mirrors/Xray-core
1
0
Fork 0
mirror of https://github.com/XTLS/Xray-core.git synced 2025-05-01 01:44:15 +00:00
Code Issues Projects Releases Packages Wiki Activity

Support SPKI Fingerprint Pinning

Browse source 
Support SPKI Fingerprint Pinning for TLSObject
This commit is contained in:
Yue Yin 2023-02-17 16:01:24 +08:00 committed by yuhan6665
parent 267d93f7bd
commit 03b8c094de
6 changed files with 169 additions and 23 deletions
Download patch file Download diff file Expand all files Collapse all files

14
transport/internet/tls/config.go
View file

@ -266,6 +266,20 @@ func (c *Config) verifyPeerCert(rawCerts [][]byte, verifiedChains [][]*x509.Cert
}
return newError("peer cert is unrecognized: ", base64.StdEncoding.EncodeToString(hashValue))
}
if c.PinnedPeerCertificatePublicKeySha256 != nil {
for _, v := range verifiedChains {
for _, cert := range v {
publicHash := GenerateCertPublicKeyHash(cert)
for _, c := range c.PinnedPeerCertificatePublicKeySha256 {
if hmac.Equal(publicHash, c) {
return nil
}
}
}
}
return newError("peer public key is unrecognized.")
}
return nil
}