Previous page Section 3.11.24. TLS_SubjectAltNameDNS Section 3.11.25. TLS_CertificateFingerprint (247 / 1691)   Table of Contents Section 3.11.26. TLS_CertificateVerifyHook Next page

3.11.25. TLS_CertificateFingerprint Previous topic Parent topic Child topic Next topic

You can require that the peer matches one of a specified set of signatures with TLS_CertificateFingerprint. When a TLS peer presents a certificate, this optional parameter specifies one or more fingerprints, one of which must match the fingerprint of the peer certificate. The format is algorithm:fingerprint. No fingerprint checks are done by default. Using this parameter requires Net::SSLeay 1.37 or later.
Here is an example of using TLS_CertificateFingerprint:
TLS_CertificateFingerprint \
    sha-1:8E:94:50:0E:2F:D6:DE:16:1D:84:76:FE:2F:14:33:2D:AC:57:04:FF
TLS_CertificateFingerprint \
    sha-1:E1:2D:53:2B:7C:6B:8A:29:A2:76:C8:64:36:0B:08:4B:7A:F1:9E:9D
TLS_CertificateFingerprint \
    sha-256:EC:14:77:FA:33:AD:2C:20:FF:D2:C8:1C:46:31:73:04:28:9E:ED:\
           12:D7:8E:79:A0:24:C0:DE:0B:88:A9:DB:3C
TLS_CertificateFingerprint md5:2A:2D:F1:44:40:81:22:D4:60:6D:9A:B0:F4:BF:DD:24
Previous page Section 3.11.24. TLS_SubjectAltNameDNS Section 3.11.25. TLS_CertificateFingerprint (247 / 1691)   Table of Contents Section 3.11.26. TLS_CertificateVerifyHook Next page