Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Leap:42.3:Staging:A
python-M2Crypto
Leading_zeroes_from_X.509_certificate_fingerpri...
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File Leading_zeroes_from_X.509_certificate_fingerprints_are_not_stripped.patch of Package python-M2Crypto
From 13a03b69ebd0de172ee6a7769ac42cd19be3a094 Mon Sep 17 00:00:00 2001 From: Konstantin Shemyak <konstantin@shemyak.com> Date: Sat, 16 Jan 2016 17:37:55 +0200 Subject: [PATCH] Leading zeroes from X.509 certificate fingerprints are not stripped Fingerprint is the value of the hash function, which is a bit string, not a number. It is handled as such now. --- M2Crypto/SSL/Checker.py | 16 ++++++---------- M2Crypto/X509.py | 3 ++- 2 files changed, 8 insertions(+), 11 deletions(-) diff --git a/M2Crypto/SSL/Checker.py b/M2Crypto/SSL/Checker.py index 9aec163..f5aeb43 100644 --- a/M2Crypto/SSL/Checker.py +++ b/M2Crypto/SSL/Checker.py @@ -10,7 +10,7 @@ Copyright 2008 Heikki Toivonen. All rights reserved. __all__ = ['SSLVerificationError', 'NoCertificate', 'WrongCertificate', 'WrongHost', 'Checker'] -from M2Crypto import util, EVP, m2 +from M2Crypto import m2 import socket import re @@ -77,12 +77,14 @@ (self.digest == 'md5' and len(self.fingerprint) != 32): raise WrongCertificate('peer certificate fingerprint length does not match') - der = peerCert.as_der() - md = EVP.MessageDigest(self.digest) - md.update(der) - digest = md.final() - if util.octx_to_num(digest) != int(self.fingerprint, 16): - raise WrongCertificate('peer certificate fingerprint does not match') + expected_fingerprint = self.fingerprint + observed_fingerprint = peerCert.get_fingerprint(md=self.digest) + if observed_fingerprint != expected_fingerprint: + raise WrongCertificate(''' + peer certificate fingerprint does not match + expected = {0}, + observed = {1}'''.format(expected_fingerprint, + observed_fingerprint)) if self.host: hostValidationPassed = False diff --git a/M2Crypto/X509.py b/M2Crypto/X509.py index a2b4e35..61f0f5a 100644 --- a/M2Crypto/X509.py +++ b/M2Crypto/X509.py @@ -10,6 +10,7 @@ Author: Heikki Toivonen # M2Crypto from M2Crypto import ASN1, BIO, Err, EVP, util import m2 +import binascii FORMAT_DER = 0 FORMAT_PEM = 1 @@ -592,7 +593,7 @@ class X509: md = EVP.MessageDigest(md) md.update(der) digest = md.final() - return hex(util.octx_to_num(digest))[2:-1].upper() + return binascii.hexlify(digest).upper() def load_cert(file, format=FORMAT_PEM): """ -- libgit2 0.24.0
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor