You can require that the peer matches one of a specified set
of signatures with TLS_CertificateFingerprint
. When a
TLS peer presents a certificate, this optional parameter specifies one or
more fingerprints, one of which must match the fingerprint of the peer
certificate. The format is algorithm:fingerprint
. No
fingerprint checks are done by default. Using this parameter requires
Net::SSLeay 1.37 or later.
Here is an example of using
TLS_CertificateFingerprint
:
TLS_CertificateFingerprint \
sha-1:8E:94:50:0E:2F:D6:DE:16:1D:84:76:FE:2F:14:33:2D:AC:57:04:FF
TLS_CertificateFingerprint \
sha-1:E1:2D:53:2B:7C:6B:8A:29:A2:76:C8:64:36:0B:08:4B:7A:F1:9E:9D
TLS_CertificateFingerprint \
sha-256:EC:14:77:FA:33:AD:2C:20:FF:D2:C8:1C:46:31:73:04:28:9E:ED:\
12:D7:8E:79:A0:24:C0:DE:0B:88:A9:DB:3C
TLS_CertificateFingerprint md5:2A:2D:F1:44:40:81:22:D4:60:6D:9A:B0:F4:BF:DD:24