lzhr/v2fly
1
0
Fork 0
mirror of https://github.com/v2fly/v2ray-core.git synced 2025-02-20 23:47:21 -05:00
Code Issues Releases Wiki Activity

publish cert chain hash generation algorithm

Browse Source
This commit is contained in:
Shelikhoo 2021-04-15 18:17:52 +01:00
parent 59472de6a9
commit 34a3850f16
No known key found for this signature in database
GPG Key ID: C4D5E79D22B25316
1 changed files with 15 additions and 10 deletions

21
transport/internet/tls/config.go

@ -175,6 +175,18 @@ func (c *Config) parseServerName() string {
func (c *Config) verifyPeerCert(rawCerts [][]byte, verifiedChains [][]*x509.Certificate) error {
if c.PinnedPeerCertificateChainSha256 != nil {
hashValue := GenerateCertChainHash(rawCerts)
for _, v := range c.PinnedPeerCertificateChainSha256 {
if hmac.Equal(hashValue, v) {
return nil
}
}
return newError("peer cert is unrecognized: ", hex.EncodeToString(hashValue))
}
return nil
}
func GenerateCertChainHash(rawCerts [][]byte) []byte {
var hashValue []byte
for _, certValue := range rawCerts {
out := sha256.Sum256(certValue)
@ -185,14 +197,7 @@ func (c *Config) verifyPeerCert(rawCerts [][]byte, verifiedChains [][]*x509.Cert
hashValue = newHashValue[:]
}
}
for _, v := range c.PinnedPeerCertificateChainSha256 {
if hmac.Equal(hashValue, v) {
return nil
}
}
return newError("peer cert is unrecognized: ", hex.EncodeToString(hashValue))
}
return nil
return hashValue
}
// GetTLSConfig converts this Config into tls.Config.