From e4300be8cdd453bad1d90f28a36cbb222d02e913 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Thomas=20Wei=C3=9Fschuh?= Date: Sat, 31 Jan 2015 20:02:00 +0000 Subject: [PATCH] add sha256 for fingerprint verification fixes #539 --- test/with_dummyserver/test_https.py | 10 ++++++++++ urllib3/util/ssl_.py | 5 +++-- 2 files changed, 13 insertions(+), 2 deletions(-) diff --git a/test/with_dummyserver/test_https.py b/test/with_dummyserver/test_https.py index 794c363865..82933774e1 100644 --- a/test/with_dummyserver/test_https.py +++ b/test/with_dummyserver/test_https.py @@ -202,6 +202,16 @@ def test_assert_fingerprint_sha1(self): '7A:F2:8A:D7:1E:07:33:67:DE' https_pool.request('GET', '/') + def test_assert_fingerprint_sha256(self): + https_pool = HTTPSConnectionPool('localhost', self.port, + cert_reqs='CERT_REQUIRED', + ca_certs=DEFAULT_CA) + + https_pool.assert_fingerprint = ('9A:29:9D:4F:47:85:1C:51:23:F5:9A:A3:' + '0F:5A:EF:96:F9:2E:3C:22:2E:FC:E8:BC:' + '0E:73:90:37:ED:3B:AA:AB') + https_pool.request('GET', '/') + def test_assert_invalid_fingerprint(self): https_pool = HTTPSConnectionPool('127.0.0.1', self.port, cert_reqs='CERT_REQUIRED', diff --git a/urllib3/util/ssl_.py b/urllib3/util/ssl_.py index e73b6fe823..7ad1b30589 100644 --- a/urllib3/util/ssl_.py +++ b/urllib3/util/ssl_.py @@ -1,5 +1,5 @@ from binascii import hexlify, unhexlify -from hashlib import md5, sha1 +from hashlib import md5, sha1, sha256 from ..exceptions import SSLError @@ -96,7 +96,8 @@ def assert_fingerprint(cert, fingerprint): # this digest. hashfunc_map = { 16: md5, - 20: sha1 + 20: sha1, + 32: sha256, } fingerprint = fingerprint.replace(':', '').lower()