arduino/esp8266
1
0
Fork 0
mirror of https://github.com/esp8266/Arduino.git synced 2025-10-16 22:27:59 +03:00
Code Activity

Add support for verifying SHA-256 hash of Subject Public Key Info (#31)

Browse Source 
For HTTP public key pinning (RFC7469), the SHA-256 hash of the Subject
Public Key Info (which usually only changes when the public key
changes) is used rather than the SHA-1 hash of the entire certificate
(which will change on each certificate renewal).
This commit is contained in:
silbe
2017-02-19 03:29:31 +01:00
committed by Ivan Grokhotkov
parent d768568ae7
commit 993a29f2b2
4 changed files with 46 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
ssl/tls1.c
View File

@@ -2210,6 +2210,25 @@ EXP_FUNC int STDCALL ssl_match_fingerprint(const SSL *ssl, const uint8_t* fp)
return res;
}
EXP_FUNC int STDCALL ssl_match_spki_sha256(const SSL *ssl, const uint8_t* hash)
{
if (ssl->x509_ctx == NULL || ssl->x509_ctx->spki_sha256 == NULL)
return 1;
int res = memcmp(ssl->x509_ctx->spki_sha256, hash, SHA256_SIZE);
if (res != 0) {
printf("cert SPKI SHA-256 hash: ");
for (int i = 0; i < SHA256_SIZE; ++i) {
printf("%02X ", ssl->x509_ctx->spki_sha256[i]);
}
printf("\r\ntest hash: ");
for (int i = 0; i < SHA256_SIZE; ++i) {
printf("%02X ", hash[i]);
}
printf("\r\n");
}
return res;
}
#endif /* CONFIG_SSL_CERT_VERIFICATION */
/**