diff options
| -rw-r--r-- | ChangeLog.asciidoc | 1 | ||||
| -rw-r--r-- | doc/de/autogen/user/irc_options.txt | 2 | ||||
| -rw-r--r-- | doc/en/autogen/user/irc_options.txt | 2 | ||||
| -rw-r--r-- | doc/fr/autogen/user/irc_options.txt | 2 | ||||
| -rw-r--r-- | doc/it/autogen/user/irc_options.txt | 2 | ||||
| -rw-r--r-- | doc/ja/autogen/user/irc_options.txt | 2 | ||||
| -rw-r--r-- | doc/pl/autogen/user/irc_options.txt | 2 | ||||
| -rw-r--r-- | po/cs.po | 8 | ||||
| -rw-r--r-- | po/de.po | 9 | ||||
| -rw-r--r-- | po/es.po | 8 | ||||
| -rw-r--r-- | po/fr.po | 17 | ||||
| -rw-r--r-- | po/hu.po | 8 | ||||
| -rw-r--r-- | po/it.po | 8 | ||||
| -rw-r--r-- | po/ja.po | 9 | ||||
| -rw-r--r-- | po/pl.po | 9 | ||||
| -rw-r--r-- | po/pt_BR.po | 8 | ||||
| -rw-r--r-- | po/ru.po | 8 | ||||
| -rw-r--r-- | po/tr.po | 8 | ||||
| -rw-r--r-- | po/weechat.pot | 8 | ||||
| -rw-r--r-- | src/plugins/irc/irc-config.c | 37 | ||||
| -rw-r--r-- | src/plugins/irc/irc-server.c | 75 |
21 files changed, 149 insertions, 84 deletions
diff --git a/ChangeLog.asciidoc b/ChangeLog.asciidoc index 12533b3df..90400ba76 100644 --- a/ChangeLog.asciidoc +++ b/ChangeLog.asciidoc @@ -90,6 +90,7 @@ http://weechat.org/files/releasenotes/ReleaseNotes-devel.html[release notes] * alias: change default command for alias /beep to "/print -beep" * exec: add exec plugin: new command /exec and file exec.conf * guile: fix module used after unload of a script +* irc: allow many fingerprints in server option ssl_fingerprint (closes #49) * irc: rename option irc.look.item_channel_modes_hide_key to irc.look.item_channel_modes_hide_args, value is now a string (task #12070, task #12163, closes #48) diff --git a/doc/de/autogen/user/irc_options.txt b/doc/de/autogen/user/irc_options.txt index 050dcd1dc..25f918124 100644 --- a/doc/de/autogen/user/irc_options.txt +++ b/doc/de/autogen/user/irc_options.txt @@ -579,7 +579,7 @@ ** Werte: 0 .. 2147483647 (Standardwert: `2048`) * [[option_irc.server_default.ssl_fingerprint]] *irc.server_default.ssl_fingerprint* -** Beschreibung: `SHA1 Fingerprint des Zertifikates welches als vertrauenswürdig eingestuft und für diesen Server akzeptiert wird (hier müssen exakt 40 hexadezimale Zeichen, ohne Trennung, angegeben werden); wird diese Option verwendet dann werden andere Optionen, die eine Überprüfung von Zertifikaten vornehmen, NICHT berücksichtigt (Option "ssl_verify")` +** Beschreibung: `SHA1 fingerprint of certificate which is trusted and accepted for the server (it must be exactly 40 hexadecimal digits without separators); many fingerprints can be separated by commas; if this option is set, the other checks on certificates are NOT performed (option "ssl_verify")` ** Typ: Zeichenkette ** Werte: beliebige Zeichenkette (Standardwert: `""`) diff --git a/doc/en/autogen/user/irc_options.txt b/doc/en/autogen/user/irc_options.txt index b3f538c10..03bd02074 100644 --- a/doc/en/autogen/user/irc_options.txt +++ b/doc/en/autogen/user/irc_options.txt @@ -579,7 +579,7 @@ ** values: 0 .. 2147483647 (default value: `2048`) * [[option_irc.server_default.ssl_fingerprint]] *irc.server_default.ssl_fingerprint* -** description: `SHA1 fingerprint of certificate which is trusted and accepted for the server (it must be exactly 40 hexadecimal digits without separators); if this option is set, the other checks on certificates are NOT performed (option "ssl_verify")` +** description: `SHA1 fingerprint of certificate which is trusted and accepted for the server (it must be exactly 40 hexadecimal digits without separators); many fingerprints can be separated by commas; if this option is set, the other checks on certificates are NOT performed (option "ssl_verify")` ** type: string ** values: any string (default value: `""`) diff --git a/doc/fr/autogen/user/irc_options.txt b/doc/fr/autogen/user/irc_options.txt index 94de0ef71..ba2c47708 100644 --- a/doc/fr/autogen/user/irc_options.txt +++ b/doc/fr/autogen/user/irc_options.txt @@ -579,7 +579,7 @@ ** valeurs: 0 .. 