[DoT] Displays public key. Addresses #12 #15

b27e06b9 · Stephane Bortzmeyer · db0f03bc · b27e06b9
Commit b27e06b9 authored Dec 05, 2019 by Stephane Bortzmeyer
--- a/homer.py
+++ b/homer.py
@@ -29,6 +29,8 @@ import socket
 import ctypes
 import re
 import os.path
+import hashlib
+import base64

 # Values that can be changed from the command line
 dot = False # DoH by default
@@ -172,6 +174,8 @@ class Connection:
        if not self.dot:
            self.post = post
            self.head = head
+        if self.dot:
+            self.hasher = hashlib.sha256()
        self.verbose = verbose
        self.insecure = insecure
        if self.dot:
@@ -198,6 +202,14 @@ class Connection:
            # TODO We may here have exceptions such as OpenSSL.SSL.ZeroReturnError
            self.session.do_handshake()
            self.cert = self.session.get_peer_certificate()
+            # RFC 7858, section 4.2 and appendix A
+            self.publickey = self.cert.get_pubkey()
+            if verbose:
+                self.hasher.update(OpenSSL.crypto.dump_publickey(OpenSSL.crypto.FILETYPE_ASN1,
+                                                      self.publickey))
+                self.digest = self.hasher.digest()
+                print("Public key is pin-sha256=\"%s\"" % \
+                      base64.standard_b64encode(self.digest).decode())
            if not insecure:
                valid = validate_hostname(check, self.cert)
                if not valid: