Skip to content

Commit

Permalink
Add function to match certificate fingerprint
Browse files Browse the repository at this point in the history
  • Loading branch information
@igrr
igrr committed Sep 14, 2015
1 parent ad97806 commit a069bc0
Show file tree
Hide file tree
Showing 2 changed files with 18 additions and 0 deletions.
9 changes: 9 additions & 0 deletions ssl/ssl.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -371,6 +371,15 @@ EXP_FUNC void STDCALL ssl_display_error(int error_code);
*/
EXP_FUNC int STDCALL ssl_verify_cert(const SSL *ssl);

/**
* @brief Check if certificate fingerprint (SHA1) matches the one given.
*
* @param ssl [in] An SSL object reference.
* @param fp [in] SHA1 fingerprint to match against
* @return SSL_OK if the certificate is verified.
*/
EXP_FUNC int STDCALL ssl_match_fingerprint(const SSL *ssl, const uint8_t* fp);

/**
* @brief Retrieve an X.509 distinguished name component.
*
Expand Down
9 changes: 9 additions & 0 deletions ssl/tls1.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1887,6 +1887,15 @@ int process_certificate(SSL *ssl, X509_CTX **x509_ctx)
return ret;
}

EXP_FUNC int STDCALL ssl_match_fingerprint(const SSL *ssl, const uint8_t* fp)
{
uint8_t cert_fp[SHA1_SIZE];
X509_CTX* x509 = ssl->x509_ctx;

bi_export(x509->rsa_ctx->bi_ctx, x509->fingerprint, cert_fp, SHA1_SIZE);
return memcmp(cert_fp, fp, SHA1_SIZE);
}

#endif /* CONFIG_SSL_CERT_VERIFICATION */

/**
Expand Down

0 comments on commit a069bc0

Please sign in to comment.