Add support for SHA256 fingerprints by p12tic · Pull Request #1343 · debauchee/barrier

p12tic · 2021-11-01T01:26:26Z

SHA1 fingerprints are no longer state of the art, switch to verifying SHA256 fingerprints.

For the time being both SHA1 and SHA256 fingerprints are shown in the UI. This allows users to verify new connections between old and new versions of Barrier. After the verification is done we store SHA256 fingerprint in our internal fingerprint database and use only that for identifying all future connections from that client.

The issue has been reported by Matthias Gerstner mgerstner@suse.de @mgerstner.

fopen() does not correctly handle non-ASCII paths on Windows.

The code has been copied from OpenSSH.

For the time being both SHA1 and SHA256 fingerprints will be shown in the UI. This allows users to verify new connections between old and new versions of Barrier. After the initial verification we use SHA256 fingerprints. The issue has been reported by Matthias Gerstner <mgerstner@suse.de>.

p12tic added 11 commits November 1, 2021 03:19

lib/net: Extract fingerprint formatting out of SecureSocket

0e406d4

lib/net: Make format_ssl_fingerprint() easier to use

7f71924

lib/base: Make to_hex() easier to use

96e0021

test: Add test for format_ssl_fingerprint()

9d8e1fa

test: Extract common test utilities to separate file

767f3d3

lib: Add utility function to convert from hex to binary

a9b3095

lib/net: Put secure utils into barrier namespace

b793675

src/lib: Use standard std::vsnprintf() instead of hacking our own

ef08470

lib: Switch to std::vector<std::uint8_t> for fingerprint data

cd7e731

lib/base: Implement pattern to execute something at function exit

8548692

lib/net: Extract SSL fingerprint generation to reusable function

089b8e4

p12tic force-pushed the sha256-fingerprints branch from a0ed334 to 2e56aa2 Compare November 1, 2021 01:41

p12tic added 13 commits November 1, 2021 04:07

lib/io: Add a replacement for fopen() which works on Windows

cf732ab

fopen() does not correctly handle non-ASCII paths on Windows.

gui: Use openssl library instead of CLI tool to generate fingerprints

dbf56a9

Use openssl library instead of CLI to generate certificates

aa3afa9

lib/base: Support colons in from_hex()

8f88dc2

lib: Remove useless empty constructors

3e71b46

lib/net: Implement a reusable fingerprint database

9cac96b

gui: Use new FingerprintDatabase to handle fingerprints

be8ba0d

lib/net: Use new FingerprintDatabase to handle fingerprints

50534ec

lib/net: Use FingerprintData to represent fingerprints

7cced74

gui: Simplify isCertificateValid()

a238b27

lib/net: Implement a way to generate fingerprint randomart

b7757fb

The code has been copied from OpenSSH.

gui: Set the size of the window to the size of the contents

c7e6fc6

p12tic force-pushed the sha256-fingerprints branch from 2e56aa2 to a428b61 Compare November 1, 2021 02:09

p12tic merged commit 22ac14b into debauchee:master Nov 1, 2021

p12tic deleted the sha256-fingerprints branch November 1, 2021 02:21

ghost mentioned this pull request Nov 10, 2021

Add support for SHA256 fingerprints input-leap/input-leap#1343

Merged

sithlord48 mentioned this pull request Jan 29, 2025

Feat: Use Fingerprint DB and SHA256 deskflow/deskflow#8152

Merged

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Add support for SHA256 fingerprints#1343

Add support for SHA256 fingerprints#1343
p12tic merged 24 commits intodebauchee:masterfrom
p12tic:sha256-fingerprints

p12tic commented Nov 1, 2021 •

edited

Loading

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

Conversation

p12tic commented Nov 1, 2021 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

p12tic commented Nov 1, 2021 •

edited

Loading