miracle091/dnscrypt-proxy
miracle091
/
dnscrypt-proxy
mirror of https://github.com/DNSCrypt/dnscrypt-proxy.git
1
0
Fork 0
Code Issues Releases Wiki Activity

Add a super secret way to print cert hashes 

Not so secret. The purpose is to avoid log pollution, while still
allowing people setting up DoH servers to quickly view the
certificate chain.
This commit is contained in:
Frank Denis 2018-02-05 13:24:17 +01:00
parent 5c52199ee1
commit 7f5d67881b
1 changed files with 7 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
dnscrypt-proxy/serversInfo.go
View File

@ -10,6 +10,7 @@ import (
"math/rand" "math/rand"
"net" "net"
"net/url" "net/url"
"os"
"strings" "strings"
"sync" "sync"
"time" "time"
@ -260,11 +261,16 @@ func (serversInfo *ServersInfo) fetchDoHServerInfo(proxy *Proxy, name string, st
if tls == nil || !tls.HandshakeComplete { if tls == nil || !tls.HandshakeComplete {
return ServerInfo{}, errors.New("TLS handshake failed") return ServerInfo{}, errors.New("TLS handshake failed")
} }
showCerts := len(os.Getenv("SHOW_CERTS")) > 0
found := false found := false
var wantedHash [32]byte var wantedHash [32]byte
for _, cert := range tls.PeerCertificates { for _, cert := range tls.PeerCertificates {
h := sha256.Sum256(cert.RawTBSCertificate) h := sha256.Sum256(cert.RawTBSCertificate)
if showCerts {
dlog.Infof("Advertised cert: [%s] [%x]", cert.Subject, h)
} else {
dlog.Debugf("Advertised cert: [%s] [%x]", cert.Subject, h) dlog.Debugf("Advertised cert: [%s] [%x]", cert.Subject, h)
}
for _, hash := range stamp.hashes { for _, hash := range stamp.hashes {
if len(hash) == len(wantedHash) { if len(hash) == len(wantedHash) {
copy(wantedHash[:], hash) copy(wantedHash[:], hash)