diff --git a/include/certfp.h b/include/certfp.h new file mode 100644 index 000000000..0913cade4 --- /dev/null +++ b/include/certfp.h @@ -0,0 +1,38 @@ +/* + * charybdis: A useful ircd. + * certpf.h: Fingerprint method strings + * + * Copyright 2016 Simon Arlott + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 + * USA + */ + +#ifndef INCLUDED_certfp_h +#define INCLUDED_certfp_h + +#define CERTFP_NAME_CERT_SHA1 "sha1" +#define CERTFP_PREFIX_CERT_SHA1 "" +#define CERTFP_NAME_CERT_SHA256 "sha256" +#define CERTFP_PREFIX_CERT_SHA256 "" +#define CERTFP_NAME_CERT_SHA512 "sha512" +#define CERTFP_PREFIX_CERT_SHA512 "" +/* These prefixes are copied from RFC 7218 */ +#define CERTFP_NAME_SPKI_SHA256 "spki_sha256" +#define CERTFP_PREFIX_SPKI_SHA256 "SPKI:SHA2-256:" +#define CERTFP_NAME_SPKI_SHA512 "spki_sha512" +#define CERTFP_PREFIX_SPKI_SHA512 "SPKI:SHA2-512:" + +#endif /* INCLUDED_certfp_h */ diff --git a/ircd/newconf.c b/ircd/newconf.c index c4c9ee08e..65cc12434 100644 --- a/ircd/newconf.c +++ b/ircd/newconf.c @@ -28,6 +28,7 @@ #include "wsproc.h" #include "privilege.h" #include "chmode.h" +#include "certfp.h" #define CF_TYPE(x) ((x) & CF_MTYPE) @@ -1717,15 +1718,15 @@ conf_set_general_certfp_method(void *data) { char *method = data; - if (!rb_strcasecmp(method, "sha1")) + if (!rb_strcasecmp(method, CERTFP_NAME_CERT_SHA1)) ConfigFileEntry.certfp_method = RB_SSL_CERTFP_METH_CERT_SHA1; - else if (!rb_strcasecmp(method, "sha256")) + else if (!rb_strcasecmp(method, CERTFP_NAME_CERT_SHA256)) ConfigFileEntry.certfp_method = RB_SSL_CERTFP_METH_CERT_SHA256; - else if (!rb_strcasecmp(method, "sha512")) + else if (!rb_strcasecmp(method, CERTFP_NAME_CERT_SHA512)) ConfigFileEntry.certfp_method = RB_SSL_CERTFP_METH_CERT_SHA512; - else if (!rb_strcasecmp(method, "spki_sha256")) + else if (!rb_strcasecmp(method, CERTFP_NAME_SPKI_SHA256)) ConfigFileEntry.certfp_method = RB_SSL_CERTFP_METH_SPKI_SHA256; - else if (!rb_strcasecmp(method, "spki_sha512")) + else if (!rb_strcasecmp(method, CERTFP_NAME_SPKI_SHA512)) ConfigFileEntry.certfp_method = RB_SSL_CERTFP_METH_SPKI_SHA512; else { diff --git a/ircd/sslproc.c b/ircd/sslproc.c index 8780e1ac4..f4b8016a2 100644 --- a/ircd/sslproc.c +++ b/ircd/sslproc.c @@ -33,6 +33,7 @@ #include "client.h" #include "send.h" #include "packet.h" +#include "certfp.h" #define ZIPSTATS_TIME 60 @@ -499,17 +500,19 @@ ssl_process_certfp(ssl_ctl_t * ctl, ssl_ctl_buf_t * ctl_buf) switch (certfp_method) { case RB_SSL_CERTFP_METH_CERT_SHA1: - case RB_SSL_CERTFP_METH_CERT_SHA256: - case RB_SSL_CERTFP_METH_CERT_SHA512: - method_string = ""; + method_string = CERTFP_PREFIX_CERT_SHA1; + break; + case RB_SSL_CERTFP_METH_CERT_SHA256: + method_string = CERTFP_PREFIX_CERT_SHA256; + break; + case RB_SSL_CERTFP_METH_CERT_SHA512: + method_string = CERTFP_PREFIX_CERT_SHA512; break; - - /* These names are copied from RFC 7218 */ case RB_SSL_CERTFP_METH_SPKI_SHA256: - method_string = "SPKI:SHA2-256:"; + method_string = CERTFP_PREFIX_SPKI_SHA256; break; case RB_SSL_CERTFP_METH_SPKI_SHA512: - method_string = "SPKI:SHA2-512:"; + method_string = CERTFP_PREFIX_SPKI_SHA512; break; default: return;