Add a super secret way to print cert hashes

Not so secret. The purpose is to avoid log pollution, while still allowing people setting up DoH servers to quickly view the certificate chain.
2018-02-05 13:24:17 +01:00 · 2018-02-05 13:24:17 +01:00 · 7f5d67881b
parent 5c52199ee1
commit 7f5d67881b
1 changed files with 7 additions and 1 deletions
--- a/dnscrypt-proxy/serversInfo.go
+++ b/dnscrypt-proxy/serversInfo.go
@ -10,6 +10,7 @@ import (
 	"math/rand"
 	"net"
 	"net/url"
+	"os"
 	"strings"
 	"sync"
 	"time"
@ -260,11 +261,16 @@ func (serversInfo *ServersInfo) fetchDoHServerInfo(proxy *Proxy, name string, st
 	if tls == nil || !tls.HandshakeComplete {
 		return ServerInfo{}, errors.New("TLS handshake failed")
 	}
+	showCerts := len(os.Getenv("SHOW_CERTS")) > 0
 	found := false
 	var wantedHash [32]byte
 	for _, cert := range tls.PeerCertificates {
 		h := sha256.Sum256(cert.RawTBSCertificate)
-		dlog.Debugf("Advertised cert: [%s] [%x]", cert.Subject, h)
+		if showCerts {
+			dlog.Infof("Advertised cert: [%s] [%x]", cert.Subject, h)
+		} else {
+			dlog.Debugf("Advertised cert: [%s] [%x]", cert.Subject, h)
+		}
 		for _, hash := range stamp.hashes {
 			if len(hash) == len(wantedHash) {
 				copy(wantedHash[:], hash)