upstream/certbot
1
0
Fork 0
mirror of https://github.com/certbot/certbot.git synced 2026-06-08 16:22:18 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

Wrap TLS-ALPN extension with ASN.1 (#6089)

Browse source 
* Wrap TLS-ALPN extension with ASN.1

* Fix test
This commit is contained in:
Roland Bracewell Shoemaker 2018-06-11 11:59:57 -07:00 committed by Brad Warren
parent 5bf1c51de7
commit da028ca9c2
1 changed files with 5 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
acme/acme/challenges.py
View file

@ -546,7 +546,9 @@ class TLSALPN01Response(KeyAuthorizationChallengeResponse):
key.generate_key(crypto.TYPE_RSA, bits)
der_value = b"DER:" + codecs.encode(self.h, 'hex')
# Instead of using a ASN.1 encoding library just append the OCTET STRING tag (0x04)
# and the length of the SHA256 hash (0x20) since both of these should never change
der_value = b"DER:0420" + codecs.encode(self.h, 'hex')
acme_extension = crypto.X509Extension(self.ID_PE_ACME_IDENTIFIER_V1,
critical=True, value=der_value)
@ -592,7 +594,8 @@ class TLSALPN01Response(KeyAuthorizationChallengeResponse):
# way to get full OID of an unknown extension from pyopenssl.
if ext.get_short_name() == b'UNDEF':
data = ext.get_data()
return data == self.h
# Add the ASN.1 tag/length prefix to the hash before comparison
return data == b'\x04\x20' + self.h
return False