> For some reason, the X509_NAME_hash function calculates a very different > hash for the server certificate: Ah. Have you mixed openssl versions? At one point the hashing changed from md5 to sha1. That would explain why specifying a directory works, but a specific file doesn't.