diff options
author | Přemysl Eric Janouch <p@janouch.name> | 2022-09-26 13:56:45 +0200 |
---|---|---|
committer | Přemysl Eric Janouch <p@janouch.name> | 2022-09-26 13:58:08 +0200 |
commit | 7c74e6615dcf3d1ec288028ee1e49d2556cafffe (patch) | |
tree | 583ac1609799b525b4e9d312a5ae69d0a19ada19 /xD.c | |
parent | 614fd98fc1c78a1106928dcc1644abc520777956 (diff) | |
download | xK-7c74e6615dcf3d1ec288028ee1e49d2556cafffe.tar.gz xK-7c74e6615dcf3d1ec288028ee1e49d2556cafffe.tar.xz xK-7c74e6615dcf3d1ec288028ee1e49d2556cafffe.zip |
xD: use SHA-256 for certificate fingerprints
Just like xS. 2.0.0 is the ideal time for such a breaking change.
Diffstat (limited to 'xD.c')
-rw-r--r-- | xD.c | 8 |
1 files changed, 4 insertions, 4 deletions
@@ -49,7 +49,7 @@ static struct simple_config_item g_config_table[] = { "tls_key", NULL, "Server TLS private key (PEM)" }, { "tls_ciphers", DEFAULT_CIPHERS, "OpenSSL cipher list" }, - { "operators", NULL, "IRCop TLS client cert. SHA-1 fingerprints" }, + { "operators", NULL, "IRCop TLS client cert. SHA-256 fingerprints" }, { "max_connections", "0", "Global connection limit" }, { "ping_interval", "180", "Interval between PINGs (sec)" }, @@ -296,7 +296,7 @@ irc_is_valid_user_mask (const char *mask) static bool irc_is_valid_fingerprint (const char *fp) { - return irc_regex_match ("^[a-fA-F0-9]{40}$", fp); + return irc_regex_match ("^[a-fA-F0-9]{64}$", fp); } // --- Clients (equals users) -------------------------------------------------- @@ -1005,8 +1005,8 @@ client_get_ssl_cert_fingerprint (struct client *c) if (i2d_X509 (peer_cert, &p) < 0) return NULL; - unsigned char hash[SHA_DIGEST_LENGTH]; - SHA1 (cert, cert_len, hash); + unsigned char hash[SHA256_DIGEST_LENGTH]; + SHA256 (cert, cert_len, hash); struct str fingerprint = str_make (); for (size_t i = 0; i < sizeof hash; i++) |