2147483647 (valeur par défaut: `2048`) * [[option_irc.server_default.ssl_fingerprint]] *irc.server_default.ssl_fingerprint* -** description: `empreinte SHA1 du certificat qui est de confiance et accepté pour le serveur (elle doit avoir exactement 40 caractères hexadécimaux sans séparateurs); si cette option est définie, les autres vérifications sur les certificats ne sont PAS effectuées (option "ssl_verify")` +** description: `empreinte SHA1 du certificat qui est de confiance et accepté pour le serveur (elle doit avoir exactement 40 caractères hexadécimaux sans séparateurs); plusieurs empreintes peuvent être séparées par des virgules; si cette option est définie, les autres vérifications sur les certificats ne sont PAS effectuées (option "ssl_verify")` ** type: chaîne ** valeurs: toute chaîne (valeur par défaut: `""`) diff --git a/doc/it/autogen/user/irc_options.txt b/doc/it/autogen/user/irc_options.txt index dbd23d1ef..4d4bd6d63 100644 --- a/doc/it/autogen/user/irc_options.txt +++ b/doc/it/autogen/user/irc_options.txt @@ -579,7 +579,7 @@ ** valori: 0 .. 2147483647 (valore predefinito: `2048`) * [[option_irc.server_default.ssl_fingerprint]] *irc.server_default.ssl_fingerprint* -** descrizione: `SHA1 fingerprint of certificate which is trusted and accepted for the server (it must be exactly 40 hexadecimal digits without separators); if this option is set, the other checks on certificates are NOT performed (option "ssl_verify")` +** descrizione: `SHA1 fingerprint of certificate which is trusted and accepted for the server (it must be exactly 40 hexadecimal digits without separators); many fingerprints can be separated by commas; if this option is set, the other checks on certificates are NOT performed (option "ssl_verify")` ** tipo: stringa ** valori: qualsiasi stringa (valore predefinito: `""`) diff --git a/doc/ja/autogen/user/irc_options.txt b/doc/ja/autogen/user/irc_options.txt index 8fcf9e919..9118c420c 100644 --- a/doc/ja/autogen/user/irc_options.txt +++ b/doc/ja/autogen/user/irc_options.txt @@ -579,7 +579,7 @@ ** 値: 0 .. 2147483647 (デフォルト値: `2048`) * [[option_irc.server_default.ssl_fingerprint]] *irc.server_default.ssl_fingerprint* -** 説明: `信頼でき、通信を認めるサーバ証明書の SHA1 指紋 (指紋は必ず空白を含まない 40 桁の 16 進数です); このオプションを設定した場合、証明書に対する他の妥当性確認は行われません (オプション "ssl_verify")` +** 説明: `SHA1 fingerprint of certificate which is trusted and accepted for the server (it must be exactly 40 hexadecimal digits without separators); many fingerprints can be separated by commas; if this option is set, the other checks on certificates are NOT performed (option "ssl_verify")` ** タイプ: 文字列 ** 値: 未制約文字列 (デフォルト値: `""`) diff --git a/doc/pl/autogen/user/irc_options.txt b/doc/pl/autogen/user/irc_options.txt index f73f2f4b3..7714d1ef5 100644 --- a/doc/pl/autogen/user/irc_options.txt +++ b/doc/pl/autogen/user/irc_options.txt @@ -579,7 +579,7 @@ ** wartości: 0 .. 