From 946522ba8055589b3eb47e925c66544c115a1673 Mon Sep 17 00:00:00 2001 From: Přemysl Janouch Date: Wed, 13 Aug 2014 19:22:43 +0200 Subject: kike: go with shorter SHA1 fingerprints --- README | 4 ++-- kike.c | 7 +++---- 2 files changed, 5 insertions(+), 6 deletions(-) diff --git a/README b/README index d08c1a9..05cf0ad 100644 --- a/README +++ b/README @@ -54,8 +54,8 @@ background. Use something like `killall' if you want to terminate it. Client Certificates ------------------- `kike' uses SHA1 fingerprints of SSL client certificates to authenticate users. -To get the fingerprint from a certificate file, use: - $ openssl x509 -noout -in cert.pem -sha1 -fingerprint +To get the fingerprint from a certificate file in the required form, use: + $ openssl x509 -in public.pem -outform DER | sha1sum Disclaimer ---------- diff --git a/kike.c b/kike.c index cd2abc0..39b824a 100644 --- a/kike.c +++ b/kike.c @@ -277,7 +277,7 @@ irc_is_valid_user_mask (const char *mask) static bool irc_is_valid_fingerprint (const char *fp) { - return irc_regex_match ("^[a-fA-F0-9]{2}(:[a-fA-F0-9]{2}){19}$", fp); + return irc_regex_match ("^[a-fA-F0-9]{40}$", fp); } // --- Clients (equals users) -------------------------------------------------- @@ -841,9 +841,8 @@ client_get_ssl_cert_fingerprint (struct client *c) struct str fingerprint; str_init (&fingerprint); - str_append_printf (&fingerprint, "%02X", hash[0]); - for (size_t i = 1; i < sizeof hash; i++) - str_append_printf (&fingerprint, ":%02X", hash[i]); + for (size_t i = 0; i < sizeof hash; i++) + str_append_printf (&fingerprint, "%02x", hash[i]); return str_steal (&fingerprint); } -- cgit v1.2.3-70-g09d2