Commit b27e06b9 authored by Stephane Bortzmeyer's avatar Stephane Bortzmeyer
Browse files

[DoT] Displays public key. Addresses #12 #15

parent db0f03bc
......@@ -29,6 +29,8 @@ import socket
import ctypes
import re
import os.path
import hashlib
import base64
# Values that can be changed from the command line
dot = False # DoH by default
......@@ -172,6 +174,8 @@ class Connection:
if not self.dot:
self.post = post
self.head = head
if self.dot:
self.hasher = hashlib.sha256()
self.verbose = verbose
self.insecure = insecure
if self.dot:
......@@ -198,6 +202,14 @@ class Connection:
# TODO We may here have exceptions such as OpenSSL.SSL.ZeroReturnError
self.session.do_handshake()
self.cert = self.session.get_peer_certificate()
# RFC 7858, section 4.2 and appendix A
self.publickey = self.cert.get_pubkey()
if verbose:
self.hasher.update(OpenSSL.crypto.dump_publickey(OpenSSL.crypto.FILETYPE_ASN1,
self.publickey))
self.digest = self.hasher.digest()
print("Public key is pin-sha256=\"%s\"" % \
base64.standard_b64encode(self.digest).decode())
if not insecure:
valid = validate_hostname(check, self.cert)
if not valid:
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment