使用openssl库获取x509证书哈希
[英]Get x509 certificate hash with openssl library
问题描述
I'm currently working on an app, which uses the openssl library (libcrypto) to generate certificates. 
我目前正在开发一个应用程序,它使用openssl库(libcrypto)来生成证书。 Now I have to get the hash of a already existing certificate. 现在我必须得到已经存在的证书的哈希值。
When I use my Terminal I am able to generate the hash value by using 当我使用终端时,我可以使用生成哈希值
openssl x509 -hash -in cert.pem -noout
Output: 01da0e2b
This is my code where I try t generate my hash value by using the library in C. 这是我的代码,我尝试使用C中的库生成我的哈希值。
X509 *cert = NULL;
FILE *fp = fopen(currentCert.UTF8String, "r");
PEM_read_X509(fp, &cert, NULL, NULL);
long hash = X509_subject_name_hash(cert);
char *mdString = malloc(sizeof(long));
sprintf(mdString, "%lx",hash);
printf(mdString);
Output: 1817886a
But actually my output is a different one. 但实际上我的输出是不同的。 Has anybody an idea what am I doing wrong ? 有谁知道我做错了什么?
2 个解决方案
解决方案1
4 已采纳 2015-05-06 03:31:56
But actually my output is a different one.
Here's how OpenSSL uses it... 以下是OpenSSL如何使用它......
$ cd openssl-1.0.2-src
$ grep -R X509_subject_name_hash *
apps/x509.c: BIO_printf(STDout, "%08lx\n", X509_subject_name_hash(x));
apps/x509.c: BIO_printf(STDout, "%08lx\n", X509_subject_name_hash_old(x));
crypto/x509/x509.h:unsigned long X509_subject_name_hash(X509 *x);
crypto/x509/x509.h:unsigned long X509_subject_name_hash_old(X509 *x);
crypto/x509/x509_cmp.c:unsigned long X509_subject_name_hash(X509 *x)
crypto/x509/x509_cmp.c:unsigned long X509_subject_name_hash_old(X509 *x)
...
Then, looking at apps/x509.c : 然后,查看apps/x509.c :
...
} else if (subject_hash == i) {
BIO_printf(STDout, "%08lx\n", X509_subject_name_hash(x));
}
...
And your declaration should be: 你的声明应该是:
unsigned long hash = X509_subject_name_hash(cert);
Then: 然后:
fprintf(stdout, "%08lx\n", hash);
Also, OpenSSL changed the way in calculates the subject hash sometime around OpenSSL 1.0.1. 此外,OpenSSL改变了在OpenSSL 1.0.1周围计算主题哈希的方式。 That's why there is an X509_subject_name_hash and X509_subject_name_hash_old . 这就是X509_subject_name_hash和X509_subject_name_hash_old 。
If you are using or comparing against OpenSSL 0.9.8 (on, say Mac OS X 10), then see Generate Subject Hash of X509Certificate in Java . 如果您正在使用或比较OpenSSL 0.9.8(在Mac OS X 10上),请参阅在Java中生成X509Certificate的主题散列 。 Though its Java, it details OpenSSL handling of the subject hash. 虽然它是Java,但它详细介绍了OpenSSL对主题哈希的处理。
解决方案2
3 2015-05-05 17:51:28
You are not allocating enough memory for the string, although I can't be sure that is the cause of your problem. 你没有为字符串分配足够的内存,虽然我不能确定这是你的问题的原因。
char *mdString = malloc(sizeof(long));
will allocate 4 bytes to the string, yet it clearly needs to hold 8 bytes plus a terminator, so I suggest 将为字符串分配4个字节,但它显然需要保持8个字节加一个终结符,所以我建议
char *mdString = malloc(sizeof(long)*2 + 1);
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.