kike: go with shorter SHA1 fingerprints

2014-08-13 19:22:43 +02:00 · 2014-08-13 19:22:43 +02:00 · 946522ba80
commit 946522ba80
parent 641aff5f57
2 changed files with 5 additions and 6 deletions
--- a/4
+++ b/4
@ -54,8 +54,8 @@ background.  Use something like `killall' if you want to terminate it.
 Client Certificates
 -------------------
 `kike' uses SHA1 fingerprints of SSL client certificates to authenticate users.
-To get the fingerprint from a certificate file, use:
- $ openssl x509 -noout -in cert.pem -sha1 -fingerprint
+To get the fingerprint from a certificate file in the required form, use:
+ $ openssl x509 -in public.pem -outform DER | sha1sum

 Disclaimer
 ----------
--- a/kike.c
+++ b/kike.c
@ -277,7 +277,7 @@ irc_is_valid_user_mask (const char *mask)
 static bool
 irc_is_valid_fingerprint (const char *fp)
 {
-	return irc_regex_match ("^[a-fA-F0-9]{2}(:[a-fA-F0-9]{2}){19}$", fp);
+	return irc_regex_match ("^[a-fA-F0-9]{40}$", fp);
 }

 // --- Clients (equals users) --------------------------------------------------
@ -841,9 +841,8 @@ client_get_ssl_cert_fingerprint (struct client *c)

 	struct str fingerprint;
 	str_init (&fingerprint);
-	str_append_printf (&fingerprint, "%02X", hash[0]);
-	for (size_t i = 1; i < sizeof hash; i++)
-		str_append_printf (&fingerprint, ":%02X", hash[i]);
+	for (size_t i = 0; i < sizeof hash; i++)
+		str_append_printf (&fingerprint, "%02x", hash[i]);
 	return str_steal (&fingerprint);
 }