mirror of
https://github.com/ergochat/ergo.git
synced 2025-12-20 02:00:11 -08:00
certfp: Add certfp retrieval from client
This commit is contained in:
Daniel Oaks
parent
d3d88cfa0c
commit
49034cb20e
3 changed files with 34 additions and 0 deletions
|
|
@ -6,11 +6,20 @@ package irc
|
|||
|
||||
import (
|
||||
"bufio"
|
||||
"crypto/sha256"
|
||||
"crypto/tls"
|
||||
"encoding/hex"
|
||||
"errors"
|
||||
"io"
|
||||
"net"
|
||||
"strings"
|
||||
)
|
||||
|
||||
var (
|
||||
errNotTls = errors.New("Not a TLS connection")
|
||||
errNoPeerCerts = errors.New("Client did not provide a certificate")
|
||||
)
|
||||
|
||||
// Socket represents an IRC socket.
|
||||
type Socket struct {
|
||||
Closed bool
|
||||
|
|
@ -35,6 +44,24 @@ func (socket *Socket) Close() {
|
|||
socket.conn.Close()
|
||||
}
|
||||
|
||||
// CertFP returns the fingerprint of the certificate provided by the client.
|
||||
func (socket *Socket) CertFP() (string, error) {
|
||||
var tlsConn, isTLS = socket.conn.(*tls.Conn)
|
||||
if !isTLS {
|
||||
return "", errNotTls
|
||||
}
|
||||
|
||||
peerCerts := tlsConn.ConnectionState().PeerCertificates
|
||||
if len(peerCerts) < 1 {
|
||||
return "", errNoPeerCerts
|
||||
}
|
||||
|
||||
rawCert := sha256.Sum256(peerCerts[0].Raw)
|
||||
fingerprint := hex.EncodeToString(rawCert[:])
|
||||
|
||||
return fingerprint, nil
|
||||
}
|
||||
|
||||
// Read returns a single IRC line from a Socket.
|
||||
func (socket *Socket) Read() (string, error) {
|
||||
if socket.Closed {
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue