2024-06-28
| ||
22:44 | • Closed ticket [c2f2f1be54]: Expose SHA-256 fingerprint of certificate plus 5 other changes artifact: 14aa05b28d user: bohagan | |
2020-02-12
| ||
13:30 | • New ticket [c2f2f1be54]. artifact: 0edacaae40 user: anonymous | |
Ticket Hash: | c2f2f1be542937dcfe9ba89c7f12190e5fed9f70 | |||
Title: | Expose SHA-256 fingerprint of certificate | |||
Status: | Closed | Type: | Feature Request | |
Severity: | Important | Priority: | Immediate | |
Subsystem: | Resolution: | Fixed | ||
Last Modified: | 2024-06-28 22:44:54 | |||
Version Found In: | ||||
User Comments: | ||||
anonymous added on 2020-02-12 13:30:14:
TclTLS already provides a way to access a certificate's SHA-1 fingerprint. It would be helpful if the same could be done for SHA-256, for example like this: Index: tlsX509.c ================================================================== --- tlsX509.c +++ tlsX509.c @@ -103,14 +103,17 @@ char certStr[CERT_STR_SIZE], *certStr_p; int certStr_len, toRead; #ifndef NO_SSL_SHA int shai; char sha_hash_ascii[SHA_DIGEST_LENGTH * 2 + 1]; + char sha256_hash_ascii[SHA256_DIGEST_LENGTH * 2 + 1]; unsigned char sha_hash_binary[SHA_DIGEST_LENGTH]; + unsigned char sha256_hash_binary[SHA256_DIGEST_LENGTH]; const char *shachars="0123456789ABCDEF"; sha_hash_ascii[SHA_DIGEST_LENGTH * 2] = '\0'; + sha256_hash_ascii[SHA256_DIGEST_LENGTH * 2] = '\0'; #endif certStr[0] = 0; if ((bio = BIO_new(BIO_s_mem())) == NULL) { subject[0] = 0; @@ -172,10 +175,18 @@ sha_hash_ascii[shai * 2 + 1] = shachars[(sha_hash_binary[shai] & 0x0F)]; } Tcl_ListObjAppendElement( interp, certPtr, Tcl_NewStringObj("sha1_hash", -1) ); Tcl_ListObjAppendElement( interp, certPtr, Tcl_NewStringObj(sha_hash_ascii, SHA_DIGEST_LENGTH * 2) ); + X509_digest(cert, EVP_sha256(), sha256_hash_binary, NULL); + for (shai = 0; shai < SHA256_DIGEST_LENGTH; shai++) { + sha256_hash_ascii[shai * 2] = shachars[(sha256_hash_binary[shai] & 0xF0) >> 4]; + sha256_hash_ascii[shai * 2 + 1] = shachars[(sha256_hash_binary[shai] & 0x0F)]; + } + Tcl_ListObjAppendElement( interp, certPtr, Tcl_NewStringObj("sha256_hash", -1) ); + Tcl_ListObjAppendElement( interp, certPtr, Tcl_NewStringObj(sha256_hash_ascii, SHA256_DIGEST_LENGTH * 2) ); + #endif Tcl_ListObjAppendElement( interp, certPtr, Tcl_NewStringObj( "subject", -1) ); Tcl_ListObjAppendElement( interp, certPtr, Tcl_NewStringObj( subject, -1) ); bohagan added on 2024-06-28 22:44:54: This has been implemented in commit [3f9e284b4e924730]. |