Skip to content

Commit

Permalink
optimize(juicity): support base64urldecoding format for PinnedCertcha…
Browse files Browse the repository at this point in the history
…inSha256
  • Loading branch information
mzz2017 committed Aug 7, 2023
1 parent 62ca625 commit 30e68b9
Showing 1 changed file with 9 additions and 2 deletions.
11 changes: 9 additions & 2 deletions component/outbound/dialer/juicity/juicity.go
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,7 @@ import (
"crypto/tls"
"crypto/x509"
"encoding/base64"
"encoding/hex"
"fmt"
"net"
"net/url"
Expand Down Expand Up @@ -52,9 +53,15 @@ func (s *Juicity) Dialer(option *dialer.GlobalOption, nextDialer netproxy.Dialer
InsecureSkipVerify: s.AllowInsecure || option.AllowInsecure,
}
if s.PinnedCertchainSha256 != "" {
pinnedHash, err := base64.StdEncoding.DecodeString(s.PinnedCertchainSha256)
pinnedHash, err := base64.URLEncoding.DecodeString(s.PinnedCertchainSha256)
if err != nil {
return nil, nil, fmt.Errorf("decode pin_certchain_sha256: %w", err)
pinnedHash, err = base64.StdEncoding.DecodeString(s.PinnedCertchainSha256)
if err != nil {
pinnedHash, err = hex.DecodeString(s.PinnedCertchainSha256)
if err != nil {
return nil, nil, fmt.Errorf("failed to decode PinnedCertchainSha256")
}
}
}
tlsConfig.InsecureSkipVerify = true
tlsConfig.VerifyPeerCertificate = func(rawCerts [][]byte, verifiedChains [][]*x509.Certificate) error {
Expand Down

0 comments on commit 30e68b9

Please sign in to comment.