Página inicial Explorar Ajuda
Entrar
Apq
/
Xray-core
mirror de https://github.com/XTLS/Xray-core.git
1
0
Fork 0
Arquivos Issues 0 Wiki
Ver código fonte

Commands: Print leaf cert's SHA256 in `tls ping` (#5628)

And https://github.com/XTLS/Xray-core/pull/5628#issuecomment-3828445442

---------

Co-authored-by: RPRX <[email protected]>
风扇滑翔翼 1 mês atrás
pai
2c92339f95
commit
afcfdbca70
2 arquivos alterados com 6 adições e 19 exclusões
Visão dividida Mostrar estatísticas do Diff
  1. 5 1
      infra/conf/transport_internet.go
  2. 1 18
      main/commands/all/tls/ping.go

+ 5 - 1
infra/conf/transport_internet.go
Ver arquivo 

@@ -639,10 +639,14 @@ func (c *TLSConfig) Build() (proto.Message, error) {
 
 			if v == "" {
 
 				continue
 
 			}
 
-			hashValue, err := hex.DecodeString(v)
 
+			// remove colons for OpenSSL format
 
+			hashValue, err := hex.DecodeString(strings.ReplaceAll(v, ":", ""))
 
 			if err != nil {
 
 				return nil, err
 
 			}
 
+			if len(hashValue) != 32 {
 
+				return nil, errors.New("incorrect pinnedPeerCertSha256 length: ", v)
 
+			}
 
 			config.PinnedPeerCertSha256 = append(config.PinnedPeerCertSha256, hashValue)
 
 		}
 
 	}

+ 1 - 18
main/commands/all/tls/ping.go
Ver arquivo 

@@ -75,8 +75,6 @@ func executePing(cmd *base.Command, args []string) {
 
 			NextProtos:         []string{"h2", "http/1.1"},
 
 			MaxVersion:         gotls.VersionTLS13,
 
 			MinVersion:         gotls.VersionTLS12,
 
-			// Do not release tool before v5's refactor
 
-			// VerifyPeerCertificate: showCert(),
 
 		})
 
 		err = tlsConn.Handshake()
 
 		if err != nil {
 
@@ -101,8 +99,6 @@ func executePing(cmd *base.Command, args []string) {
 
 			NextProtos: []string{"h2", "http/1.1"},
 
 			MaxVersion: gotls.VersionTLS13,
 
 			MinVersion: gotls.VersionTLS12,
 
-			// Do not release tool before v5's refactor
 
-			// VerifyPeerCertificate: showCert(),
 
 		})
 
 		err = tlsConn.Handshake()
 
 		if err != nil {
 
@@ -133,6 +129,7 @@ func printCertificates(certs []*x509.Certificate) {
 
 		fmt.Println("Cert's signature algorithm: ", leaf.SignatureAlgorithm.String())
 
 		fmt.Println("Cert's publicKey algorithm: ", leaf.PublicKeyAlgorithm.String())
 
 		fmt.Println("Cert's allowed domains: ", leaf.DNSNames)
 
+		fmt.Println("Cert's leaf SHA256: ", hex.EncodeToString(GenerateCertHash(leaf)))
 
 	}
 
 }
 
 
@@ -153,17 +150,3 @@ func printTLSConnDetail(tlsConn *gotls.Conn) {
 
 		fmt.Println("TLS Post-Quantum key exchange:  false (RSA Exchange)")
 
 	}
 
 }
 
-
 
-func showCert() func(rawCerts [][]byte, verifiedChains [][]*x509.Certificate) error {
 
-	return func(rawCerts [][]byte, verifiedChains [][]*x509.Certificate) error {
 
-		var hash []byte
 
-		for _, asn1Data := range rawCerts {
 
-			cert, _ := x509.ParseCertificate(asn1Data)
 
-			if cert.IsCA {
 
-				hash = GenerateCertHash(cert)
 
-			}
 
-		}
 
-		fmt.Println("Certificate Leaf Hash: ", hex.EncodeToString(hash))
 
-		return nil
 
-	}
 
-}