Skip to content

Trusted fingerprints: public key fp vs certificate fp #1507

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
DarthGandalf opened this issue Apr 2, 2018 · 3 comments
Open

Trusted fingerprints: public key fp vs certificate fp #1507

DarthGandalf opened this issue Apr 2, 2018 · 3 comments

Comments

@DarthGandalf
Copy link
Member

DarthGandalf commented Apr 2, 2018
edited
Loading

Currently ZNC compares fingerprint of the whole certificate with the whitelist, not only the public key part. That breaks e.g. key pinning of freenode tor hidden service, which provides public key fingerprint; fp of the whole certificate changes every time letsencrypt cert is renewed.

openssl x509 -pubkey -noout < cert.crt shows the public key part of the certificate. Need to find out how to do it in C API.

Irssi seems to support this already.
@DarthGandalf DarthGandalf changed the title Trusted fingerprints: public key fp vs certfiicate fp Trusted fingerprints: public key fp vs certificate fp Apr 2, 2018
@kushaldas
Copy link

This will be really helpful for Freenode+Tor users like me. 👍

@lessless
Copy link

lessless commented Jun 10, 2019
edited
Loading

same here, would be really helpful

@Mikaela
Copy link
Contributor

Mikaela commented Jun 12, 2019

The public key can also be gotten with gnutls-cli in case that is of any help for anyone.

└┌(%:~)┌- gnutls-cli chat.freenode.net:6697
...
        Public Key ID:
                sha1:f67d915f48fe77acb59231d32e7bb23db0430afd
                sha256:b575b498f1712f0042577568179b92fc4455ac198bdea6fae7fe3ed25046964e
...

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@kushaldas @DarthGandalf @Mikaela @lessless