nokachi
Reputation: 1
How to get a SHA-1 digest of a X509 certificate with HsOpenSSL?
I'm writing a web server that accepts SSL connections and calculate a SHA-1 hash of client certificates:
import OpenSSL (withOpenSSL)
import OpenSSL.Session as SSL
import OpenSSL.X509 as X509
import OpenSSL.EVP.Digest as EVP
sslStuff :: SSL.SSL -> IO String
sslStuff ssl = withOpenSSL $ do
x509 <- liftM fromJust $ SSL.getPeerCertificate ssl
issuer <- X509.getIssuerName x509 False
subj <- X509.getSubjectName x509 False
putStrLn $ "\tsubject: " ++show subj
putStrLn $ "\tissuer: " ++show issuer
dg <- liftM fromJust $ EVP.getDigestByName "SHA1"
cert <- X509.printX509 x509
putStrLn cert
let s = EVP.digest dg cert
putStrLn $ "After Digest: "++s
return s
I successfully get the certificate, but the digest is only 15 bytes long instead of 20. I'm not sure I correctly convert the cert to a string before passing it to EVP.digest. Could anyone please give me an example of how to do it the right way?
Upvotes: 0
Views: 965
Answers (1)
doptimusprime
Reputation: 9415
I do not know Haskell. But following code might help you.
X509 * x509;
char sha1dig[SHA1_DIGEST_LENGTH];
/*Get X509 certificate in x509*/
//Call X509_check_purpose to set SHA1 hash.
X509_check_purpose (x509, -1, 0);
//Get the SHA1 hash into buffer. Use x509->sha1_hash
memcpy(sha1dig, x509->sha1_hash, SHA1_DIGEST_LENGTH);
I believe that my comments will help you convert this program to convert to Haskell.
Upvotes: 1
Related Questions
- Generating HMAC::SHA256.hexdigest in Haskell
- How to use OpenSSL to generate SHARSA1 base64 signature
- SHA1 encoding in Haskell
- Haskell Crypto.Hash.SHA256 Output
- Getting Message Digest from SHA1 message
- SHA-1 in haskell producing wrong hashes
- HsOpenSSL segfaults on OS X
- Proper use of the HsOpenSSL API to implement a TLS Server
- How to compute RSA-SHA1(sha1WithRSAEncryption) value with OpenSSL
- Extraction of sha1 from X.509 openssl certificate in Java