summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rwxr-xr-xvchat-ssl.c23
1 files changed, 14 insertions, 9 deletions
diff --git a/vchat-ssl.c b/vchat-ssl.c
index e584f6c..ef5b96e 100755
--- a/vchat-ssl.c
+++ b/vchat-ssl.c
@@ -221,7 +221,7 @@ int vc_connect_ssl( BIO **conn, vc_x509store_t *vc_store )
221 assert ( ( fingerprint_len > 1 ) && (fingerprint_len * 3 < TMPSTRSIZE )); 221 assert ( ( fingerprint_len > 1 ) && (fingerprint_len * 3 < TMPSTRSIZE ));
222 char * nf = new_fingerprint; 222 char * nf = new_fingerprint;
223 for (j=0; j<(int)fingerprint_len; j++) 223 for (j=0; j<(int)fingerprint_len; j++)
224 nf += snprintf(nf, 3, "%02X:", fingerprint_bin[j]); 224 nf += snprintf(nf, 4, "%02X:", fingerprint_bin[j]);
225 assert ( nf > new_fingerprint ); 225 assert ( nf > new_fingerprint );
226 nf[-1] = 0; 226 nf[-1] = 0;
227 snprintf(tmpstr, TMPSTRSIZE, "[SSL FINGERPRINT ] from server: %s", new_fingerprint); 227 snprintf(tmpstr, TMPSTRSIZE, "[SSL FINGERPRINT ] from server: %s", new_fingerprint);
@@ -236,15 +236,20 @@ int vc_connect_ssl( BIO **conn, vc_x509store_t *vc_store )
236 char * r = fgets(old_fingerprint, TMPSTRSIZE, fingerprint_file); 236 char * r = fgets(old_fingerprint, TMPSTRSIZE, fingerprint_file);
237 fclose(fingerprint_file); 237 fclose(fingerprint_file);
238 238
239 /* verify fingerprint matches stored version */ 239 if (r) {
240 if ( r &&!strncmp(new_fingerprint, old_fingerprint, TMPSTRSIZE)) 240 // chomp
241 return 0; 241 char *nl = strchr(r, '\n');
242 else { 242 if (nl) *nl = 0;
243 snprintf(tmpstr, TMPSTRSIZE, "[SSL FINGERPRINT ] from %s: %s", getstroption(CF_FINGERPRINT), r ? old_fingerprint : "<FILE READ ERROR>" ); 243
244 writecf(FS_ERR, tmpstr); 244 /* verify fingerprint matches stored version */
245 writecf(FS_ERR, "[SSL CONNECT ERROR] Fingerprint mismatch! Server cert updated?"); 245 if (!strcmp(new_fingerprint, old_fingerprint))
246 return 1; 246 return 0;
247 } 247 }
248
249 snprintf(tmpstr, TMPSTRSIZE, "[SSL FINGERPRINT ] from %s: %s", getstroption(CF_FINGERPRINT), r ? old_fingerprint : "<FILE READ ERROR>" );
250 writecf(FS_ERR, tmpstr);
251 writecf(FS_ERR, "[SSL CONNECT ERROR] Fingerprint mismatch! Server cert updated?");
252 return 1;
248 } else { 253 } else {
249 /* FIXME: there might be other errors than missing file */ 254 /* FIXME: there might be other errors than missing file */
250 fingerprint_file = fopen(tilde_expand(getstroption(CF_FINGERPRINT)), "w"); 255 fingerprint_file = fopen(tilde_expand(getstroption(CF_FINGERPRINT)), "w");