From a0e4f1e0f5989505f4aab10d64194b635f9af53c Mon Sep 17 00:00:00 2001 From: Lars-Dominik Braun Date: Fri, 11 Nov 2011 14:45:21 +0100 Subject: waitress: Fingerprint check Reduces memory usage, protects against 0wned CA's and avoids ca-bundle confusion. Closes #175 --- src/settings.c | 18 +++++++++++++----- 1 file changed, 13 insertions(+), 5 deletions(-) (limited to 'src/settings.c') diff --git a/src/settings.c b/src/settings.c index f29fcfa..ee332cc 100644 --- a/src/settings.c +++ b/src/settings.c @@ -93,7 +93,6 @@ void BarSettingsDestroy (BarSettings_t *settings) { free (settings->npStationFormat); free (settings->listSongFormat); free (settings->fifo); - free (settings->tlsCaPath); for (size_t i = 0; i < MSG_COUNT; i++) { free (settings->msgFormat[i].prefix); free (settings->msgFormat[i].postfix); @@ -132,7 +131,9 @@ void BarSettingsRead (BarSettings_t *settings) { settings->listSongFormat = strdup ("%i) %a - %t%r"); settings->fifo = malloc (PATH_MAX * sizeof (*settings->fifo)); BarGetXdgConfigDir (PACKAGE "/ctl", settings->fifo, PATH_MAX); - settings->tlsCaPath = strdup ("/etc/ssl/certs/ca-certificates.crt"); + memcpy (settings->tlsFingerprint, "\xD9\x98\x0B\xA2\xCC\x0F\x97\xBB" + "\x03\x82\x2C\x62\x11\xEA\xEA\x4A\x06\xEE\xF4\x27", + sizeof (settings->tlsFingerprint)); settings->msgFormat[MSG_NONE].prefix = NULL; settings->msgFormat[MSG_NONE].postfix = NULL; @@ -241,9 +242,16 @@ void BarSettingsRead (BarSettings_t *settings) { } else if (streq ("fifo", key)) { free (settings->fifo); settings->fifo = strdup (val); - } else if (streq ("tls_ca_path", key)) { - free (settings->tlsCaPath); - settings->tlsCaPath = strdup (val); + } else if (streq ("tls_fingerprint", key)) { + /* expects 40 byte hex-encoded sha1 */ + if (strlen (val) == 40) { + for (size_t i = 0; i < 20; i++) { + char hex[3]; + memcpy (hex, &val[i*2], 2); + hex[2] = '\0'; + settings->tlsFingerprint[i] = strtol (hex, NULL, 16); + } + } } else if (strncmp (formatMsgPrefix, key, strlen (formatMsgPrefix)) == 0) { static const char *mapping[] = {"none", "info", "nowplaying", -- cgit v1.2.3