kike: go with shorter SHA1 fingerprints

This commit is contained in:
Přemysl Eric Janouch 2014-08-13 19:22:43 +02:00
parent 641aff5f57
commit 946522ba80
2 changed files with 5 additions and 6 deletions

4
README
View File

@ -54,8 +54,8 @@ background. Use something like `killall' if you want to terminate it.
Client Certificates Client Certificates
------------------- -------------------
`kike' uses SHA1 fingerprints of SSL client certificates to authenticate users. `kike' uses SHA1 fingerprints of SSL client certificates to authenticate users.
To get the fingerprint from a certificate file, use: To get the fingerprint from a certificate file in the required form, use:
$ openssl x509 -noout -in cert.pem -sha1 -fingerprint $ openssl x509 -in public.pem -outform DER | sha1sum
Disclaimer Disclaimer
---------- ----------

7
kike.c
View File

@ -277,7 +277,7 @@ irc_is_valid_user_mask (const char *mask)
static bool static bool
irc_is_valid_fingerprint (const char *fp) irc_is_valid_fingerprint (const char *fp)
{ {
return irc_regex_match ("^[a-fA-F0-9]{2}(:[a-fA-F0-9]{2}){19}$", fp); return irc_regex_match ("^[a-fA-F0-9]{40}$", fp);
} }
// --- Clients (equals users) -------------------------------------------------- // --- Clients (equals users) --------------------------------------------------
@ -841,9 +841,8 @@ client_get_ssl_cert_fingerprint (struct client *c)
struct str fingerprint; struct str fingerprint;
str_init (&fingerprint); str_init (&fingerprint);
str_append_printf (&fingerprint, "%02X", hash[0]); for (size_t i = 0; i < sizeof hash; i++)
for (size_t i = 1; i < sizeof hash; i++) str_append_printf (&fingerprint, "%02x", hash[i]);
str_append_printf (&fingerprint, ":%02X", hash[i]);
return str_steal (&fingerprint); return str_steal (&fingerprint);
} }