support longer tls fingerprints
This commit is contained in:
parent
2e09464c4d
commit
c3441c8a10
2 changed files with 10 additions and 2 deletions
|
@ -13,7 +13,7 @@ def get_fingerprint():
|
||||||
with open(settings.ssl_cert_path) as fd:
|
with open(settings.ssl_cert_path) as fd:
|
||||||
data = fd.read()
|
data = fd.read()
|
||||||
cert = OpenSSL.crypto.load_certificate(OpenSSL.crypto.FILETYPE_PEM, data)
|
cert = OpenSSL.crypto.load_certificate(OpenSSL.crypto.FILETYPE_PEM, data)
|
||||||
return hashlib.sha1(OpenSSL.crypto.dump_certificate(OpenSSL.crypto.FILETYPE_ASN1, cert)).hexdigest()
|
return hashlib.sha256(OpenSSL.crypto.dump_certificate(OpenSSL.crypto.FILETYPE_ASN1, cert)).hexdigest()
|
||||||
|
|
||||||
def generate_ssl():
|
def generate_ssl():
|
||||||
key = OpenSSL.crypto.PKey()
|
key = OpenSSL.crypto.PKey()
|
||||||
|
|
|
@ -30,7 +30,15 @@ class CertValidatingHTTPSConnection(httplib.HTTPConnection):
|
||||||
self.cert_reqs = ssl.CERT_NONE
|
self.cert_reqs = ssl.CERT_NONE
|
||||||
|
|
||||||
def _ValidateCertificateFingerprint(self, cert):
|
def _ValidateCertificateFingerprint(self, cert):
|
||||||
|
if len(self.fingerprint) == 40:
|
||||||
fingerprint = hashlib.sha1(cert).hexdigest()
|
fingerprint = hashlib.sha1(cert).hexdigest()
|
||||||
|
elif len(self.fingerprint) == 64:
|
||||||
|
fingerprint = hashlib.sha256(cert).hexdigest()
|
||||||
|
elif len(self.fingerprint) == 128:
|
||||||
|
fingerprint = hashlib.sha512(cert).hexdigest()
|
||||||
|
else:
|
||||||
|
logging.error('unkown fingerprint length %s (%s)', self.fingerprint, len(self.fingerprint))
|
||||||
|
return False
|
||||||
return fingerprint == self.fingerprint
|
return fingerprint == self.fingerprint
|
||||||
|
|
||||||
def connect(self):
|
def connect(self):
|
||||||
|
|
Loading…
Reference in a new issue