sdns:// cert pinning is incorrect

Question

sdns:// cert pinning is incorrect

sfionov opened this issue a year ago · 0 comments

We now calculate hash of certificate:
echo | openssl s_client -connect 94.140.14.14:853 -servername dns.adguard-dns.com 2>/dev/null | openssl x509 -outform der | sha256sum

But in SDNS stamp spec it is TBSCertificate (1st member of Certificate structure), not just Certificate.
echo | openssl s_client -connect 94.140.14.14:853 -servername dns.adguard-dns.com 2>/dev/null | openssl x509 -outform der | openssl asn1parse -inform der -strparse +4 -noout -out - | sha256sum