I am using the google app engine for my application and it has google managed SSL certificates enable. Google automatically renews it also before expiration.
One thing I noticed that google uses the same private key for creating or renewing the new certificates so the hash of the public key is not changing.
Now what I wanted to do is validate this public key hash while doing a request to the server in python using urllib3 or with any other library. So that if it doesn't matches with the hash of the incoming public key hash it fails the request and alerts me about me.
I went through a lot of links about pinning and all but didn't able to find anything for such comparison. Can somebody help me here? Specifically how to do it with python3?
PS: I don't have the certificate or its private key since it is managed by Google (didn't find any option too to download the current certificate from the google app engine). I already have the hash of the public key as Pin SHA256: xxxxxxxxxxxx