read_bio_X509(pMem, NULL, NULL, NULL); CMySecurityBox::PrintAnyErrors(); BIO_free(pMem); return pResult; } CString CMyCertificate::X509ToPEM(X509 * pX509) { BIO * pMem = BIO_new(BIO_s_mem()); if(!PEM_write_bio_X509(pMem, pX509)) { BIO_free(pMem); return ""; // failure } CString S = ""; CString strTemp; BIO_seek(pMem, 0); char pData[4096]; int nLengthRead; while((nLengthRead = BIO_read(pMem,pData,4096)) != -1) { strTemp = pData; strTemp = strTemp.Mid(0, nLengthRead); S += strTemp; } return S; } --- "Dr. Stephen Henson" <[EMAIL PROTECTED]> wrote: > On Sun, Oct 23, 2005, M G wrote: > > > Hi Dr. Henson, > > > > Thanks in advance for taking a look: Here is my > code that creates the certificate (I removed the > checks on return values - they were fine) > > > > m_pX509 = X509_new(); > > > > X509_set_version(m_pX509, 2); > > X509_gmtime_adj(X509_get_notBefore(m_pX509),0); > > X509_gmtime_adj(X509_get_notAfter(m_pX509), > (long)60*60*24*nDaysValid); > > X509_set_pubkey(m_pX509, pEVP); > > > > X509_NAME * pName = > X509_get_subject_name(m_pX509); > > X509_NAME_add_entry_by_txt(pName, "C", > MBSTRING_ASC,szC,-1,-1,0); > > X509_NAME_add_entry_by_txt(pName, "C", > MBSTRING_ASC,szO,-1,-1,0); > > > X509_NAME_add_entry_by_txt(pName,"CN",MBSTRING_ASC,szCN,-1,-1,0); > > > > // self signed: > > X509_set_issuer_name(m_pX509, pName); > > > > X509_sign(m_pX509, pEVP, EVP_sha1()); > > > > That is all I do... Am I missing something > important? > > > > Thank you very much! > > > > After adding a couple of lines of code to print out > the digest of the > certificate and dump it as DER I still get exactly > the same results. > > What code are you using to produce the digest? > > Steve. > -- > Dr Stephen N. Henson. Email, S/MIME and PGP keys: > see homepage > OpenSSL project core developer and freelance > consultant. > Funding needed! Details on homepage. > Homepage: http://www.drh-consultancy.demon.co.uk > ______________________________________________________________________ > OpenSSL Project > http://www.openssl.org > User Support Mailing List > openssl-users@openssl.org > Automated List Manager > [EMAIL PROTECTED] > __________________________________________________________ Find your next car at http://autos.yahoo.ca ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]