Small inconveniences with the peer-fingerprint option #516
Description
Describe the bug
The peer-fingerprint option logs a badly formatted line and the supplied fingerprint requires colons.
To Reproduce
Fingerprint format error:
$ openvpn --remote example.com --dev tun --client --auth-user-pass --tls-exit --peer-fingerprint 9d898358c658068745fe6226163ed911f914486d0c8b204b8799758ad4aa3554
Options error: format error in hash fingerprint: 9d898358c658068745fe6226163ed911f914486d0c8b204b8799758ad4aa3554
Use a random wrong fingerprint to see the bad string:
$ openvpn --remote example.com --dev tun --client --auth-user-pass --tls-exit --peer-fingerprint 9d:89:83:58:c6:58:06:87:45:fe:62:26:16:3e:d9:11:f9:14:48:6d:0c:8b:20:4b:87:99:75:8a:d4:aa:35:54
[...]
2024-03-07 12:02:42 TLS Error: --tls-verify/--peer-fingerprintcertificate hash verification failed. (got fingerprint: 9a:26:3e:4e:a3:9c:73:af:1d:7e:1f:d1:6a:b8:8f:61:29:26:ed:a7:42:d0:37:f9:4d:0c:9c:20:fc:34:3e:da
[...]
Expected behavior
Colons to be optional as they add no meaning and the verification error string to contain an extra space and closing parenthesis (or none at all) like this:
2024-03-07 12:02:42 TLS Error: --tls-verify/--peer-fingerprint certificate hash verification failed. (got fingerprint: 9a:26:3e:4e:a3:9c:73:af:1d:7e:1f:d1:6a:b8:8f:61:29:26:ed:a7:42:d0:37:f9:4d:0c:9c:20:fc:34:3e:da)
Version information
- OS: Fedora 39
- OpenVPN version: 2.6.9 (-1.fc39.x86_64)
Additional context
For example neither sha256sum or openssl dgst -sha256 use colons in their outputs.