support longer tls fingerprints

2014-09-06 01:44:17 +02:00 · 2014-09-06 01:44:17 +02:00 · c3441c8a10
commit c3441c8a10
parent 2e09464c4d
2 changed files with 10 additions and 2 deletions
--- a/oml/ssl_request.py
+++ b/oml/ssl_request.py
@ -30,7 +30,15 @@ class CertValidatingHTTPSConnection(httplib.HTTPConnection):
        self.cert_reqs = ssl.CERT_NONE

    def _ValidateCertificateFingerprint(self, cert):
-        fingerprint = hashlib.sha1(cert).hexdigest()
+        if len(self.fingerprint) == 40:
+            fingerprint = hashlib.sha1(cert).hexdigest()
+        elif len(self.fingerprint) == 64:
+            fingerprint = hashlib.sha256(cert).hexdigest()
+        elif len(self.fingerprint) == 128:
+            fingerprint = hashlib.sha512(cert).hexdigest()
+        else:
+            logging.error('unkown fingerprint length %s (%s)', self.fingerprint, len(self.fingerprint))
+            return False
        return fingerprint == self.fingerprint

    def connect(self):