Overview
Comment: | Get certificate SHA-256 fingerprint. https://core.tcl-lang.org/tcltls/tktview/c2f2f1be54 and https://www.androwish.org/home/info/80b11e9594532414 and https://www.androwish.org/home/info/56087b886c6c105f |
---|---|
Downloads: | Tarball | ZIP archive | SQL archive |
Timelines: | family | ancestors | descendants | both | trunk |
Files: | files | file ages | folders |
SHA3-256: |
3f9e284b4e924730dabdb391abd0f5b5 |
User & Date: | bohagan on 2023-03-04 20:54:27 |
Other Links: | manifest | tags |
Context
2023-03-04
| ||
21:11 | TlsIO.test Hostname Fix. Patch by Sergei Golovan (Debian) to make the client socket connect to localhost instead of [info hostname] to prevent intermittent test failures inside mock(1). Also, account for a change in error message "unsupported protocol" instead of "wrong version number". -- Sergei Golovan <email address hidden> Thu, 18 Jul 2019 15:00:18 +0300 Source: https://sources.debian.org/src/tcltls/1.7.22-3/debian/patches/hostname-tests.patch check-in: 0afa2bde06 user: bohagan tags: trunk | |
20:54 | Get certificate SHA-256 fingerprint. https://core.tcl-lang.org/tcltls/tktview/c2f2f1be54 and https://www.androwish.org/home/info/80b11e9594532414 and https://www.androwish.org/home/info/56087b886c6c105f check-in: 3f9e284b4e user: bohagan tags: trunk | |
20:19 | Added key and PEM output to variables and updated keytest1 test script. Source: https://www.androwish.org/home/info/80b11e9594532414 and https://www.androwish.org/home/info/56087b886c6c105f and https://core.tcl-lang.org/tcltls/tktview/04d6bb909b ids: [80b11e9594] and [56087b886c] check-in: 899a950204 user: bohagan tags: trunk | |
Changes
Modified tls.htm
from [516cdf2a0d]
to [fd9a0fa861].
︙ | ︙ | |||
145 146 147 148 149 150 151 152 153 154 155 156 157 158 | <dt><strong>cipher</strong> <em>cipher</em></dt> <dd>The current cipher in use between the client and server channels.</dd> <dt><strong>sbits</strong> <em>n</em></dt> <dd>The number of bits used for the session key.</dd> <dt><strong>certificate</strong> <em>n</em></dt> <dd>The PEM encoded certificate.</dd> <dt><strong>alpn</strong> <em>protocol</em></dt> <dd>The protocol selected after Application-Layer Protocol Negotiation (ALPN).</dd> <dt><strong>version</strong> <em>value</em></dt> <dd>The protocol version used for the connection: SSLv2, SSLv3, TLSv1, TLSv1.1, TLSv1.2, unknown</dd> </dl> | > > > > | 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 | <dt><strong>cipher</strong> <em>cipher</em></dt> <dd>The current cipher in use between the client and server channels.</dd> <dt><strong>sbits</strong> <em>n</em></dt> <dd>The number of bits used for the session key.</dd> <dt><strong>certificate</strong> <em>n</em></dt> <dd>The PEM encoded certificate.</dd> <dt><strong>sha1_hash</strong> <em>hash</em></dt> <dd>The SHA1 hash of the certificate.</dd> <dt><strong>sha256_hash</strong> <em>hash</em></dt> <dd>The SHA256 hash of the certificate.</dd> <dt><strong>alpn</strong> <em>protocol</em></dt> <dd>The protocol selected after Application-Layer Protocol Negotiation (ALPN).</dd> <dt><strong>version</strong> <em>value</em></dt> <dd>The protocol version used for the connection: SSLv2, SSLv3, TLSv1, TLSv1.1, TLSv1.2, unknown</dd> </dl> |
︙ | ︙ |
Modified tlsX509.c
from [ecfb13f8ce]
to [547f82177f].
