summaryrefslogtreecommitdiff
path: root/src/settings.c
diff options
context:
space:
mode:
authorLars-Dominik Braun <lars@6xq.net>2011-11-11 14:45:21 +0100
committerLars-Dominik Braun <lars@6xq.net>2011-11-11 15:24:50 +0100
commita0e4f1e0f5989505f4aab10d64194b635f9af53c (patch)
tree6a7fe01f25d632b8fe40859af96ab96a3576022b /src/settings.c
parentfb1b9c541346b3cfc80305ef12ee87ced70d5037 (diff)
downloadpianobar-a0e4f1e0f5989505f4aab10d64194b635f9af53c.tar.gz
pianobar-a0e4f1e0f5989505f4aab10d64194b635f9af53c.tar.bz2
pianobar-a0e4f1e0f5989505f4aab10d64194b635f9af53c.zip
waitress: Fingerprint check
Reduces memory usage, protects against 0wned CA's and avoids ca-bundle confusion. Closes #175
Diffstat (limited to 'src/settings.c')
-rw-r--r--src/settings.c18
1 files changed, 13 insertions, 5 deletions
diff --git a/src/settings.c b/src/settings.c
index f29fcfa..ee332cc 100644
--- a/src/settings.c
+++ b/src/settings.c
@@ -93,7 +93,6 @@ void BarSettingsDestroy (BarSettings_t *settings) {
free (settings->npStationFormat);
free (settings->listSongFormat);
free (settings->fifo);
- free (settings->tlsCaPath);
for (size_t i = 0; i < MSG_COUNT; i++) {
free (settings->msgFormat[i].prefix);
free (settings->msgFormat[i].postfix);
@@ -132,7 +131,9 @@ void BarSettingsRead (BarSettings_t *settings) {
settings->listSongFormat = strdup ("%i) %a - %t%r");
settings->fifo = malloc (PATH_MAX * sizeof (*settings->fifo));
BarGetXdgConfigDir (PACKAGE "/ctl", settings->fifo, PATH_MAX);
- settings->tlsCaPath = strdup ("/etc/ssl/certs/ca-certificates.crt");
+ memcpy (settings->tlsFingerprint, "\xD9\x98\x0B\xA2\xCC\x0F\x97\xBB"
+ "\x03\x82\x2C\x62\x11\xEA\xEA\x4A\x06\xEE\xF4\x27",
+ sizeof (settings->tlsFingerprint));
settings->msgFormat[MSG_NONE].prefix = NULL;
settings->msgFormat[MSG_NONE].postfix = NULL;
@@ -241,9 +242,16 @@ void BarSettingsRead (BarSettings_t *settings) {
} else if (streq ("fifo", key)) {
free (settings->fifo);
settings->fifo = strdup (val);
- } else if (streq ("tls_ca_path", key)) {
- free (settings->tlsCaPath);
- settings->tlsCaPath = strdup (val);
+ } else if (streq ("tls_fingerprint", key)) {
+ /* expects 40 byte hex-encoded sha1 */
+ if (strlen (val) == 40) {
+ for (size_t i = 0; i < 20; i++) {
+ char hex[3];
+ memcpy (hex, &val[i*2], 2);
+ hex[2] = '\0';
+ settings->tlsFingerprint[i] = strtol (hex, NULL, 16);
+ }
+ }
} else if (strncmp (formatMsgPrefix, key,
strlen (formatMsgPrefix)) == 0) {
static const char *mapping[] = {"none", "info", "nowplaying",