diff options
author | Lars-Dominik Braun <lars@6xq.net> | 2011-11-11 14:45:21 +0100 |
---|---|---|
committer | Lars-Dominik Braun <lars@6xq.net> | 2011-11-11 15:24:50 +0100 |
commit | a0e4f1e0f5989505f4aab10d64194b635f9af53c (patch) | |
tree | 6a7fe01f25d632b8fe40859af96ab96a3576022b /src/settings.c | |
parent | fb1b9c541346b3cfc80305ef12ee87ced70d5037 (diff) | |
download | pianobar-a0e4f1e0f5989505f4aab10d64194b635f9af53c.tar.gz pianobar-a0e4f1e0f5989505f4aab10d64194b635f9af53c.tar.bz2 pianobar-a0e4f1e0f5989505f4aab10d64194b635f9af53c.zip |
waitress: Fingerprint check
Reduces memory usage, protects against 0wned CA's and avoids ca-bundle
confusion.
Closes #175
Diffstat (limited to 'src/settings.c')
-rw-r--r-- | src/settings.c | 18 |
1 files changed, 13 insertions, 5 deletions
diff --git a/src/settings.c b/src/settings.c index f29fcfa..ee332cc 100644 --- a/src/settings.c +++ b/src/settings.c @@ -93,7 +93,6 @@ void BarSettingsDestroy (BarSettings_t *settings) { free (settings->npStationFormat); free (settings->listSongFormat); free (settings->fifo); - free (settings->tlsCaPath); for (size_t i = 0; i < MSG_COUNT; i++) { free (settings->msgFormat[i].prefix); free (settings->msgFormat[i].postfix); @@ -132,7 +131,9 @@ void BarSettingsRead (BarSettings_t *settings) { settings->listSongFormat = strdup ("%i) %a - %t%r"); settings->fifo = malloc (PATH_MAX * sizeof (*settings->fifo)); BarGetXdgConfigDir (PACKAGE "/ctl", settings->fifo, PATH_MAX); - settings->tlsCaPath = strdup ("/etc/ssl/certs/ca-certificates.crt"); + memcpy (settings->tlsFingerprint, "\xD9\x98\x0B\xA2\xCC\x0F\x97\xBB" + "\x03\x82\x2C\x62\x11\xEA\xEA\x4A\x06\xEE\xF4\x27", + sizeof (settings->tlsFingerprint)); settings->msgFormat[MSG_NONE].prefix = NULL; settings->msgFormat[MSG_NONE].postfix = NULL; @@ -241,9 +242,16 @@ void BarSettingsRead (BarSettings_t *settings) { } else if (streq ("fifo", key)) { free (settings->fifo); settings->fifo = strdup (val); - } else if (streq ("tls_ca_path", key)) { - free (settings->tlsCaPath); - settings->tlsCaPath = strdup (val); + } else if (streq ("tls_fingerprint", key)) { + /* expects 40 byte hex-encoded sha1 */ + if (strlen (val) == 40) { + for (size_t i = 0; i < 20; i++) { + char hex[3]; + memcpy (hex, &val[i*2], 2); + hex[2] = '\0'; + settings->tlsFingerprint[i] = strtol (hex, NULL, 16); + } + } } else if (strncmp (formatMsgPrefix, key, strlen (formatMsgPrefix)) == 0) { static const char *mapping[] = {"none", "info", "nowplaying", |