0x2620/openmedialibrary
1
0
Fork 0
Code Issues 131 Pull requests Releases Wiki Activity

support longer tls fingerprints

Browse source
This commit is contained in:
j 2014-09-06 01:44:17 +02:00
parent 2e09464c4d
commit c3441c8a10
2 changed files with 10 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
oml/node/cert.py
View file

@ -13,7 +13,7 @@ def get_fingerprint():
with open(settings.ssl_cert_path) as fd: with open(settings.ssl_cert_path) as fd:
data = fd.read() data = fd.read()
cert = OpenSSL.crypto.load_certificate(OpenSSL.crypto.FILETYPE_PEM, data) cert = OpenSSL.crypto.load_certificate(OpenSSL.crypto.FILETYPE_PEM, data)
return hashlib.sha1(OpenSSL.crypto.dump_certificate(OpenSSL.crypto.FILETYPE_ASN1, cert)).hexdigest() return hashlib.sha256(OpenSSL.crypto.dump_certificate(OpenSSL.crypto.FILETYPE_ASN1, cert)).hexdigest()
def generate_ssl(): def generate_ssl():
key = OpenSSL.crypto.PKey() key = OpenSSL.crypto.PKey()

10
oml/ssl_request.py
View file

@ -30,7 +30,15 @@ class CertValidatingHTTPSConnection(httplib.HTTPConnection):
self.cert_reqs = ssl.CERT_NONE self.cert_reqs = ssl.CERT_NONE
def _ValidateCertificateFingerprint(self, cert): def _ValidateCertificateFingerprint(self, cert):
fingerprint = hashlib.sha1(cert).hexdigest() if len(self.fingerprint) == 40:
fingerprint = hashlib.sha1(cert).hexdigest()
elif len(self.fingerprint) == 64:
fingerprint = hashlib.sha256(cert).hexdigest()
elif len(self.fingerprint) == 128:
fingerprint = hashlib.sha512(cert).hexdigest()
else:
logging.error('unkown fingerprint length %s (%s)', self.fingerprint, len(self.fingerprint))
return False
return fingerprint == self.fingerprint return fingerprint == self.fingerprint
def connect(self): def connect(self):