[
https://issues.apache.org/jira/browse/TS-3216?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14228205#comment-14228205
]
Masaori Koshiba commented on TS-3216:
-------------------------------------
Attached patch, "hpkp-001.patch", does following things.
1. Read public key from cert files, hash with SHA256 and encode to Base64.
2. Read public key from csr file, hash with SHA256 and encode to Base64.
3. Add "Public-Key-Pins" header when coming request is https.
I have few concerns about my patch.
1. I added SSLCertContext field in SSLVConnection to get SSLCertContext in
HttpTransactHeaders.
2. I directly used hash functions of OpenSSL, because I couldn't find some
functions like "ATSHashSHA256".
Should I add some wrapper functions under "lib/ts/" directory and use them?
Below is an example of ssl_multicert.config with HPKP.
{noformat}
dest_ip=* ssl_cert_name=ssl/s_yimg_jp.pem ssl_key_name=ssl/s_yimg_jp.key
ssl_ca_name=ssl/s_yimg_jp_ca.pem hpkp_enabled=1 hpkp_max_age=300
hpkp_include_subdomains=1 hpkp_csr_name=ssl/s_yimg_jp.csr
{noformat}
> Add HPKP (Public Key Pinning Extension for HTTP) support
> --------------------------------------------------------
>
> Key: TS-3216
> URL: https://issues.apache.org/jira/browse/TS-3216
> Project: Traffic Server
> Issue Type: New Feature
> Reporter: Masaori Koshiba
> Attachments: hpkp-001.patch
>
>
> Add "Public Key Pinning Extension for HTTP" Support in Traffic Server.
> Public Key Pinning Extension for HTTP (draft-ietf-websec-key-pinning-21)
> - https://tools.ietf.org/html/draft-ietf-websec-key-pinning-21
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
