From c3441c8a108eb3fd3addfc473de34eb034c117f5 Mon Sep 17 00:00:00 2001
From: j <j@mailb.org>
Date: Sat, 6 Sep 2014 01:44:17 +0200
Subject: [PATCH] support longer tls fingerprints

---
 oml/node/cert.py   |  2 +-
 oml/ssl_request.py | 10 +++++++++-
 2 files changed, 10 insertions(+), 2 deletions(-)

diff --git a/oml/node/cert.py b/oml/node/cert.py
index a820b14..7fac562 100644
--- a/oml/node/cert.py
+++ b/oml/node/cert.py
@@ -13,7 +13,7 @@ def get_fingerprint():
     with open(settings.ssl_cert_path) as fd:
         data = fd.read()
     cert = OpenSSL.crypto.load_certificate(OpenSSL.crypto.FILETYPE_PEM, data)
-    return hashlib.sha1(OpenSSL.crypto.dump_certificate(OpenSSL.crypto.FILETYPE_ASN1, cert)).hexdigest()
+    return hashlib.sha256(OpenSSL.crypto.dump_certificate(OpenSSL.crypto.FILETYPE_ASN1, cert)).hexdigest()
 
 def generate_ssl():
     key = OpenSSL.crypto.PKey()
diff --git a/oml/ssl_request.py b/oml/ssl_request.py
index 1ce8fcf..0cd4670 100644
--- a/oml/ssl_request.py
+++ b/oml/ssl_request.py
@@ -30,7 +30,15 @@ class CertValidatingHTTPSConnection(httplib.HTTPConnection):
         self.cert_reqs = ssl.CERT_NONE
 
     def _ValidateCertificateFingerprint(self, cert):
-        fingerprint = hashlib.sha1(cert).hexdigest()
+        if len(self.fingerprint) == 40:
+            fingerprint = hashlib.sha1(cert).hexdigest()
+        elif len(self.fingerprint) == 64:
+            fingerprint = hashlib.sha256(cert).hexdigest()
+        elif len(self.fingerprint) == 128:
+            fingerprint = hashlib.sha512(cert).hexdigest()
+        else:
+            logging.error('unkown fingerprint length %s (%s)', self.fingerprint, len(self.fingerprint))
+            return False
         return fingerprint == self.fingerprint
 
     def connect(self):