mirror of
https://github.com/tahoe-lafs/tahoe-lafs.git
synced 2024-12-24 15:16:41 +00:00
Technically this doesn't matter, because it's client-side, but it's good habit.
This commit is contained in:
parent
be0ff08275
commit
e50d88f46d
@ -35,6 +35,7 @@ from .http_common import (
|
|||||||
get_spki_hash,
|
get_spki_hash,
|
||||||
)
|
)
|
||||||
from .common import si_b2a
|
from .common import si_b2a
|
||||||
|
from ..util.hashutil import timing_safe_compare
|
||||||
|
|
||||||
|
|
||||||
def _encode_si(si): # type: (bytes) -> str
|
def _encode_si(si): # type: (bytes) -> str
|
||||||
@ -103,9 +104,8 @@ class _TLSContextFactory(CertificateOptions):
|
|||||||
19, # X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN
|
19, # X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN
|
||||||
)
|
)
|
||||||
# TODO can we do this once instead of multiple times?
|
# TODO can we do this once instead of multiple times?
|
||||||
if (
|
if errno in things_are_ok and timing_safe_compare(
|
||||||
errno in things_are_ok
|
get_spki_hash(cert.to_cryptography()), expected_spki_hash
|
||||||
and get_spki_hash(cert.to_cryptography()) == expected_spki_hash
|
|
||||||
):
|
):
|
||||||
return 1
|
return 1
|
||||||
# TODO: log the details of the error, because otherwise they get
|
# TODO: log the details of the error, because otherwise they get
|
||||||
|
Loading…
Reference in New Issue
Block a user