View Issue Details

IDProjectCategoryView StatusLast Update
0004136unrealircdpublic2015-05-18 17:22
ReporterNath Assigned Tosyzop  
PrioritynormalSeverityfeatureReproducibilityN/A
Status resolvedResolutionfixed 
Product Version3.2.10-rc1 
Fixed in Version3.4-alpha2 
Summary0004136: Extension to SSL Fingerprints
DescriptionThe attached patch enables unreal to store ssl fingerprints in the client struct when a client connects (users and servers). It will also distribute the fingerprint to the rest of the network. This should allow services packages to enable fingerprint auth with Unreal.
TagsNo tags attached.
Attached Files
fingerprint.patch (14,940 bytes)
fingerprint_2.patch (16,182 bytes)
fingerprint_3.patch (16,134 bytes)
3rd party modules

Relationships

has duplicate 0004225 closed Authorization client via SSL 

Activities

Nath

2012-10-25 01:14

reporter   ~0017192

Patch has been tested, but not extensively, I welcome any and all feedback on it.

Thanks.

Nath

2012-10-25 02:34

reporter   ~0017193

Please use fingerprint_2.patch, It includes proper use of RPL strings and some sanity checks swapping strcpy() for strlcpy().

nenolod

2012-10-25 03:37

reporter   ~0017194

Don't use add_Command() and del_Command(). Instead, use CommandAdd() and friends.

There is already a function for deriving the SHA256 fingerprint as well. Please use that function.

I will mark it as having a patch though.

Nath

2012-10-25 03:43

reporter   ~0017196

Last edited: 2012-10-25 04:03

There is? That's odd because I took that code from auth.c with no function to be seen...I'll change to CommandAdd etc.

EDIT:
I'm withholding my next patch until I'm directed to this function, just so I don't end up uploading more files than required. However from grepping "sha256" there doesn't seem to be any such function that I can find. I also wonder, if we do indeed already have that function, why doesn't auth.c in 3.2.10 use it when determining the fingerprint?

Nath

2012-10-25 18:59

reporter   ~0017202

After discussions with Jobe and warg, it has been concluded that the method of deriving the sha256 fingerprint used in the patch is the correct one.

fingerprint_3.patch added.

nenolod

2012-10-27 04:27

reporter   ~0017205

Hmm. My mistake. Please split out the auth.c stuff into a function and use that.

syzop

2015-05-18 17:22

administrator   ~0018316

The issue mentioned in this bug report has been done: fingerprints are now stored, broadcasted to all servers, and shown in /WHOIS.

Only thing that has not been done is converting auth.c to use it (it currently just fetches it again). That's more of a cleanup thing though..

Issue History

Date Modified Username Field Change
2012-10-25 01:13 Nath New Issue
2012-10-25 01:13 Nath File Added: fingerprint.patch
2012-10-25 01:14 Nath Note Added: 0017192
2012-10-25 02:33 Nath File Added: fingerprint_2.patch
2012-10-25 02:34 Nath Note Added: 0017193
2012-10-25 03:37 nenolod Note Added: 0017194
2012-10-25 03:37 nenolod Status new => has patch
2012-10-25 03:43 Nath Note Added: 0017196
2012-10-25 04:03 Nath Note Edited: 0017196
2012-10-25 18:16 Nath File Added: fingerprint_3.patch
2012-10-25 18:59 Nath Note Added: 0017202
2012-10-27 04:27 nenolod Note Added: 0017205
2013-07-18 00:42 Stealth Relationship added has duplicate 0004225
2014-03-14 01:14 peterkingalexander Issue cloned: 0004295
2015-05-18 17:22 syzop Note Added: 0018316
2015-05-18 17:22 syzop Status has patch => resolved
2015-05-18 17:22 syzop Fixed in Version => 3.4-alpha2
2015-05-18 17:22 syzop Resolution open => fixed
2015-05-18 17:22 syzop Assigned To => syzop