From 6646aeaffc2915ad85b4494f74b8d54716b4ba14 Mon Sep 17 00:00:00 2001 From: Andrew Ayer Date: Wed, 7 Jan 2026 21:28:29 -0500 Subject: [PATCH] Add -printhash option to certspotter-authorize --- cmd/certspotter-authorize/main.go | 13 ++++++++++--- man/certspotter-authorize.md | 4 ++++ 2 files changed, 14 insertions(+), 3 deletions(-) diff --git a/cmd/certspotter-authorize/main.go b/cmd/certspotter-authorize/main.go index 4302c76..31963ce 100644 --- a/cmd/certspotter-authorize/main.go +++ b/cmd/certspotter-authorize/main.go @@ -131,13 +131,15 @@ func main() { version, source := certspotterVersion() var flags struct { - cert string - stateDir string - version bool + cert string + stateDir string + printhash bool + version bool } flag.StringVar(&flags.cert, "cert", "", "Path to a PEM-encoded certificate (- to read from stdin)") flag.StringVar(&flags.stateDir, "state_dir", defaultStateDir(), "State directory used by certspotter") + flag.BoolVar(&flags.printhash, "printhash", false, "Instead of authorizing certificate, print its TBS hash and exit") flag.BoolVar(&flags.version, "version", false, "Print version and exit") flag.Parse() @@ -172,6 +174,11 @@ func main() { os.Exit(1) } + if flags.printhash { + fmt.Println(hex.EncodeToString(tbsHash[:])) + os.Exit(0) + } + _, err = createNotifiedMarker(flags.stateDir, tbsHash) if err != nil { fmt.Fprintf(os.Stderr, "%s: %s\n", programName, err) diff --git a/man/certspotter-authorize.md b/man/certspotter-authorize.md index 24ad1df..8f72663 100644 --- a/man/certspotter-authorize.md +++ b/man/certspotter-authorize.md @@ -38,6 +38,10 @@ and will trigger notifications. `$CERTSPOTTER_STATE_DIR` if set, or `~/.certspotter` otherwise. This should be the same directory used by **certspotter(8)**. +-printhash + +: Instead of authorizing the certificate, print its TBS hash (a hex-encoded SHA-256 digest) to stdout and exit. + -version : Print version information and exit.