support longer tls fingerprints

This commit is contained in:
j 2014-09-06 01:44:17 +02:00
parent 2e09464c4d
commit c3441c8a10
2 changed files with 10 additions and 2 deletions

View file

@ -13,7 +13,7 @@ def get_fingerprint():
with open(settings.ssl_cert_path) as fd: with open(settings.ssl_cert_path) as fd:
data = fd.read() data = fd.read()
cert = OpenSSL.crypto.load_certificate(OpenSSL.crypto.FILETYPE_PEM, data) cert = OpenSSL.crypto.load_certificate(OpenSSL.crypto.FILETYPE_PEM, data)
return hashlib.sha1(OpenSSL.crypto.dump_certificate(OpenSSL.crypto.FILETYPE_ASN1, cert)).hexdigest() return hashlib.sha256(OpenSSL.crypto.dump_certificate(OpenSSL.crypto.FILETYPE_ASN1, cert)).hexdigest()
def generate_ssl(): def generate_ssl():
key = OpenSSL.crypto.PKey() key = OpenSSL.crypto.PKey()

View file

@ -30,7 +30,15 @@ class CertValidatingHTTPSConnection(httplib.HTTPConnection):
self.cert_reqs = ssl.CERT_NONE self.cert_reqs = ssl.CERT_NONE
def _ValidateCertificateFingerprint(self, cert): def _ValidateCertificateFingerprint(self, cert):
if len(self.fingerprint) == 40:
fingerprint = hashlib.sha1(cert).hexdigest() fingerprint = hashlib.sha1(cert).hexdigest()
elif len(self.fingerprint) == 64:
fingerprint = hashlib.sha256(cert).hexdigest()
elif len(self.fingerprint) == 128:
fingerprint = hashlib.sha512(cert).hexdigest()
else:
logging.error('unkown fingerprint length %s (%s)', self.fingerprint, len(self.fingerprint))
return False
return fingerprint == self.fingerprint return fingerprint == self.fingerprint
def connect(self): def connect(self):