View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0003037 | unreal | ircd | public | 2006-08-25 16:33 | 2007-06-11 15:44 |
| Reporter | Nazzy | Assigned To | |||
| Priority | normal | Severity | feature | Reproducibility | N/A |
| Status | closed | Resolution | suspended | ||
| Product Version | 3.2.5 | ||||
| Summary | 0003037: Patch to provide some extra fun for SSL | ||||
| Description | Okie, random chatting earlier, relating to me knowing 2 people with the same nick, and how to make your irc client positively identify you ... and we reach this idea: <aquanight> I kinda wish you could /whois someone who's on ssl and see their SSL cert public key <aquanight> so that you can know beyond a reasonable doubt who that person is Thats at like 4pm, I'm bored, and I think "Can't be that hard ..." It's now 10.30pm, here's a patch to do exactly that (well kinda). On whoising someone using ssl with a client cert, you get this sent as swhois: Certificate Information: /C=UK/ST=Manchester/L=Wigan/O=The-Cell/OU=Admin/CN=Nazzy Certificate Hash: d3c0cc6ec2d1c35cc93e3282adf9ea169b95a81f The Info is obviously the fields put in to your ssl cert. The Hash is a sha1 has of your public key... to get this hash (to publish some place only you could put it, to aid verification) you can do like this: $ grep -v -- ----- Nazzy.pem | openssl enc -base64 -d | sha1sum d3c0cc6ec2d1c35cc93e3282adf9ea169b95a81f - (Strips the opening and closing block lines, decodes the base64 and hashes it) I didn't think til after I'd finish that I'd patched this against a clean copy of 3.2.5 and not cvs, sorry about that :/ | ||||
| Attached Files | cert-swhois.patch.txt (4,657 bytes) | ||||
| 3rd party modules | |||||
|
|
Bleh, never make assumptions ... in order to get this patch not to crash miserably when used on a network, m_whois.c needs to have if (acptr->cert) replaced with if (MyClient(acptr) && (acptr->cert)) |
|
|
I haven't looked at your patch, but I'd switch to RIPEMD-160 as the hashing method. I'm far from a hashing expert, but it's supposedly faster and more secure. |
|
|
I think placeing plain text cert info in the whois might release more information than a user may want. I think just the hash of the cert is enough to get what you want |
|
|
[quote]I think placeing plain text cert info in the whois might release more information than a user may want.[/quote] You may be right, but after all, it is a *public* key. If you didn't want it public, you probably wouldn't put it in there. |
|
|
A whois opens this information up to whoever does a whois on you, which could be anyone. If it is not in the whois, it is generally only shared with servers (at least in my case) |
|
|
Please write proper patch that applies towards 3.3-alpha0 and has a define/conf option wether you want this functionality or not. Perhaps even a user mode? |
|
|
Please resubmit for 3.3, removed from bug queue until then due to lack of feedback. |
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2006-08-25 16:33 | Nazzy | New Issue | |
| 2006-08-25 16:33 | Nazzy | File Added: cert-swhois.patch.txt | |
| 2006-09-11 07:56 | Nazzy | Note Added: 0012378 | |
| 2006-09-24 15:06 |
|
Note Added: 0012427 | |
| 2006-09-24 16:11 | Stealth | Note Added: 0012428 | |
| 2006-09-24 19:39 |
|
Note Added: 0012430 | |
| 2006-09-24 22:53 | Stealth | Note Added: 0012431 | |
| 2007-04-19 04:32 |
|
Status | new => acknowledged |
| 2007-04-19 18:56 |
|
Status | acknowledged => confirmed |
| 2007-04-24 03:21 |
|
Note Added: 0013643 | |
| 2007-04-24 03:21 |
|
Status | confirmed => feedback |
| 2007-06-11 15:43 |
|
Status | feedback => closed |
| 2007-06-11 15:43 |
|
Note Added: 0014319 | |
| 2007-06-11 15:44 |
|
Resolution | open => suspended |
