mirror of
https://github.com/XTLS/Xray-core.git
synced 2026-07-03 02:08:45 +00:00
Commands: Print leaf cert's SHA256 in tls ping (#5628)
And https://github.com/XTLS/Xray-core/pull/5628#issuecomment-3828445442 --------- Co-authored-by: RPRX <63339210+RPRX@users.noreply.github.com>
This commit is contained in:
@@ -639,10 +639,14 @@ func (c *TLSConfig) Build() (proto.Message, error) {
|
|||||||
if v == "" {
|
if v == "" {
|
||||||
continue
|
continue
|
||||||
}
|
}
|
||||||
hashValue, err := hex.DecodeString(v)
|
// remove colons for OpenSSL format
|
||||||
|
hashValue, err := hex.DecodeString(strings.ReplaceAll(v, ":", ""))
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
|
if len(hashValue) != 32 {
|
||||||
|
return nil, errors.New("incorrect pinnedPeerCertSha256 length: ", v)
|
||||||
|
}
|
||||||
config.PinnedPeerCertSha256 = append(config.PinnedPeerCertSha256, hashValue)
|
config.PinnedPeerCertSha256 = append(config.PinnedPeerCertSha256, hashValue)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -75,8 +75,6 @@ func executePing(cmd *base.Command, args []string) {
|
|||||||
NextProtos: []string{"h2", "http/1.1"},
|
NextProtos: []string{"h2", "http/1.1"},
|
||||||
MaxVersion: gotls.VersionTLS13,
|
MaxVersion: gotls.VersionTLS13,
|
||||||
MinVersion: gotls.VersionTLS12,
|
MinVersion: gotls.VersionTLS12,
|
||||||
// Do not release tool before v5's refactor
|
|
||||||
// VerifyPeerCertificate: showCert(),
|
|
||||||
})
|
})
|
||||||
err = tlsConn.Handshake()
|
err = tlsConn.Handshake()
|
||||||
if err != nil {
|
if err != nil {
|
||||||
@@ -101,8 +99,6 @@ func executePing(cmd *base.Command, args []string) {
|
|||||||
NextProtos: []string{"h2", "http/1.1"},
|
NextProtos: []string{"h2", "http/1.1"},
|
||||||
MaxVersion: gotls.VersionTLS13,
|
MaxVersion: gotls.VersionTLS13,
|
||||||
MinVersion: gotls.VersionTLS12,
|
MinVersion: gotls.VersionTLS12,
|
||||||
// Do not release tool before v5's refactor
|
|
||||||
// VerifyPeerCertificate: showCert(),
|
|
||||||
})
|
})
|
||||||
err = tlsConn.Handshake()
|
err = tlsConn.Handshake()
|
||||||
if err != nil {
|
if err != nil {
|
||||||
@@ -133,6 +129,7 @@ func printCertificates(certs []*x509.Certificate) {
|
|||||||
fmt.Println("Cert's signature algorithm: ", leaf.SignatureAlgorithm.String())
|
fmt.Println("Cert's signature algorithm: ", leaf.SignatureAlgorithm.String())
|
||||||
fmt.Println("Cert's publicKey algorithm: ", leaf.PublicKeyAlgorithm.String())
|
fmt.Println("Cert's publicKey algorithm: ", leaf.PublicKeyAlgorithm.String())
|
||||||
fmt.Println("Cert's allowed domains: ", leaf.DNSNames)
|
fmt.Println("Cert's allowed domains: ", leaf.DNSNames)
|
||||||
|
fmt.Println("Cert's leaf SHA256: ", hex.EncodeToString(GenerateCertHash(leaf)))
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -153,17 +150,3 @@ func printTLSConnDetail(tlsConn *gotls.Conn) {
|
|||||||
fmt.Println("TLS Post-Quantum key exchange: false (RSA Exchange)")
|
fmt.Println("TLS Post-Quantum key exchange: false (RSA Exchange)")
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
func showCert() func(rawCerts [][]byte, verifiedChains [][]*x509.Certificate) error {
|
|
||||||
return func(rawCerts [][]byte, verifiedChains [][]*x509.Certificate) error {
|
|
||||||
var hash []byte
|
|
||||||
for _, asn1Data := range rawCerts {
|
|
||||||
cert, _ := x509.ParseCertificate(asn1Data)
|
|
||||||
if cert.IsCA {
|
|
||||||
hash = GenerateCertHash(cert)
|
|
||||||
}
|
|
||||||
}
|
|
||||||
fmt.Println("Certificate Leaf Hash: ", hex.EncodeToString(hash))
|
|
||||||
return nil
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|||||||
Reference in New Issue
Block a user