Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Trusted fingerprints: public key fp vs certificate fp #1507

Open
DarthGandalf opened this issue Apr 2, 2018 · 3 comments

Comments

Projects
None yet
4 participants
@DarthGandalf
Copy link
Member

commented Apr 2, 2018

Currently ZNC compares fingerprint of the whole certificate with the whitelist, not only the public key part. That breaks e.g. key pinning of freenode tor hidden service, which provides public key fingerprint; fp of the whole certificate changes every time letsencrypt cert is renewed.

openssl x509 -pubkey -noout < cert.crt shows the public key part of the certificate. Need to find out how to do it in C API.

Irssi seems to support this already.

@DarthGandalf DarthGandalf changed the title Trusted fingerprints: public key fp vs certfiicate fp Trusted fingerprints: public key fp vs certificate fp Apr 2, 2018

@kushaldas

This comment has been minimized.

Copy link

commented Apr 2, 2018

This will be really helpful for Freenode+Tor users like me. 👍

@lessless

This comment has been minimized.

Copy link

commented Jun 10, 2019

same here, would be really helpful

@Mikaela

This comment has been minimized.

Copy link
Contributor

commented Jun 12, 2019

The public key can also be gotten with gnutls-cli in case that is of any help for anyone.

└┌(%:~)┌- gnutls-cli chat.freenode.net:6697
...
        Public Key ID:
                sha1:f67d915f48fe77acb59231d32e7bb23db0430afd
                sha256:b575b498f1712f0042577568179b92fc4455ac198bdea6fae7fe3ed25046964e
...
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.