︙ | ︙ | |||
99 100 101 102 103 104 105 | char issuer[BUFSIZ]; char serial[BUFSIZ]; char notBefore[BUFSIZ]; char notAfter[BUFSIZ]; char certStr[CERT_STR_SIZE], *certStr_p; int certStr_len, toRead; #ifndef NO_SSL_SHA | < | | > > | > | 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 | char issuer[BUFSIZ]; char serial[BUFSIZ]; char notBefore[BUFSIZ]; char notAfter[BUFSIZ]; char certStr[CERT_STR_SIZE], *certStr_p; int certStr_len, toRead; #ifndef NO_SSL_SHA char sha1_hash_ascii[SHA_DIGEST_LENGTH * 2 + 1]; unsigned char sha1_hash_binary[SHA_DIGEST_LENGTH]; char sha256_hash_ascii[SHA256_DIGEST_LENGTH*2+1]; unsigned char sha256_hash_binary[SHA256_DIGEST_LENGTH]; const char *shachars="0123456789ABCDEF"; sha1_hash_ascii[SHA_DIGEST_LENGTH * 2] = '\0'; sha256_hash_ascii[SHA256_DIGEST_LENGTH * 2] = '\0'; #endif certStr[0] = 0; if ((bio = BIO_new(BIO_s_mem())) == NULL) { subject[0] = 0; issuer[0] = 0; serial[0] = 0; |
︙ | ︙ | |||
162 163 164 165 166 167 168 | BIO_free(bio); } strcpy( notBefore, ASN1_UTCTIME_tostr( X509_get_notBefore(cert) )); strcpy( notAfter, ASN1_UTCTIME_tostr( X509_get_notAfter(cert) )); #ifndef NO_SSL_SHA | > | | | | | > > > > > > > > | < | < | < | < | < | < | < | < | < | < | < | < | 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 | BIO_free(bio); } strcpy( notBefore, ASN1_UTCTIME_tostr( X509_get_notBefore(cert) )); strcpy( notAfter, ASN1_UTCTIME_tostr( X509_get_notAfter(cert) )); #ifndef NO_SSL_SHA /* SHA1 */ X509_digest(cert, EVP_sha1(), sha1_hash_binary, NULL); for (int n = 0; n < SHA_DIGEST_LENGTH; n++) { sha1_hash_ascii[n * 2] = shachars[(sha1_hash_binary[n] & 0xF0) >> 4]; sha1_hash_ascii[n * 2 + 1] = shachars[(sha1_hash_binary[n] & 0x0F)]; } Tcl_ListObjAppendElement( interp, certPtr, Tcl_NewStringObj("sha1_hash", -1) ); Tcl_ListObjAppendElement( interp, certPtr, Tcl_NewStringObj(sha1_hash_ascii, SHA_DIGEST_LENGTH * 2) ); /* SHA256 */ X509_digest(cert, EVP_sha256(), sha256_hash_binary, NULL); for (int n = 0; n < SHA256_DIGEST_LENGTH; n++) { sha256_hash_ascii[n*2] = shachars[(sha256_hash_binary[n] & 0xF0) >> 4]; sha256_hash_ascii[n*2+1] = shachars[(sha256_hash_binary[n] & 0x0F)]; } Tcl_ListObjAppendElement( interp, certPtr, Tcl_NewStringObj( "sha256_hash", -1) ); Tcl_ListObjAppendElement( interp, certPtr, Tcl_NewStringObj( sha256_hash_ascii, SHA256_DIGEST_LENGTH * 2) ); #endif Tcl_ListObjAppendElement( interp, certPtr, Tcl_NewStringObj( "subject", -1) ); Tcl_ListObjAppendElement( interp, certPtr, Tcl_NewStringObj( subject, -1) ); Tcl_ListObjAppendElement( interp, certPtr, Tcl_NewStringObj( "issuer", -1) ); Tcl_ListObjAppendElement( interp, certPtr, Tcl_NewStringObj( issuer, -1) ); Tcl_ListObjAppendElement( interp, certPtr, Tcl_NewStringObj( "notBefore", -1) ); Tcl_ListObjAppendElement( interp, certPtr, Tcl_NewStringObj( notBefore, -1) ); Tcl_ListObjAppendElement( interp, certPtr, Tcl_NewStringObj( "notAfter", -1) ); Tcl_ListObjAppendElement( interp, certPtr, Tcl_NewStringObj( notAfter, -1) ); Tcl_ListObjAppendElement( interp, certPtr, Tcl_NewStringObj( "serial", -1) ); Tcl_ListObjAppendElement( interp, certPtr, Tcl_NewStringObj( serial, -1) ); Tcl_ListObjAppendElement( interp, certPtr, Tcl_NewStringObj( "certificate", -1) ); Tcl_ListObjAppendElement( interp, certPtr, Tcl_NewStringObj( certStr, -1) ); return certPtr; } |