summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorPřemysl Janouch <p.janouch@gmail.com>2014-08-13 19:22:43 +0200
committerPřemysl Janouch <p.janouch@gmail.com>2014-08-13 19:22:43 +0200
commit946522ba8055589b3eb47e925c66544c115a1673 (patch)
treeb4447a7b0cdcf1f1ebff38a79deac0b545580b0d
parent641aff5f571bc7da31e42a0ab32713749ff60c86 (diff)
downloadxK-946522ba8055589b3eb47e925c66544c115a1673.tar.gz
xK-946522ba8055589b3eb47e925c66544c115a1673.tar.xz
xK-946522ba8055589b3eb47e925c66544c115a1673.zip
kike: go with shorter SHA1 fingerprints
-rw-r--r--README4
-rw-r--r--kike.c7
2 files changed, 5 insertions, 6 deletions
diff --git a/README b/README
index d08c1a9..05cf0ad 100644
--- a/README
+++ b/README
@@ -54,8 +54,8 @@ background. Use something like `killall' if you want to terminate it.
Client Certificates
-------------------
`kike' uses SHA1 fingerprints of SSL client certificates to authenticate users.
-To get the fingerprint from a certificate file, use:
- $ openssl x509 -noout -in cert.pem -sha1 -fingerprint
+To get the fingerprint from a certificate file in the required form, use:
+ $ openssl x509 -in public.pem -outform DER | sha1sum
Disclaimer
----------
diff --git a/kike.c b/kike.c
index cd2abc0..39b824a 100644
--- a/kike.c
+++ b/kike.c
@@ -277,7 +277,7 @@ irc_is_valid_user_mask (const char *mask)
static bool
irc_is_valid_fingerprint (const char *fp)
{
- return irc_regex_match ("^[a-fA-F0-9]{2}(:[a-fA-F0-9]{2}){19}$", fp);
+ return irc_regex_match ("^[a-fA-F0-9]{40}$", fp);
}
// --- Clients (equals users) --------------------------------------------------
@@ -841,9 +841,8 @@ client_get_ssl_cert_fingerprint (struct client *c)
struct str fingerprint;
str_init (&fingerprint);
- str_append_printf (&fingerprint, "%02X", hash[0]);
- for (size_t i = 1; i < sizeof hash; i++)
- str_append_printf (&fingerprint, ":%02X", hash[i]);
+ for (size_t i = 0; i < sizeof hash; i++)
+ str_append_printf (&fingerprint, "%02x", hash[i]);
return str_steal (&fingerprint);
}