Ticket Change Details
Overview

Artifact ID: 0edacaae407f2576ce8c96d6f4aef186f9843b3542473b19d74b50f6e866f2b0
Ticket: c2f2f1be542937dcfe9ba89c7f12190e5fed9f70
Expose SHA-256 fingerprint of certificate
User & Date: anonymous on 2020-02-12 13:30:14
Changes

  1. icomment:
    TclTLS already provides a way to access a certificate's SHA-1 fingerprint. It would be helpful if the same could be done for SHA-256, for example like this:
    
    <pre>Index: tlsX509.c
    ==================================================================
    --- tlsX509.c
    +++ tlsX509.c
    @@ -103,14 +103,17 @@
         char certStr[CERT_STR_SIZE], *certStr_p;
         int certStr_len, toRead;
     #ifndef NO_SSL_SHA
         int shai;
         char sha_hash_ascii[SHA_DIGEST_LENGTH * 2 + 1];
    +    char sha256_hash_ascii[SHA256_DIGEST_LENGTH * 2 + 1];
         unsigned char sha_hash_binary[SHA_DIGEST_LENGTH];
    +    unsigned char sha256_hash_binary[SHA256_DIGEST_LENGTH];
         const char *shachars="0123456789ABCDEF";
     
         sha_hash_ascii[SHA_DIGEST_LENGTH * 2] = '\0';
    +    sha256_hash_ascii[SHA256_DIGEST_LENGTH * 2] = '\0';
     #endif
     
         certStr[0] = 0;
         if ((bio = BIO_new(BIO_s_mem())) == NULL) {
            subject[0] = 0;
    @@ -172,10 +175,18 @@
             sha_hash_ascii[shai * 2 + 1] = shachars[(sha_hash_binary[shai] & 0x0F)];
         }
         Tcl_ListObjAppendElement( interp, certPtr, Tcl_NewStringObj("sha1_hash", -1) );
         Tcl_ListObjAppendElement( interp, certPtr, Tcl_NewStringObj(sha_hash_ascii, SHA_DIGEST_LENGTH * 2) );
     
    +    X509_digest(cert, EVP_sha256(), sha256_hash_binary, NULL);
    +    for (shai = 0; shai < SHA256_DIGEST_LENGTH; shai++) {
    +        sha256_hash_ascii[shai * 2]     = shachars[(sha256_hash_binary[shai] & 0xF0) >> 4];
    +        sha256_hash_ascii[shai * 2 + 1] = shachars[(sha256_hash_binary[shai] & 0x0F)];
    +    }
    +    Tcl_ListObjAppendElement( interp, certPtr, Tcl_NewStringObj("sha256_hash", -1) );
    +    Tcl_ListObjAppendElement( interp, certPtr, Tcl_NewStringObj(sha256_hash_ascii, SHA256_DIGEST_LENGTH * 2) );
    +
     #endif
         Tcl_ListObjAppendElement( interp, certPtr,
                Tcl_NewStringObj( "subject", -1) );
         Tcl_ListObjAppendElement( interp, certPtr,
                Tcl_NewStringObj( subject, -1) );</pre>
    
  2. login: "anonymous"
  3. mimetype: "text/html"
  4. private_contact changed to: "55af5b17739ede24263824fc10fcbe137d8a5b07"
  5. severity changed to: "Important"
  6. status changed to: "Open"
  7. title changed to: "Expose SHA-256 fingerprint of certificate"
  8. type changed to: "Feature Request"