Exemple #1
0
def fetch(host, port, scheme, servername=None):
    if servername is None:
        servername = host
    context = SSL.Context(SSL.TLSv1_METHOD)
    s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
    s.setblocking(1)
    s.settimeout(10.0)
    try:
        s.connect((host, port))
        if not starttls(s, servername, scheme):
            return {}
    except (socket.error, socket.gaierror):
        return {}
    connection = SSL.Connection(context, s)
    connection.setblocking(1)
    connection.set_connect_state()
    connection.set_tlsext_host_name(host)
    try:
        connection.do_handshake()
    except SSL.Error:
        connection.close()
        return {}
    chain = []
    for cert in connection.get_peer_cert_chain():
        c = add_cert(cert)
        chain.append((c.subject, c.data_hash()))
    return {'chain': chain}
Exemple #2
0
    print('HPKP sha1 pin %s' % fingerprint_to_pin(fp))
    fp = fingerprint(subjectPublicKeyInfo, hashlib.sha256)
    print('HPKP sha256 fp %s' % fp)
    print('HPKP sha256 pin %s' % fingerprint_to_pin(fp))

if __name__ == "__main__":
    context = SSL.Context(SSL.TLSv1_METHOD)
    s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
    connection = SSL.Connection(context, s)
    connection.connect((sys.argv[1], 443))
    connection.setblocking(1)
    try:
        connection.do_handshake()
    except OpenSSL.SSL.WantReadError:
        print("Timeout")
        quit()

    print(connection.get_peer_certificate().get_subject().commonName)
    print(connection.get_peer_certificate().digest("sha1"))
    for cert in connection.get_peer_cert_chain():
        print(cert)
        print(cert.get_subject())
        print(cert.digest("sha1"))
        print(hashlib.sha1(crypto.dump_certificate(crypto.FILETYPE_ASN1, cert)).hexdigest())
        HPKP(cert)
        add_cert(cert)

    from orm import session

    session.commit()