miracle091/dnscrypt-proxy
miracle091
/
dnscrypt-proxy
mirror of https://github.com/DNSCrypt/dnscrypt-proxy.git
1
0
Fork 0
Code Issues Releases Wiki Activity

Add a command-line option to print the server certificate hashes

This commit is contained in:
Frank Denis 2019-06-07 01:23:48 +02:00
parent 9604b8b3e5
commit d2aa521369
3 changed files with 16 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
dnscrypt-proxy/config.go
View File

@ -202,6 +202,7 @@ func ConfigLoad(proxy *Proxy, svcFlag *string) error {
configFile := flag.String("config", DefaultConfigFileName, "Path to the configuration file") configFile := flag.String("config", DefaultConfigFileName, "Path to the configuration file")
child := flag.Bool("child", false, "Invokes program as a child process") child := flag.Bool("child", false, "Invokes program as a child process")
netprobeTimeoutOverride := flag.Int("netprobe-timeout", 60, "Override the netprobe timeout") netprobeTimeoutOverride := flag.Int("netprobe-timeout", 60, "Override the netprobe timeout")
showCerts := flag.Bool("show-certs", false, "print DoH certificate chain hashes")
flag.Parse() flag.Parse()
@ -431,7 +432,16 @@ func ConfigLoad(proxy *Proxy, svcFlag *string) error {
} else if len(config.FallbackResolver) > 0 { } else if len(config.FallbackResolver) > 0 {
netprobeAddress = config.FallbackResolver netprobeAddress = config.FallbackResolver
} }
proxy.showCerts = *showCerts || len(os.Getenv("SHOW_CERTS")) > 0
if len(os.Getenv("SHOW_CERTS")) > 0 {
proxy.showCerts = true
}
if proxy.showCerts {
proxy.listenAddresses = nil
}
NetProbe(netprobeAddress, netprobeTimeout) NetProbe(netprobeAddress, netprobeTimeout)
if !config.OfflineMode { if !config.OfflineMode {
if err := config.loadSources(proxy); err != nil { if err := config.loadSources(proxy); err != nil {
return err return err

4
dnscrypt-proxy/proxy.go
View File

@ -64,6 +64,7 @@ type Proxy struct {
logMaxAge int logMaxAge int
logMaxBackups int logMaxBackups int
refusedCodeInResponses bool refusedCodeInResponses bool
showCerts bool
} }
func (proxy *Proxy) StartProxy() { func (proxy *Proxy) StartProxy() {
@ -152,6 +153,9 @@ func (proxy *Proxy) StartProxy() {
dlog.Fatal(err) dlog.Fatal(err)
} }
liveServers, err := proxy.serversInfo.refresh(proxy) liveServers, err := proxy.serversInfo.refresh(proxy)
if proxy.showCerts {
os.Exit(0)
}
if liveServers > 0 { if liveServers > 0 {
dlog.Noticef("dnscrypt-proxy is ready - live servers: %d", liveServers) dlog.Noticef("dnscrypt-proxy is ready - live servers: %d", liveServers)
if !proxy.child { if !proxy.child {

5
dnscrypt-proxy/serversInfo.go
View File

@ -10,7 +10,6 @@ import (
"math/rand" "math/rand"
"net" "net"
"net/url" "net/url"
"os"
"strings" "strings"
"sync" "sync"
"time" "time"
@ -311,13 +310,13 @@ func (serversInfo *ServersInfo) fetchDoHServerInfo(proxy *Proxy, name string, st
dlog.Warnf("[%s] does not support HTTP/2", name) dlog.Warnf("[%s] does not support HTTP/2", name)
} }
dlog.Infof("[%s] TLS version: %x - Protocol: %v - Cipher suite: %v", name, tls.Version, protocol, tls.CipherSuite) dlog.Infof("[%s] TLS version: %x - Protocol: %v - Cipher suite: %v", name, tls.Version, protocol, tls.CipherSuite)
showCerts := len(os.Getenv("SHOW_CERTS")) > 0 showCerts := proxy.showCerts
found := false found := false
var wantedHash [32]byte var wantedHash [32]byte
for _, cert := range tls.PeerCertificates { for _, cert := range tls.PeerCertificates {
h := sha256.Sum256(cert.RawTBSCertificate) h := sha256.Sum256(cert.RawTBSCertificate)
if showCerts { if showCerts {
dlog.Infof("Advertised cert: [%s] [%x]", cert.Subject, h) dlog.Noticef("Advertised cert: [%s] [%x]", cert.Subject, h)
} else { } else {
dlog.Debugf("Advertised cert: [%s] [%x]", cert.Subject, h) dlog.Debugf("Advertised cert: [%s] [%x]", cert.Subject, h)
} }