[PATCH] accept and use the HSTS public key PIN

Nikos Mavrogiannopoulos nmav at gnutls.org
Sun Mar 5 03:03:26 PST 2017


The attached patches, in addition to hex encoded public key PINs accept
and switch by default to the RFC7469 key PIN. Using that PIN will make
more pinning uniform in the Internet, and will simplify future tools
and understanding of key pinning (the serverhash option is a key
pinning option).

The patch set is also available at:
https://gitlab.com/ocserv/openconnect/merge_requests/7

regards,
Nikos
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-Store-only-the-SHA1-and-SHA256-of-the-public-key-int.patch
Type: text/x-patch
Size: 7524 bytes
Desc: not available
URL: <http://lists.infradead.org/pipermail/openconnect-devel/attachments/20170305/a6b79479/attachment.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0002-Added-support-for-RFC7469-key-PIN.patch
Type: text/x-patch
Size: 4202 bytes
Desc: not available
URL: <http://lists.infradead.org/pipermail/openconnect-devel/attachments/20170305/a6b79479/attachment-0001.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0003-Switched-the-default-output-for-key-PIN-to-be-the-RF.patch
Type: text/x-patch
Size: 1005 bytes
Desc: not available
URL: <http://lists.infradead.org/pipermail/openconnect-devel/attachments/20170305/a6b79479/attachment-0002.bin>


More information about the openconnect-devel mailing list