Add a command-line option to print the server certificate hashes

This commit is contained in:
Frank Denis 2019-06-07 01:23:48 +02:00
parent 9604b8b3e5
commit d2aa521369
3 changed files with 16 additions and 3 deletions

View File

@ -202,6 +202,7 @@ func ConfigLoad(proxy *Proxy, svcFlag *string) error {
configFile := flag.String("config", DefaultConfigFileName, "Path to the configuration file")
child := flag.Bool("child", false, "Invokes program as a child process")
netprobeTimeoutOverride := flag.Int("netprobe-timeout", 60, "Override the netprobe timeout")
showCerts := flag.Bool("show-certs", false, "print DoH certificate chain hashes")
flag.Parse()
@ -431,7 +432,16 @@ func ConfigLoad(proxy *Proxy, svcFlag *string) error {
} else if len(config.FallbackResolver) > 0 {
netprobeAddress = config.FallbackResolver
}
proxy.showCerts = *showCerts || len(os.Getenv("SHOW_CERTS")) > 0
if len(os.Getenv("SHOW_CERTS")) > 0 {
proxy.showCerts = true
}
if proxy.showCerts {
proxy.listenAddresses = nil
}
NetProbe(netprobeAddress, netprobeTimeout)
if !config.OfflineMode {
if err := config.loadSources(proxy); err != nil {
return err

View File

@ -64,6 +64,7 @@ type Proxy struct {
logMaxAge int
logMaxBackups int
refusedCodeInResponses bool
showCerts bool
}
func (proxy *Proxy) StartProxy() {
@ -152,6 +153,9 @@ func (proxy *Proxy) StartProxy() {
dlog.Fatal(err)
}
liveServers, err := proxy.serversInfo.refresh(proxy)
if proxy.showCerts {
os.Exit(0)
}
if liveServers > 0 {
dlog.Noticef("dnscrypt-proxy is ready - live servers: %d", liveServers)
if !proxy.child {

View File

@ -10,7 +10,6 @@ import (
"math/rand"
"net"
"net/url"
"os"
"strings"
"sync"
"time"
@ -311,13 +310,13 @@ func (serversInfo *ServersInfo) fetchDoHServerInfo(proxy *Proxy, name string, st
dlog.Warnf("[%s] does not support HTTP/2", name)
}
dlog.Infof("[%s] TLS version: %x - Protocol: %v - Cipher suite: %v", name, tls.Version, protocol, tls.CipherSuite)
showCerts := len(os.Getenv("SHOW_CERTS")) > 0
showCerts := proxy.showCerts
found := false
var wantedHash [32]byte
for _, cert := range tls.PeerCertificates {
h := sha256.Sum256(cert.RawTBSCertificate)
if showCerts {
dlog.Infof("Advertised cert: [%s] [%x]", cert.Subject, h)
dlog.Noticef("Advertised cert: [%s] [%x]", cert.Subject, h)
} else {
dlog.Debugf("Advertised cert: [%s] [%x]", cert.Subject, h)
}