History Of Ticket c2f2f1be542937dc
Bounty program for improvements to Tcl and certain Tcl packages.

Artifacts Associated With Ticket c2f2f1be542937dc

  1. Ticket change [0edacaae40] (rid 1491) by anonymous on 2020-02-12 13:30:14:

    1. icomment:
      TclTLS already provides a way to access a certificate's SHA-1 fingerprint. It would be helpful if the same could be done for SHA-256, for example like this:
      
      <pre>Index: tlsX509.c
      ==================================================================
      --- tlsX509.c
      +++ tlsX509.c
      @@ -103,14 +103,17 @@
           char certStr[CERT_STR_SIZE], *certStr_p;
           int certStr_len, toRead;
       #ifndef NO_SSL_SHA
           int shai;
           char sha_hash_ascii[SHA_DIGEST_LENGTH * 2 + 1];
      +    char sha256_hash_ascii[SHA256_DIGEST_LENGTH * 2 + 1];
           unsigned char sha_hash_binary[SHA_DIGEST_LENGTH];
      +    unsigned char sha256_hash_binary[SHA256_DIGEST_LENGTH];
           const char *shachars="0123456789ABCDEF";
       
           sha_hash_ascii[SHA_DIGEST_LENGTH * 2] = '\0';
      +    sha256_hash_ascii[SHA256_DIGEST_LENGTH * 2] = '\0';
       #endif
       
           certStr[0] = 0;
           if ((bio = BIO_new(BIO_s_mem())) == NULL) {
              subject[0] = 0;
      @@ -172,10 +175,18 @@
               sha_hash_ascii[shai * 2 + 1] = shachars[(sha_hash_binary[shai] & 0x0F)];
           }
           Tcl_ListObjAppendElement( interp, certPtr, Tcl_NewStringObj("sha1_hash", -1) );
           Tcl_ListObjAppendElement( interp, certPtr, Tcl_NewStringObj(sha_hash_ascii, SHA_DIGEST_LENGTH * 2) );
       
      +    X509_digest(cert, EVP_sha256(), sha256_hash_binary, NULL);
      +    for (shai = 0; shai < SHA256_DIGEST_LENGTH; shai++) {
      +        sha256_hash_ascii[shai * 2]     = shachars[(sha256_hash_binary[shai] & 0xF0) >> 4];
      +        sha256_hash_ascii[shai * 2 + 1] = shachars[(sha256_hash_binary[shai] & 0x0F)];
      +    }
      +    Tcl_ListObjAppendElement( interp, certPtr, Tcl_NewStringObj("sha256_hash", -1) );
      +    Tcl_ListObjAppendElement( interp, certPtr, Tcl_NewStringObj(sha256_hash_ascii, SHA256_DIGEST_LENGTH * 2) );
      +
       #endif
           Tcl_ListObjAppendElement( interp, certPtr,
                  Tcl_NewStringObj( "subject", -1) );
           Tcl_ListObjAppendElement( interp, certPtr,
                  Tcl_NewStringObj( subject, -1) );</pre>
      
    2. login: "anonymous"
    3. mimetype: "text/html"
    4. private_contact initialized to: "55af5b17739ede24263824fc10fcbe137d8a5b07"
    5. severity initialized to: "Important"
    6. status initialized to: "Open"
    7. title initialized to: "Expose SHA-256 fingerprint of certificate"
    8. type initialized to: "Feature Request"