add sha256 for fingerprint verification

fixes urllib3#539
TracyWebTech · Feb 5, 2015 · e4300be · e4300be
1 parent 1f18e96
commit e4300be
Show file tree

Hide file tree

Showing 2 changed files with 13 additions and 2 deletions.
diff --git a/test/with_dummyserver/test_https.py b/test/with_dummyserver/test_https.py
@@ -202,6 +202,16 @@ def test_assert_fingerprint_sha1(self):
                                         '7A:F2:8A:D7:1E:07:33:67:DE'
         https_pool.request('GET', '/')
 
+    def test_assert_fingerprint_sha256(self):
+        https_pool = HTTPSConnectionPool('localhost', self.port,
+                                         cert_reqs='CERT_REQUIRED',
+                                         ca_certs=DEFAULT_CA)
+
+        https_pool.assert_fingerprint = ('9A:29:9D:4F:47:85:1C:51:23:F5:9A:A3:'
+                                         '0F:5A:EF:96:F9:2E:3C:22:2E:FC:E8:BC:'
+                                         '0E:73:90:37:ED:3B:AA:AB')
+        https_pool.request('GET', '/')
+
     def test_assert_invalid_fingerprint(self):
         https_pool = HTTPSConnectionPool('127.0.0.1', self.port,
                                          cert_reqs='CERT_REQUIRED',

diff --git a/urllib3/util/ssl_.py b/urllib3/util/ssl_.py
@@ -1,5 +1,5 @@
 from binascii import hexlify, unhexlify
-from hashlib import md5, sha1
+from hashlib import md5, sha1, sha256
 
 from ..exceptions import SSLError
 
@@ -96,7 +96,8 @@ def assert_fingerprint(cert, fingerprint):
     # this digest.
     hashfunc_map = {
         16: md5,
-        20: sha1
+        20: sha1,
+        32: sha256,
     }
 
     fingerprint = fingerprint.replace(':', '').lower()