1 // mmc -- Mattermost client
2 // Copyright (C) 2023-2024 Sergey Matveev <stargrave@stargrave.org>
4 // This program is free software: you can redistribute it and/or modify
5 // it under the terms of the GNU Affero General Public License as
6 // published by the Free Software Foundation, either version 3 of the
9 // This program is distributed in the hope that it will be useful,
10 // but WITHOUT ANY WARRANTY; without even the implied warranty of
11 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 // GNU Affero General Public License for more details.
14 // You should have received a copy of the GNU Affero General Public License
15 // along with this program. If not, see <http://www.gnu.org/licenses/>.
26 func NewVerifyPeerCertificate(hashExpected string) func(
27 rawCerts [][]byte, verifiedChains [][]*x509.Certificate,
30 rawCerts [][]byte, verifiedChains [][]*x509.Certificate,
32 cer, err := x509.ParseCertificate(rawCerts[0])
36 spki := cer.RawSubjectPublicKeyInfo
37 hsh := sha256.Sum256(spki)
38 if hashExpected != hex.EncodeToString(hsh[:]) {
39 return errors.New("server certificate's SPKI hash mismatch")