From 946522ba8055589b3eb47e925c66544c115a1673 Mon Sep 17 00:00:00 2001
From: Přemysl Janouch
Date: Wed, 13 Aug 2014 19:22:43 +0200
Subject: kike: go with shorter SHA1 fingerprints
---
README | 4 ++--
kike.c | 7 +++----
2 files changed, 5 insertions(+), 6 deletions(-)
diff --git a/README b/README
index d08c1a9..05cf0ad 100644
--- a/README
+++ b/README
@@ -54,8 +54,8 @@ background. Use something like `killall' if you want to terminate it.
Client Certificates
-------------------
`kike' uses SHA1 fingerprints of SSL client certificates to authenticate users.
-To get the fingerprint from a certificate file, use:
- $ openssl x509 -noout -in cert.pem -sha1 -fingerprint
+To get the fingerprint from a certificate file in the required form, use:
+ $ openssl x509 -in public.pem -outform DER | sha1sum
Disclaimer
----------
diff --git a/kike.c b/kike.c
index cd2abc0..39b824a 100644
--- a/kike.c
+++ b/kike.c
@@ -277,7 +277,7 @@ irc_is_valid_user_mask (const char *mask)
static bool
irc_is_valid_fingerprint (const char *fp)
{
- return irc_regex_match ("^[a-fA-F0-9]{2}(:[a-fA-F0-9]{2}){19}$", fp);
+ return irc_regex_match ("^[a-fA-F0-9]{40}$", fp);
}
// --- Clients (equals users) --------------------------------------------------
@@ -841,9 +841,8 @@ client_get_ssl_cert_fingerprint (struct client *c)
struct str fingerprint;
str_init (&fingerprint);
- str_append_printf (&fingerprint, "%02X", hash[0]);
- for (size_t i = 1; i < sizeof hash; i++)
- str_append_printf (&fingerprint, ":%02X", hash[i]);
+ for (size_t i = 0; i < sizeof hash; i++)
+ str_append_printf (&fingerprint, "%02x", hash[i]);
return str_steal (&fingerprint);
}
--
cgit v1.2.3-70-g09d2