kike: go with shorter SHA1 fingerprints
This commit is contained in:
parent
641aff5f57
commit
946522ba80
4
README
4
README
@ -54,8 +54,8 @@ background. Use something like `killall' if you want to terminate it.
|
|||||||
Client Certificates
|
Client Certificates
|
||||||
-------------------
|
-------------------
|
||||||
`kike' uses SHA1 fingerprints of SSL client certificates to authenticate users.
|
`kike' uses SHA1 fingerprints of SSL client certificates to authenticate users.
|
||||||
To get the fingerprint from a certificate file, use:
|
To get the fingerprint from a certificate file in the required form, use:
|
||||||
$ openssl x509 -noout -in cert.pem -sha1 -fingerprint
|
$ openssl x509 -in public.pem -outform DER | sha1sum
|
||||||
|
|
||||||
Disclaimer
|
Disclaimer
|
||||||
----------
|
----------
|
||||||
|
7
kike.c
7
kike.c
@ -277,7 +277,7 @@ irc_is_valid_user_mask (const char *mask)
|
|||||||
static bool
|
static bool
|
||||||
irc_is_valid_fingerprint (const char *fp)
|
irc_is_valid_fingerprint (const char *fp)
|
||||||
{
|
{
|
||||||
return irc_regex_match ("^[a-fA-F0-9]{2}(:[a-fA-F0-9]{2}){19}$", fp);
|
return irc_regex_match ("^[a-fA-F0-9]{40}$", fp);
|
||||||
}
|
}
|
||||||
|
|
||||||
// --- Clients (equals users) --------------------------------------------------
|
// --- Clients (equals users) --------------------------------------------------
|
||||||
@ -841,9 +841,8 @@ client_get_ssl_cert_fingerprint (struct client *c)
|
|||||||
|
|
||||||
struct str fingerprint;
|
struct str fingerprint;
|
||||||
str_init (&fingerprint);
|
str_init (&fingerprint);
|
||||||
str_append_printf (&fingerprint, "%02X", hash[0]);
|
for (size_t i = 0; i < sizeof hash; i++)
|
||||||
for (size_t i = 1; i < sizeof hash; i++)
|
str_append_printf (&fingerprint, "%02x", hash[i]);
|
||||||
str_append_printf (&fingerprint, ":%02X", hash[i]);
|
|
||||||
return str_steal (&fingerprint);
|
return str_steal (&fingerprint);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user