Mercurial Mercurial > loudmouth / diff
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
loudmouth/lm-ssl-openssl.c
changeset 704 d682ae8d7d3a
parent 702 75866de0e731
child 718 a1d2735ccda8 
--- a/loudmouth/lm-ssl-openssl.c	Thu Feb 11 21:01:04 2016 +0100
+++ b/loudmouth/lm-ssl-openssl.c	Sat Feb 13 12:16:45 2016 +0100
@@ -126,8 +126,9 @@
     LmSSLBase *base;
     long verify_res;
     int rc;
-    const EVP_MD *digest = EVP_md5();
+    const EVP_MD *digest = EVP_sha256();
     unsigned int digest_len;
+    guchar digest_bin[EVP_MD_size(digest)];
     X509 *srv_crt;
     gchar *cn;
     X509_NAME *crt_subj;
@@ -143,17 +144,14 @@
 
     verify_res = SSL_get_verify_result(ssl->ssl);
     srv_crt = SSL_get_peer_certificate(ssl->ssl);
-    rc = X509_digest(srv_crt, digest, (guchar *) base->fingerprint,
-                     &digest_len);
+    rc = X509_digest(srv_crt, digest, digest_bin, &digest_len);
     if ((rc != 0) && (digest_len == EVP_MD_size(digest))) {
-        if (base->expected_fingerprint != NULL) {
-            if (memcmp(base->expected_fingerprint, base->fingerprint,
-                   digest_len) != 0) {
-                if (base->func(ssl,
-                               LM_SSL_STATUS_CERT_FINGERPRINT_MISMATCH,
-                               base->func_data) != LM_SSL_RESPONSE_CONTINUE) {
-                    return FALSE;
-                }
+        _lm_ssl_base_set_fingerprint(base, digest_bin, digest_len);
+        if (_lm_ssl_base_check_fingerprint(base) != 0) {
+            if (base->func(ssl,
+                           LM_SSL_STATUS_CERT_FINGERPRINT_MISMATCH,
+                           base->func_data) != LM_SSL_RESPONSE_CONTINUE) {
+                return FALSE;
             }
         }
     } else {
loudmouth