summaryrefslogtreecommitdiff
path: root/src/leap/crypto/certs.py
diff options
context:
space:
mode:
Diffstat (limited to 'src/leap/crypto/certs.py')
-rw-r--r--src/leap/crypto/certs.py31
1 files changed, 31 insertions, 0 deletions
diff --git a/src/leap/crypto/certs.py b/src/leap/crypto/certs.py
new file mode 100644
index 00000000..aa1fc9e9
--- /dev/null
+++ b/src/leap/crypto/certs.py
@@ -0,0 +1,31 @@
+import ctypes
+import socket
+
+import gnutls.connection
+import gnutls.library
+
+
+def get_https_cert_fingerprint(domain):
+ sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
+ cred = gnutls.connection.X509Credentials()
+
+ session = gnutls.connection.ClientSession(sock, cred)
+ session.connect((domain, 443))
+ session.handshake()
+ cert = session.peer_certificate
+
+ _buffer = ctypes.create_string_buffer(20)
+ buffer_length = ctypes.c_size_t(20)
+
+ gnutls.library.functions.gnutls_x509_crt_get_fingerprint(
+ cert._c_object, gnutls.library.constants.GNUTLS_DIG_SHA1, # 3
+ ctypes.byref(_buffer), ctypes.byref(buffer_length))
+
+ # deinit
+ #server_cert._X509Certificate__deinit(server_cert._c_object)
+ # needed? is segfaulting
+
+ fpr = ctypes.string_at(_buffer, buffer_length.value)
+ hex_fpr = u":".join(u"%02X" % ord(char) for char in fpr)
+
+ return hex_fpr
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-10 10:15:59 +0000