RepoMirrors/mediamtx
1
0
Fork 0
mirror of https://github.com/bluenviron/mediamtx synced 2024-12-16 19:54:59 +00:00
Code Issues Packages Projects Releases Wiki Activity
8e955d2119
mediamtx/internal/core/tls_fingerprint.go
Alessandro Ros 3967caa530
join validation of TLS fingerprints (#2071)
2023-07-18 23:39:26 +02:00

40 lines
801 B
Go
Raw Blame History

package core
import (
"crypto/sha256"
"crypto/tls"
"encoding/hex"
"fmt"
"strings"
)
type fingerprintValidatorFunc func(tls.ConnectionState) error
func fingerprintValidator(fingerprint string) fingerprintValidatorFunc {
fingerprintLower := strings.ToLower(fingerprint)
return func(cs tls.ConnectionState) error {
h := sha256.New()
h.Write(cs.PeerCertificates[0].Raw)
hstr := hex.EncodeToString(h.Sum(nil))
if hstr != fingerprintLower {
return fmt.Errorf("source fingerprint does not match: expected %s, got %s",
fingerprintLower, hstr)
}
return nil
}
}
func tlsConfigForFingerprint(fingerprint string) *tls.Config {
if fingerprint == "" {
return nil
}
return &tls.Config{
InsecureSkipVerify: true,
VerifyConnection: fingerprintValidator(fingerprint),
}
}
Reference in New Issue View Git Blame Copy Permalink