2147483647 (domyślna wartość: `2048`) * [[option_irc.server_default.ssl_fingerprint]] *irc.server_default.ssl_fingerprint* -** opis: `skrót SHA1 certyfikatu, który jest zaufany i akceptowany dla serwera (40 znaków heksadecymalnych bez separatorów); jeśli ta opcja jest ustawiona, certyfikat NIE jest dalej sprawdzany (opcja "ssl_verify")` +** opis: `SHA1 fingerprint of certificate which is trusted and accepted for the server (it must be exactly 40 hexadecimal digits without separators); many fingerprints can be separated by commas; if this option is set, the other checks on certificates are NOT performed (option "ssl_verify")` ** typ: ciąg ** wartości: dowolny ciąg (domyślna wartość: `""`) @@ -20,7 +20,7 @@ msgid "" msgstr "" "Project-Id-Version: WeeChat\n" "Report-Msgid-Bugs-To: flashcode@flashtux.org\n" -"POT-Creation-Date: 2014-04-04 12:24+0200\n" +"POT-Creation-Date: 2014-04-04 15:58+0200\n" "PO-Revision-Date: 2014-03-24 14:23+0100\n" "Last-Translator: Jiri Golembiovsky <golemj@gmail.com>\n" "Language-Team: weechat-dev <weechat-dev@nongnu.org>\n" @@ -6503,9 +6503,9 @@ msgstr "velikost klíče použitého při použití výměny klíčů Diffie Hel msgid "" "SHA1 fingerprint of certificate which is trusted and accepted for the server " -"(it must be exactly 40 hexadecimal digits without separators); if this " -"option is set, the other checks on certificates are NOT performed (option " -"\"ssl_verify\")" +"(it must be exactly 40 hexadecimal digits without separators); many " +"fingerprints can be separated by commas; if this option is set, the other " +"checks on certificates are NOT performed (option \"ssl_verify\")" msgstr "" #, fuzzy @@ -22,7 +22,7 @@ msgid "" msgstr "" "Project-Id-Version: WeeChat\n" "Report-Msgid-Bugs-To: flashcode@flashtux.org\n" -"POT-Creation-Date: 2014-04-04 12:24+0200\n" +"POT-Creation-Date: 2014-04-04 15:58+0200\n" "PO-Revision-Date: 2014-04-02 20:17+0100\n" "Last-Translator: Nils Görs <weechatter@arcor.de>\n" "Language-Team: German <weechatter@arcor.de>\n" @@ -7396,11 +7396,12 @@ msgstr "" "Größe des Schlüssels der während des Diffie-Hellman-Schlüsselaustausches " "genutzt wurde" +#, fuzzy msgid "" "SHA1 fingerprint of certificate which is trusted and accepted for the server " -"(it must be exactly 40 hexadecimal digits without separators); if this " -"option is set, the other checks on certificates are NOT performed (option " -"\"ssl_verify\")" +"(it must be exactly 40 hexadecimal digits without separators); many " +"fingerprints can be separated by commas; if this option is set, the other " +"checks on certificates are NOT performed (option \"ssl_verify\")" msgstr "" "SHA1 Fingerprint des Zertifikates welches als vertrauenswürdig eingestuft " "und für diesen Server akzeptiert wird (hier müssen exakt 40 hexadezimale " @@ -22,7 +22,7 @@ msgid "" msgstr "" "Project-Id-Version: WeeChat\n" "Report-Msgid-Bugs-To: flashcode@flashtux.org\n" -"POT-Creation-Date: 2014-04-04 12:24+0200\n" +"POT-Creation-Date: 2014-04-04 15:58+0200\n" "PO-Revision-Date: 2014-03-24 14:23+0100\n" "Last-Translator: Elián Hanisch <lambdae2@gmail.com>\n" "Language-Team: weechat-dev <weechat-dev@nongnu.org>\n" @@ -6736,9 +6736,9 @@ msgstr "tamaño de la llave usada durante Diffie-Hellman Key Exchange" msgid "" "SHA1 fingerprint of certificate which is trusted and accepted for the server " -"(it must be exactly 40 hexadecimal digits without separators); if this " -"option is set, the other checks on certificates are NOT performed (option " -"\"ssl_verify\")" +"(it must be exactly 40 hexadecimal digits without separators); many " +"fingerprints can be separated by commas; if this option is set, the other " +"checks on certificates are NOT performed (option \"ssl_verify\")" msgstr "" msgid "check that the SSL connection is fully trusted" @@ -21,8 +21,8 @@ msgid "" msgstr "" "Project-Id-Version: WeeChat\n" "Report-Msgid-Bugs-To: flashcode@flashtux.org\n" -"POT-Creation-Date: 2014-04-04 