crypto: Expose the public key of a certificate & cert sha256
Expose the raw public key of the certificate. This is needed for applications to be able to pin the public key rather then the exact certificate. This also makes it a lot easier to implement HPKP, but to be able to do proper HPKP we need to have access the the issuer certificate too, so we are now passing the "detailed" certificate to checkServerIdentity
.
The certificate object contains the SHA1 fingerprint of the certificate. That is getting a little date so I've added the SHA256 as cert.fingerprint256
.
Also added docs on how to do cert pinning and pubkey pinning.
Checklist
-
make -j4 test
(UNIX), orvcbuild test
(Windows) passes -
tests and/or benchmarks are included -
documentation is changed or added -
commit message follows commit guidelines
Affected core subsystem(s)
- crypto
- doc