diff options
| author | Přemysl Janouch <p.janouch@gmail.com> | 2014-08-13 19:22:43 +0200 |
|---|---|---|
| committer | Přemysl Janouch <p.janouch@gmail.com> | 2014-08-13 19:22:43 +0200 |
| commit | 946522ba8055589b3eb47e925c66544c115a1673 (patch) | |
| tree | b4447a7b0cdcf1f1ebff38a79deac0b545580b0d | |
| parent | 641aff5f571bc7da31e42a0ab32713749ff60c86 (diff) | |
| download | xK-946522ba8055589b3eb47e925c66544c115a1673.tar.gz xK-946522ba8055589b3eb47e925c66544c115a1673.tar.xz xK-946522ba8055589b3eb47e925c66544c115a1673.zip | |
kike: go with shorter SHA1 fingerprints
| -rw-r--r-- | README | 4 | ||||
| -rw-r--r-- | kike.c | 7 |
2 files changed, 5 insertions, 6 deletions
@@ -54,8 +54,8 @@ background. Use something like `killall' if you want to terminate it. Client Certificates ------------------- `kike' uses SHA1 fingerprints of SSL client certificates to authenticate users. -To get the fingerprint from a certificate file, use: - $ openssl x509 -noout -in cert.pem -sha1 -fingerprint +To get the fingerprint from a certificate file in the required form, use: + $ openssl x509 -in public.pem -outform DER | sha1sum Disclaimer ---------- @@ -277,7 +277,7 @@ irc_is_valid_user_mask (const char *mask) static bool irc_is_valid_fingerprint (const char *fp) { - return irc_regex_match ("^[a-fA-F0-9]{2}(:[a-fA-F0-9]{2}){19}$", fp); + return irc_regex_match ("^[a-fA-F0-9]{40}$", fp); } // --- Clients (equals users) -------------------------------------------------- @@ -841,9 +841,8 @@ client_get_ssl_cert_fingerprint (struct client *c) struct str fingerprint; str_init (&fingerprint); - str_append_printf (&fingerprint, "%02X", hash[0]); - for (size_t i = 1; i < sizeof hash; i++) - str_append_printf (&fingerprint, ":%02X", hash[i]); + for (size_t i = 0; i < sizeof hash; i++) + str_append_printf (&fingerprint, "%02x", hash[i]); return str_steal (&fingerprint); } |