12:24+0200\n" -"PO-Revision-Date: 2014-04-04 12:24+0200\n" +"POT-Creation-Date: 2014-04-04 15:58+0200\n" +"PO-Revision-Date: 2014-04-04 15:58+0200\n" "Last-Translator: Sébastien Helleu <flashcode@flashtux.org>\n" "Language-Team: weechat-dev <weechat-dev@nongnu.org>\n" "Language: fr\n" @@ -7234,14 +7234,15 @@ msgstr "taille de clé utilisée pour l'échange de clé Diffie-Hellman" msgid "" "SHA1 fingerprint of certificate which is trusted and accepted for the server " -"(it must be exactly 40 hexadecimal digits without separators); if this " -"option is set, the other checks on certificates are NOT performed (option " -"\"ssl_verify\")" +"(it must be exactly 40 hexadecimal digits without separators); many " +"fingerprints can be separated by commas; if this option is set, the other " +"checks on certificates are NOT performed (option \"ssl_verify\")" msgstr "" "empreinte SHA1 du certificat qui est de confiance et accepté pour le serveur " -"(elle doit avoir exactement 40 caractères hexadécimaux sans séparateurs); si " -"cette option est définie, les autres vérifications sur les certificats ne " -"sont PAS effectuées (option \"ssl_verify\")" +"(elle doit avoir exactement 40 caractères hexadécimaux sans séparateurs); " +"plusieurs empreintes peuvent être séparées par des virgules; si cette option " +"est définie, les autres vérifications sur les certificats ne sont PAS " +"effectuées (option \"ssl_verify\")" msgid "check that the SSL connection is fully trusted" msgstr "vérifier que la connexion SSL est entièrement de confiance" @@ -20,7 +20,7 @@ msgid "" msgstr "" "Project-Id-Version: WeeChat\n" "Report-Msgid-Bugs-To: flashcode@flashtux.org\n" -"POT-Creation-Date: 2014-04-04 12:24+0200\n" +"POT-Creation-Date: 2014-04-04 15:58+0200\n" "PO-Revision-Date: 2014-03-24 14:23+0100\n" "Last-Translator: Andras Voroskoi <voroskoi@frugalware.org>\n" "Language-Team: weechat-dev <weechat-dev@nongnu.org>\n" @@ -6019,9 +6019,9 @@ msgstr "" msgid "" "SHA1 fingerprint of certificate which is trusted and accepted for the server " -"(it must be exactly 40 hexadecimal digits without separators); if this " -"option is set, the other checks on certificates are NOT performed (option " -"\"ssl_verify\")" +"(it must be exactly 40 hexadecimal digits without separators); many " +"fingerprints can be separated by commas; if this option is set, the other " +"checks on certificates are NOT performed (option \"ssl_verify\")" msgstr "" msgid "check that the SSL connection is fully trusted" @@ -20,7 +20,7 @@ msgid "" msgstr "" "Project-Id-Version: WeeChat\n" "Report-Msgid-Bugs-To: flashcode@flashtux.org\n" -"POT-Creation-Date: 2014-04-04 12:24+0200\n" +"POT-Creation-Date: 2014-04-04 15:58+0200\n" "PO-Revision-Date: 2014-03-24 14:23+0100\n" "Last-Translator: Esteban I. Ruiz Moreno <exio4.com@gmail.com>\n" "Language-Team: weechat-dev <weechat-dev@nongnu.org>\n" @@ -6875,9 +6875,9 @@ msgstr "dimensione della chiave usata durante lo Scambio Chiavi Diffie-Hellman" msgid "" "SHA1 fingerprint of certificate which is trusted and accepted for the server " -"(it must be exactly 40 hexadecimal digits without separators); if this " -"option is set, the other checks on certificates are NOT performed (option " -"\"ssl_verify\")" +"(it must be exactly 40 hexadecimal digits without separators); many " +"fingerprints can be separated by commas; if this option is set, the other " +"checks on certificates are NOT performed (option \"ssl_verify\")" msgstr "" msgid "check that the SSL connection is fully trusted" @@ -20,7 +20,7 @@ msgid "" msgstr "" "Project-Id-Version: WeeChat\n" "Report-Msgid-Bugs-To: