mirrors/Xray-core
0
Fork 0
mirror of https://github.com/XTLS/Xray-core.git synced 2025-06-13 20:09:36 +03:00
Code Issues Releases Activity

Support SPKI Fingerprint Pinning

Browse Source 
Support SPKI Fingerprint Pinning for TLSObject
This commit is contained in:
Yue Yin
2023-02-17 16:01:24 +08:00
committed by yuhan6665
parent 267d93f7bd
commit 03b8c094de
6 changed files with 169 additions and 23 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
transport/internet/tls/config.go
View File

@ -266,6 +266,20 @@ func (c *Config) verifyPeerCert(rawCerts [][]byte, verifiedChains [][]*x509.Cert
}
return newError("peer cert is unrecognized: ", base64.StdEncoding.EncodeToString(hashValue))
}
if c.PinnedPeerCertificatePublicKeySha256 != nil {
for _, v := range verifiedChains {
for _, cert := range v {
publicHash := GenerateCertPublicKeyHash(cert)
for _, c := range c.PinnedPeerCertificatePublicKeySha256 {
if hmac.Equal(publicHash, c) {
return nil
}
}
}
}
return newError("peer public key is unrecognized.")
}
return nil
}