Silverfish/proton-bridge
1
0
Fork 1
mirror of https://github.com/ProtonMail/proton-bridge.git synced 2026-02-04 00:08:33 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

chore: bump badssl pin

Browse Source
This commit is contained in:
Atanas Janeshliev
2026-01-21 12:43:51 +01:00
parent c6ec3cb53f
commit 6194a1a125
1 changed files with 11 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
internal/dialer/dialer_pinning_test.go
View File

@ -90,12 +90,22 @@ func TestTLSSignedCertWrongPublicKey(t *testing.T) {
r.Error(t, err, "expected dial to fail because of wrong public key") r.Error(t, err, "expected dial to fail because of wrong public key")
} }
/*
For the following test the SSL pin rotates from time to time. Thus, the pin needs to be updated accordingly.
A new pin can be extracted by running the following command:
echo | openssl s_client -connect rsa4096.badssl.com:443 2>/dev/null | \
openssl x509 -pubkey -noout | \
openssl pkey -pubin -outform DER | \
openssl dgst -sha256 -binary | \
base64
*/
func TestTLSSignedCertTrustedPublicKey(t *testing.T) { func TestTLSSignedCertTrustedPublicKey(t *testing.T) {
skipIfProxyIsSet(t) skipIfProxyIsSet(t)
_, dialer, _, checker, _ := createClientWithPinningDialer("") _, dialer, _, checker, _ := createClientWithPinningDialer("")
copyTrustedPins(checker) copyTrustedPins(checker)
checker.trustedPins = append(checker.trustedPins, `pin-sha256="OVsJeI/WFSpspmADz1Je5BL2nhu7hZKdBFlw6n09lU4="`) checker.trustedPins = append(checker.trustedPins, `pin-sha256="GGNnH/+pMnSFwy6vEDvfi5TRVWMpC5IINu3BHRM1c4E="`)
_, err := dialer.DialTLSContext(context.Background(), "tcp", "rsa4096.badssl.com:443") _, err := dialer.DialTLSContext(context.Background(), "tcp", "rsa4096.badssl.com:443")
r.NoError(t, err, "expected dial to succeed because public key is known and cert is signed by CA") r.NoError(t, err, "expected dial to succeed because public key is known and cert is signed by CA")
} }