Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

murmur/Cert: check for 'Murmur Autogenerated Certificate' prefix instead of explicit version in self-signed cert check. #3080

Merged
merged 1 commit into from May 11, 2017

Conversation

@mkrautz
Copy link
Member

commented May 8, 2017

This commit changes our check for whether a server is using a self-signed
certificate to check for the prefix 'Murmur Autogenerated Certificate'.

Previously, we would only check for 'Murmur Autogenerated Certificate v2'.
(The previous version, 'Murmur Autogenerated Certificate' is no longer valid,
so is not considered in this context.)

This will allow us to bump the version in the certificate, without needing
to update our code to know about these bumps.

murmur/Cert: check for 'Murmur Autogenerated Certificate' prefix inst…
…ead of explicit version in self-signed cert check.

This commit changes our check for whether a server is using a self-signed
certificate to check for the prefix 'Murmur Autogenerated Certificate'.

Previously, we would only check for 'Murmur Autogenerated Certificate v2'.
(The previous version, 'Murmur Autogenerated Certificate' is no longer valid,
so is not considered in this context.)

This will allow us to bump the version in the certificate, without needing
to update our code to know about these bumps.

@mkrautz mkrautz requested review from Kissaki, hacst and davidebeatrici May 8, 2017

@Kissaki
Kissaki approved these changes May 9, 2017
@Kissaki

This comment has been minimized.

Copy link
Member

commented May 9, 2017

Do you see this happening (soon)? A version bump?

What are we using this version for anyway?

@mkrautz

This comment has been minimized.

Copy link
Member Author

commented May 11, 2017

Yes, I plan to bump the self-signed certs to use SHA256 for new servers. (Whether to drop existing certificates, I don't know yet...). It's a PITA that our "certificate hash" is a hash of the whole certificate, and not just the public key. That'd have made this much easier.

Anyway, my plan is to add a new Murmur Autogenerated Certificate v3 which uses a SHA-256 hash for its signature. Is it technically necessary to bump the version? No. I believe the first version (no "vXXX" suffix) lacked the bits for it to work as a client certificate, so they couldn't be used for public server registration.

I feel like it's just nicer to bump the version when we make a change.

@mkrautz mkrautz merged commit 6aba984 into mumble-voip:master May 11, 2017

2 checks passed

continuous-integration/appveyor/pr AppVeyor build succeeded
Details
continuous-integration/travis-ci/pr The Travis CI build passed
Details
@Kissaki

This comment has been minimized.

Copy link
Member

commented May 11, 2017

our "certificate hash" is a hash of the whole certificate, and not just the public key

For real? That's confusing and stupid. :-/

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
2 participants
You can’t perform that action at this time.