backup/barrier
1
0
Fork 0
mirror of https://github.com/debauchee/barrier.git synced 2026-02-14 07:35:28 +08:00
Code Issues Projects Releases Wiki Activity

gui: Add support for SHA256 fingerprints

Browse Source 
For the time being both SHA1 and SHA256 fingerprints will be shown in
the UI. This allows users to verify new connections between old and new
versions of Barrier. After the initial verification we use SHA256
fingerprints.

The issue has been reported by Matthias Gerstner <mgerstner@suse.de>.
This commit is contained in:
Povilas Kanapickas
2021-11-01 02:52:52 +02:00
parent c7e6fc6c7e
commit a428b61c7d
9 changed files with 185 additions and 26 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
src/lib/net/SecureSocket.cpp
View File

@@ -657,17 +657,22 @@ bool
SecureSocket::verifyCertFingerprint()
{
// calculate received certificate fingerprint
barrier::FingerprintData fingerprint;
barrier::FingerprintData fingerprint_sha1, fingerprint_sha256;
try {
fingerprint = barrier::get_ssl_cert_fingerprint(SSL_get_peer_certificate(m_ssl->m_ssl),
barrier::FingerprintType::SHA1);
auto* cert = SSL_get_peer_certificate(m_ssl->m_ssl);
fingerprint_sha1 = barrier::get_ssl_cert_fingerprint(cert,
barrier::FingerprintType::SHA1);
fingerprint_sha256 = barrier::get_ssl_cert_fingerprint(cert,
barrier::FingerprintType::SHA256);
} catch (const std::exception& e) {
LOG((CLOG_ERR "%s", e.what()));
return false;
}
LOG((CLOG_NOTE "server fingerprint: %s",
barrier::format_ssl_fingerprint(fingerprint.data).c_str()));
// note: the GUI parses the following two lines of logs, don't change unnecessarily
LOG((CLOG_NOTE "server fingerprint (SHA1): %s (SHA256): %s",
barrier::format_ssl_fingerprint(fingerprint_sha1.data).c_str(),
barrier::format_ssl_fingerprint(fingerprint_sha256.data).c_str()));
auto fingerprint_db_path = DataDirectories::trusted_servers_ssl_fingerprints_path();
@@ -685,7 +690,7 @@ SecureSocket::verifyCertFingerprint()
fingerprint_db_path.c_str()));
}
if (db.is_trusted(fingerprint)) {
if (db.is_trusted(fingerprint_sha256)) {
LOG((CLOG_NOTE "Fingerprint matches trusted fingerprint"));
return true;
} else {