(text/html)
TclTLS already provides a way to access a certificate's SHA-1 fingerprint. It would be helpful if the same could be done for SHA-256, for example like this:
<pre>Index: tlsX509.c
==================================================================
--- tlsX509.c
+++ tlsX509.c
@@ -103,14 +103,17 @@
char certStr[CERT_STR_SIZE], *certStr_p;
int certStr_len, toRead;
#ifndef NO_SSL_SHA
int shai;
char sha_hash_ascii[SHA_DIGEST_LENGTH * 2 + 1];
+ char sha256_hash_ascii[SHA256_DIGEST_LENGTH * 2 + 1];
unsigned char sha_hash_binary[SHA_DIGEST_LENGTH];
+ unsigned char sha256_hash_binary[SHA256_DIGEST_LENGTH];
const char *shachars="0123456789ABCDEF";
sha_hash_ascii[SHA_DIGEST_LENGTH * 2] = '\0';
+ sha256_hash_ascii[SHA256_DIGEST_LENGTH * 2] = '\0';
#endif
certStr[0] = 0;
if ((bio = BIO_new(BIO_s_mem())) == NULL) {
subject[0] = 0;
@@ -172,10 +175,18 @@
sha_hash_ascii[shai * 2 + 1] = shachars[(sha_hash_binary[shai] & 0x0F)];
}
Tcl_ListObjAppendElement( interp, certPtr, Tcl_NewStringObj("sha1_hash", -1) );
Tcl_ListObjAppendElement( interp, certPtr, Tcl_NewStringObj(sha_hash_ascii, SHA_DIGEST_LENGTH * 2) );
+ X509_digest(cert, EVP_sha256(), sha256_hash_binary, NULL);
+ for (shai = 0; shai < SHA256_DIGEST_LENGTH; shai++) {
+ sha256_hash_ascii[shai * 2] = shachars[(sha256_hash_binary[shai] & 0xF0) >> 4];
+ sha256_hash_ascii[shai * 2 + 1] = shachars[(sha256_hash_binary[shai] & 0x0F)];
+ }
+ Tcl_ListObjAppendElement( interp, certPtr, Tcl_NewStringObj("sha256_hash", -1) );
+ Tcl_ListObjAppendElement( interp, certPtr, Tcl_NewStringObj(sha256_hash_ascii, SHA256_DIGEST_LENGTH * 2) );
+
#endif
Tcl_ListObjAppendElement( interp, certPtr,
Tcl_NewStringObj( "subject", -1) );
Tcl_ListObjAppendElement( interp, certPtr,
Tcl_NewStringObj( subject, -1) );</pre>
(text/x-fossil-plain)
This has been implemented in commit [3f9e284b4e924730].
|