Browse Source

kike: go with shorter SHA1 fingerprints

tags/v0.9
Přemysl Janouch 5 years ago
parent
commit
946522ba80
2 changed files with 5 additions and 6 deletions
  1. +2
    -2
      README
  2. +3
    -4
      kike.c

+ 2
- 2
README View File

@@ -54,8 +54,8 @@ background. Use something like `killall' if you want to terminate it.
Client Certificates
-------------------
`kike' uses SHA1 fingerprints of SSL client certificates to authenticate users.
To get the fingerprint from a certificate file, use:
$ openssl x509 -noout -in cert.pem -sha1 -fingerprint
To get the fingerprint from a certificate file in the required form, use:
$ openssl x509 -in public.pem -outform DER | sha1sum

Disclaimer
----------

+ 3
- 4
kike.c View File

@@ -277,7 +277,7 @@ irc_is_valid_user_mask (const char *mask)
static bool
irc_is_valid_fingerprint (const char *fp)
{
return irc_regex_match ("^[a-fA-F0-9]{2}(:[a-fA-F0-9]{2}){19}$", fp);
return irc_regex_match ("^[a-fA-F0-9]{40}$", fp);
}

// --- Clients (equals users) --------------------------------------------------
@@ -841,9 +841,8 @@ client_get_ssl_cert_fingerprint (struct client *c)

struct str fingerprint;
str_init (&fingerprint);
str_append_printf (&fingerprint, "%02X", hash[0]);
for (size_t i = 1; i < sizeof hash; i++)
str_append_printf (&fingerprint, ":%02X", hash[i]);
for (size_t i = 0; i < sizeof hash; i++)
str_append_printf (&fingerprint, "%02x", hash[i]);
return str_steal (&fingerprint);
}


Loading…
Cancel
Save