flashcode@flashtux.org\n" -"POT-Creation-Date: 2014-04-04 12:24+0200\n" +"POT-Creation-Date: 2014-04-04 15:58+0200\n" "PO-Revision-Date: 2014-03-29 20:07+0900\n" "Last-Translator: AYANOKOUZI, Ryuunosuke <i38w7i3@yahoo.co.jp>\n" "Language-Team: Japanese <https://github.com/l/weechat/tree/translation_ja>\n" @@ -6965,11 +6965,12 @@ msgstr "" msgid "size of the key used during the Diffie-Hellman Key Exchange" msgstr "Diffie-Hellman 鍵交換で使われる鍵長" +#, fuzzy msgid "" "SHA1 fingerprint of certificate which is trusted and accepted for the server " -"(it must be exactly 40 hexadecimal digits without separators); if this " -"option is set, the other checks on certificates are NOT performed (option " -"\"ssl_verify\")" +"(it must be exactly 40 hexadecimal digits without separators); many " +"fingerprints can be separated by commas; if this option is set, the other " +"checks on certificates are NOT performed (option \"ssl_verify\")" msgstr "" "信頼でき、通信を認めるサーバ証明書の SHA1 指紋 (指紋は必ず空白を含まない 40 " "桁の 16 進数です); このオプションを設定した場合、証明書に対する他の妥当性確認" @@ -21,7 +21,7 @@ msgid "" msgstr "" "Project-Id-Version: WeeChat\n" "Report-Msgid-Bugs-To: flashcode@flashtux.org\n" -"POT-Creation-Date: 2014-04-04 12:24+0200\n" +"POT-Creation-Date: 2014-04-04 15:58+0200\n" "PO-Revision-Date: 2014-03-24 14:23+0100\n" "Last-Translator: Krzysztof Korościk <soltys@szluug.org>\n" "Language-Team: weechat-dev <weechat-dev@nongnu.org>\n" @@ -7012,11 +7012,12 @@ msgid "size of the key used during the Diffie-Hellman Key Exchange" msgstr "" "rozmiar klucza używanego podczas połączenia Wymiany Kluczy Diffie-Hellmana" +#, fuzzy msgid "" "SHA1 fingerprint of certificate which is trusted and accepted for the server " -"(it must be exactly 40 hexadecimal digits without separators); if this " -"option is set, the other checks on certificates are NOT performed (option " -"\"ssl_verify\")" +"(it must be exactly 40 hexadecimal digits without separators); many " +"fingerprints can be separated by commas; if this option is set, the other " +"checks on certificates are NOT performed (option \"ssl_verify\")" msgstr "" "skrót SHA1 certyfikatu, który jest zaufany i akceptowany dla serwera (40 " "znaków heksadecymalnych bez separatorów); jeśli ta opcja jest ustawiona, " diff --git a/po/pt_BR.po b/po/pt_BR.po index f4a7d97f7..877ca4e4e 100644 --- a/po/pt_BR.po +++ b/po/pt_BR.po @@ -21,7 +21,7 @@ msgid "" msgstr "" "Project-Id-Version: WeeChat\n" "Report-Msgid-Bugs-To: flashcode@flashtux.org\n" -"POT-Creation-Date: 2014-04-04 12:24+0200\n" +"POT-Creation-Date: 2014-04-04 15:58+0200\n" "PO-Revision-Date: 2014-03-24 14:23+0100\n" "Last-Translator: Sergio Durigan Junior <sergiosdj@gmail.com>\n" "Language-Team: weechat-dev <weechat-dev@nongnu.org>\n" @@ -6236,9 +6236,9 @@ msgstr "tamanho da chave utilizada durante a Troca de Chaves Diffie-Hellman" msgid "" "SHA1 fingerprint of certificate which is trusted and accepted for the server " -"(it must be exactly 40 hexadecimal digits without separators); if this " -"option is set, the other checks on certificates are NOT performed (option " -"\"ssl_verify\")" +"(it must be exactly 40 hexadecimal digits without separators); many " +"fingerprints can be separated by commas; if this option is set, the other " +"checks on certificates are NOT performed (option \"ssl_verify\")" msgstr "" #, fuzzy @@ -21,7 +21,7 @@ msgid "" msgstr "" "Project-Id-Version: WeeChat\n" "Report-Msgid-Bugs-To: flashcode@flashtux.org\n" -"POT-Creation-Date: 2014-04-04 12:24+0200\n" +"POT-Creation-Date: 2014-04-04 15:58+0200\n" "PO-Revision-Date: 2014-03-24 14:23+0100\n" "Last-Translator: Aleksey V Zapparov AKA ixti <ixti@member.fsf.org>\n" "Language-Team: weechat-dev <weechat-dev@nongnu.org>\n" @@ -6043,9 +6043,9 @@ msgstr "" msgid "" "SHA1 fingerprint of certificate which is trusted and accepted for the server " -"(it must be exactly 40 hexadecimal digits without separators); if this " -"option is set, the other checks on certificates are NOT performed (option " -"\"ssl_verify\")" +"(it must be exactly 40 hexadecimal digits without separators); many " +"fingerprints can be separated by commas; if this option is set, the other " +"checks on certificates are NOT performed (option \"ssl_verify\")" msgstr "" msgid "check that the SSL connection is fully trusted" @@ -20,7 +20,7 @@ msgid "" msgstr "" "Project-Id-Version: WeeChat\n" "Report-Msgid-Bugs-To: flashcode@flashtux.org\n" -"POT-Creation-Date: 2014-04-04 12:24+0200\n" +"POT-Creation-Date: 2014-04-04 15:58+0200\n" "PO-Revision-Date: 2014-03-24 14:23+0100\n" "Last-Translator: Hasan Kiran <sunder67@hotmail.com>\n" "Language-Team: weechat-dev <weechat-dev@nongnu.org>\n" @@ -5365,9 +5365,9 @@ msgstr "" msgid "" "SHA1 fingerprint of certificate which is trusted and accepted for the server " -"(it must be exactly 40 hexadecimal digits without separators); if this " -"option is set, the other checks on certificates are NOT performed (option " -"\"ssl_verify\")" +"(it must be exactly 40 hexadecimal digits without separators); many " +"fingerprints can be separated by commas; if this option is set, the other " +"checks on certificates are NOT performed (option \"ssl_verify\")" msgstr "" msgid "check that the SSL connection is fully trusted" diff --git a/po/weechat.pot b/po/weechat.pot index 33cb2be70..22aaad02b 100644 --- a/po/weechat.pot +++ b/po/weechat.pot @@ -21,7 +21,7 @@ msgid "" msgstr "" "Project-Id-Version: WeeChat 0.4.1-dev\n" "Report-Msgid-Bugs-To: flashcode@flashtux.org\n" -"POT-Creation-Date: 2014-04-04 12:24+0200\n" +"POT-Creation-Date: 2014-04-04 15:58+0200\n" "PO-Revision-Date: 2013-02-14 18:20+0100\n" "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n" "Language-Team: weechat-dev <weechat-dev@nongnu.org>\n" @@ -5311,9 +5311,9 @@ msgstr "" msgid "" "SHA1 fingerprint of certificate which is trusted and accepted for the server " -"(it must be exactly 40 hexadecimal digits without separators); if this " -"option is set, the other checks on certificates are NOT performed (option " -"\"ssl_verify\")" +"(it must be exactly 40 hexadecimal digits without separators); many " +"fingerprints can be separated by commas; if this option is set, the other " +"checks on certificates are NOT performed (option \"ssl_verify\")" msgstr "" msgid "check that the SSL connection is fully trusted" diff --git a/src/plugins/irc/irc-config.c b/src/plugins/irc/irc-config.c index c7dce6c10..d034e2541 100644 --- a/src/plugins/irc/irc-config.c +++ b/src/plugins/irc/irc-config.c @@ -1016,8 +1016,9 @@ irc_config_server_check_value_cb (void *data, struct t_config_option *option, const char *value) { - int index_option, proxy_found; + int i, index_option, proxy_found, rc; const char *pos_error, *proxy_name; + char **fingerprints; struct t_infolist *infolist; /* make C compiler happy */ @@ -1072,11 +1073,30 @@ irc_config_server_check_value_cb (void *data, case IRC_SERVER_OPTION_SSL_FINGERPRINT: if (value && value[0] && (strlen (value) != 40)) { - weechat_printf (NULL, - _("%s%s: fingerprint must have exactly 40 " - "hexadecimal digits"), - weechat_prefix ("error"), IRC_PLUGIN_NAME); - return 0; + fingerprints = weechat_string_split (value, ",", 0, 0, NULL); + if (fingerprints) + { + rc = 1; + for (i = 0; fingerprints[i]; i++) + { + if (strlen (fingerprints[i]) != 40) + { + rc = 0; + break; + } + } + weechat_string_free_split (fingerprints); + if (!rc) + { + weechat_printf (NULL, + _("%s%s: fingerprint must have " + "exactly 40 hexadecimal " + "digits"), + weechat_prefix ("error"), + IRC_PLUGIN_NAME); + return 0; + } + } } break; } @@ -1595,8 +1615,9 @@ irc_config_server_new_option (struct t_config_file *config_file, option_name, "string", N_("SHA1 fingerprint of certificate which is trusted and " "accepted for the server (it must be exactly 40 hexadecimal " - "digits without separators); if this option is set, the " - "other checks on certificates are NOT performed (option " + "digits without separators); many fingerprints can be " + "separated by commas; if this option is set, the other " + "checks on certificates are NOT performed (option " "\"ssl_verify\")"), NULL, 0, 0, default_value, value, diff --git a/src/plugins/irc/irc-server.c b/src/plugins/irc/irc-server.c index 45a3cc341..84620e237 100644 --- a/src/plugins/irc/irc-server.c +++ b/src/plugins/irc/irc-server.c @@ -3563,6 +3563,37 @@ irc_server_create_buffer (struct t_irc_server *server) } #ifdef HAVE_GNUTLS +/* + * Compares two fingerprints: one hexadecimal (given by user), the second binary + * (received from IRC server). + * + * Returns: + * 0: fingerprints are the same + * -1: fingerprints are different + */ + +int +irc_server_compare_fingerprints (const char *fingerprint, + const unsigned char *fingerprint_server, + ssize_t fingerprint_size) +{ + ssize_t i; + unsigned int value; + + if ((ssize_t)strlen (fingerprint) != fingerprint_size * 2) + return -1; + + for (i = 0; i < fingerprint_size; i++) + { + if (sscanf (&fingerprint[i * 2], "%02x", &value) != 1) + return -1; + if (value != fingerprint_server[i]) + return -1; + } + + /* fingerprints are the same */ + return 0; +} /* * Checks if a GnuTLS session uses the certificate with a given fingerprint. @@ -3575,21 +3606,18 @@ irc_server_create_buffer (struct t_irc_server *server) int irc_server_check_certificate_fingerprint (struct t_irc_server *server, gnutls_x509_crt_t certificate, - const char *good_fingerprint) + const char *good_fingerprints) { - unsigned char fingerprint[20]; - size_t i, fingerprint_size; - unsigned int value; - - fingerprint_size = sizeof (fingerprint); + unsigned char fingerprint_server[20]; + char **fingerprints; + int i, rc; + size_t fingerprint_size; - /* invalid length for good_fingerprint? */ - if (strlen (good_fingerprint) != fingerprint_size * 2) - return 0; + fingerprint_size = sizeof (fingerprint_server); /* calculate the SHA1 fingerprint for the certificate */ if (gnutls_x509_crt_get_fingerprint (certificate, GNUTLS_DIG_SHA1, - fingerprint, + fingerprint_server, &fingerprint_size) != GNUTLS_E_SUCCESS) { weechat_printf (server->buffer, @@ -3599,17 +3627,28 @@ irc_server_check_certificate_fingerprint (struct t_irc_server *server, return 0; } - /* compare the fingerprints */ - for (i = 0; i < fingerprint_size; i++) + /* split good_fingerprints */ + fingerprints = weechat_string_split (good_fingerprints, ",", 0, 0, NULL); + if (!fingerprints) + return 0; + + rc = 0; + + for (i = 0; fingerprints[i]; i++) { - if (sscanf (&good_fingerprint[i * 2], "%02x", &value) != 1) - return 0; - if (value != fingerprint[i]) - return 0; + /* check if the fingerprint matches */ + if (irc_server_compare_fingerprints (fingerprints[i], + fingerprint_server, + fingerprint_size) == 0) + { + rc = 1; + break; + } } - /* fingerprint matches */ - return 1; + weechat_string_free_split (fingerprints); + + return rc; } /* |