Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Trusted fingerprints: public key fp vs certificate fp #1507

Open
DarthGandalf opened this issue Apr 2, 2018 · 3 comments
Open

Trusted fingerprints: public key fp vs certificate fp #1507

DarthGandalf opened this issue Apr 2, 2018 · 3 comments

Comments

@DarthGandalf
Copy link
Member

@DarthGandalf DarthGandalf commented Apr 2, 2018

Currently ZNC compares fingerprint of the whole certificate with the whitelist, not only the public key part. That breaks e.g. key pinning of freenode tor hidden service, which provides public key fingerprint; fp of the whole certificate changes every time letsencrypt cert is renewed.

openssl x509 -pubkey -noout < cert.crt shows the public key part of the certificate. Need to find out how to do it in C API.

Irssi seems to support this already.

@DarthGandalf DarthGandalf changed the title Trusted fingerprints: public key fp vs certfiicate fp Trusted fingerprints: public key fp vs certificate fp Apr 2, 2018
@kushaldas
Copy link

@kushaldas kushaldas commented Apr 2, 2018

This will be really helpful for Freenode+Tor users like me. 👍

Loading

@lessless
Copy link

@lessless lessless commented Jun 10, 2019

same here, would be really helpful

Loading

@Mikaela
Copy link
Contributor

@Mikaela Mikaela commented Jun 12, 2019

The public key can also be gotten with gnutls-cli in case that is of any help for anyone.

└┌(%:~)┌- gnutls-cli chat.freenode.net:6697
...
        Public Key ID:
                sha1:f67d915f48fe77acb59231d32e7bb23db0430afd
                sha256:b575b498f1712f0042577568179b92fc4455ac198bdea6fae7fe3ed25046964e
...

Loading

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
4 participants