Skip to content

Commit

Permalink
Use SHA-256 to check certificate fingerprint
Browse files Browse the repository at this point in the history
  • Loading branch information
@mfilenko
mfilenko committed Sep 13, 2016
1 parent 1efa5e4 commit 5496e58
Showing 1 changed file with 12 additions and 4 deletions.
16 changes: 12 additions & 4 deletions lib/figo.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,11 +20,16 @@
// THE SOFTWARE.
//

// Built-in modules.
var https = require("https");
var tls = require("tls");
var querystring = require("querystring");
var crypto = require("crypto");

// External dependencies.
var clone = require("clone");

// Internal modules.
var models = require("./models");
var FigoError = require("./errors").FigoError;

Expand All @@ -36,8 +41,7 @@ var Config = {
api_endpoint: "api.figo.me",

// figo Connect TLS certificate fingerprints.
valid_fingerprints: [ "38:AE:4A:32:6F:16:EA:15:81:33:8B:B0:D8:E4:A6:35:E7:27:F1:07",
"DB:E2:E9:15:8F:C9:90:30:84:FE:36:CA:A6:11:38:D8:5A:20:5D:93" ],
valid_fingerprints: [ "070f14aeb94afb3df800e82b69a8515ceed2f5b1ba897bef6432458f61cf9e33" ],
};

var RETRIABLE_ERRORS = [
Expand Down Expand Up @@ -181,8 +185,12 @@ var HttpsAgent = function() {
var stream = tls.connect(options);

stream.on("secureConnect", function() {
var certificate = stream.getPeerCertificate();
if (!certificate || !certificate.fingerprint || Config.valid_fingerprints.indexOf(certificate.fingerprint) === -1) {
//var hash = crypto.createHash('sha256');
var fingerprint = crypto
.createHash('sha256')
.update(stream.getPeerCertificate().raw)
.digest('hex');
if (!~Config.valid_fingerprints.indexOf(fingerprint)) {
agent.figo_request.figo_ssl_error = true;
agent.figo_request.abort();
}
Expand Down

0 comments on commit 5496e58

Please sign in to comment.