Currently ZNC compares fingerprint of the whole certificate with the whitelist, not only the public key part. That breaks e.g. key pinning of freenode tor hidden service, which provides public key fingerprint; fp of the whole certificate changes every time letsencrypt cert is renewed.
openssl x509 -pubkey -noout < cert.crt shows the public key part of the certificate. Need to find out how to do it in C API.
Irssi seems to support this already.
The text was updated successfully, but these errors were encountered: