arduino/esp8266
1
0
Fork 0
mirror of https://github.com/esp8266/Arduino.git synced 2025-08-17 06:42:21 +03:00
Code Activity

Add support for verifying SHA-256 hash of Subject Public Key Info (#31)

Browse Source 
For HTTP public key pinning (RFC7469), the SHA-256 hash of the Subject
Public Key Info (which usually only changes when the public key
changes) is used rather than the SHA-1 hash of the entire certificate
(which will change on each certificate renewal).
This commit is contained in:
silbe
2017-02-19 03:29:31 +01:00
committed by Ivan Grokhotkov
parent d768568ae7
commit 993a29f2b2
4 changed files with 46 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
ssl/ssl.h
View File

@@ -416,6 +416,15 @@ EXP_FUNC int STDCALL ssl_verify_cert(const SSL *ssl);
*/
EXP_FUNC int STDCALL ssl_match_fingerprint(const SSL *ssl, const uint8_t* fp);
/**
* @brief Check if SHA256 hash of Subject Public Key Info matches the one given.
*
* @param ssl [in] An SSL object reference.
* @param fp [in] SHA256 hash to match against
* @return SSL_OK if the certificate is verified.
*/
EXP_FUNC int STDCALL ssl_match_spki_sha256(const SSL *ssl, const uint8_t* hash);
/**
* @brief Retrieve an X.509 distinguished name component.
*