def fetch(host, port, scheme, servername=None):
if servername is None:
servername = host
context = SSL.Context(SSL.TLSv1_METHOD)
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.setblocking(1)
s.settimeout(10.0)
try:
s.connect((host, port))
if not starttls(s, servername, scheme):
return {}
except (socket.error, socket.gaierror):
return {}
connection = SSL.Connection(context, s)
connection.setblocking(1)
connection.set_connect_state()
connection.set_tlsext_host_name(host)
try:
connection.do_handshake()
except SSL.Error:
connection.close()
return {}
chain = []
for cert in connection.get_peer_cert_chain():
c = add_cert(cert)
chain.append((c.subject, c.data_hash()))
return {'chain': chain}
print('HPKP sha1 pin %s' % fingerprint_to_pin(fp))
fp = fingerprint(subjectPublicKeyInfo, hashlib.sha256)
print('HPKP sha256 fp %s' % fp)
print('HPKP sha256 pin %s' % fingerprint_to_pin(fp))
if __name__ == "__main__":
context = SSL.Context(SSL.TLSv1_METHOD)
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
connection = SSL.Connection(context, s)
connection.connect((sys.argv[1], 443))
connection.setblocking(1)
try:
connection.do_handshake()
except OpenSSL.SSL.WantReadError:
print("Timeout")
quit()
print(connection.get_peer_certificate().get_subject().commonName)
print(connection.get_peer_certificate().digest("sha1"))
for cert in connection.get_peer_cert_chain():
print(cert)
print(cert.get_subject())
print(cert.digest("sha1"))
print(hashlib.sha1(crypto.dump_certificate(crypto.FILETYPE_ASN1, cert)).hexdigest())
HPKP(cert)
add_cert(cert)
from orm import session
session.commit()