-
-
Notifications
You must be signed in to change notification settings - Fork 29
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add a public API to calculate fingerprints of LeafCert instances #39
Comments
Also: * Use real TLS context where it's disabled in tests * Add a change note about trustme integration Closes #3487
Sounds good to me. Maybe just |
It'd probably make sense on |
I'd want OTOH using anything but sha256 seems to be deprecated. |
There are at least two types of TLS cert fingerprints.
We figured out how to implement the latter in Python scripts using |
So I've been finally integrating
trustme
intoaiohttp
's test today.Turns out that certificate fingerprint calculation isn't well-documented on the Internet for Python stdlib's
ssl
module. All examples usepyOpenSSL
instead.So after fighting it for a while, I've figured out that one should turn certificate into DER format as opposed to PEM (
ssl.PEM_cert_to_DER_cert()
), because it's whatSSLSocket.getpeercert()
returns and what client uses to calculate hash: aio-libs/aiohttp@c180800#diff-484462fced51d1a06b1d93b4a44dd535R69Ref: https://github.com/aio-libs/aiohttp/blob/c9dabcb/aiohttp/client_reqrep.py#L105-L136
So I think it'd be nice to wrap it into a method bound to
LeafCert
(and maybeBlob
?).The suggested API is:
Maybe fingerprint would need to be represented by its own
Fingerprint
class, not just some bytes.The text was updated successfully, but these errors were encountered: