Add a super secret way to print cert hashes

Not so secret. The purpose is to avoid log pollution, while still
allowing people setting up DoH servers to quickly view the
certificate chain.
This commit is contained in:
Frank Denis 2018-02-05 13:24:17 +01:00
parent 5c52199ee1
commit 7f5d67881b
1 changed files with 7 additions and 1 deletions

View File

@ -10,6 +10,7 @@ import (
"math/rand"
"net"
"net/url"
"os"
"strings"
"sync"
"time"
@ -260,11 +261,16 @@ func (serversInfo *ServersInfo) fetchDoHServerInfo(proxy *Proxy, name string, st
if tls == nil || !tls.HandshakeComplete {
return ServerInfo{}, errors.New("TLS handshake failed")
}
showCerts := len(os.Getenv("SHOW_CERTS")) > 0
found := false
var wantedHash [32]byte
for _, cert := range tls.PeerCertificates {
h := sha256.Sum256(cert.RawTBSCertificate)
if showCerts {
dlog.Infof("Advertised cert: [%s] [%x]", cert.Subject, h)
} else {
dlog.Debugf("Advertised cert: [%s] [%x]", cert.Subject, h)
}
for _, hash := range stamp.hashes {
if len(hash) == len(wantedHash) {
copy(wantedHash[:], hash)