Apologies if this turns out to be specific to the way that certspotter’s CT log works, rather than the CT information that LE is providing.
I’m trying to match up the certificates list in certspotter’s issuances log for a given domain against local copies of the certificates which were issued by LE. One of the fields included in “tbs_sha256” which aiui should be a SHA256 hash of the TBS certificate.
I’m doing this using Python’s cryptography library:
with open(filename, 'rb') as f: pem_data = f.read() cert = x509.load_pem_x509_certificate(pem_data, default_backend()) tbs_hash = hashlib.sha256(cert.tbs_certificate_bytes).hexdigest()
but the resulting hash never matches the CT log. Am I missing something obvious?