Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Patch for mutt 1.5.23 to show more hash fingerprints for unknown certificates.
--- a/mutt_ssl.c Sun Jul 05 13:38:39 2015 -0700
+++ b/mutt_ssl.c Tue Jul 14 19:00:46 2015 +0100
@@ -551,7 +551,7 @@
return ret;
}
-static void x509_fingerprint (char *s, int l, X509 * cert)
+static void x509_fingerprint_md5 (char *s, int l, X509 * cert)
{
unsigned char md[EVP_MAX_MD_SIZE];
unsigned int n;
@@ -572,6 +572,48 @@
}
}
+static void x509_fingerprint_sha1 (char *s, int l, X509 * cert)
+{
+ unsigned char sha[EVP_MAX_MD_SIZE];
+ unsigned int n;
+ int j;
+
+ if (!X509_digest (cert, EVP_sha1 (), sha, &n))
+ {
+ snprintf (s, l, _("[unable to calculate]"));
+ }
+ else
+ {
+ for (j = 0; j < (int) n; j++)
+ {
+ char ch[16];
+ snprintf (ch, 16, "%02X%s", sha[j], (j % 2 ? " " : ""));
+ safe_strcat (s, l, ch);
+ }
+ }
+}
+
+static void x509_fingerprint_sha2 (char *s, int l, X509 * cert)
+{
+ unsigned char sha[EVP_MAX_MD_SIZE];
+ unsigned int n;
+ int j;
+
+ if (!X509_digest (cert, EVP_sha256 (), sha, &n))
+ {
+ snprintf (s, l, _("[unable to calculate]"));
+ }
+ else
+ {
+ for (j = 0; j < (int) n; j++)
+ {
+ char ch[32];
+ snprintf (ch, 32, "%02X%s", sha[j], (j % 2 ? " " : ""));
+ safe_strcat (s, l, ch);
+ }
+ }
+}
+
static char *asn1time_to_string (ASN1_UTCTIME *tm)
{
static char buf[64];
@@ -980,7 +1022,7 @@
dprint (2, (debugfile, "interactive_check_cert: %s\n", cert->name));
- menu->max = 19;
+ menu->max = 21;
menu->dialog = (char **) safe_calloc (1, menu->max * sizeof (char *));
for (i = 0; i < menu->max; i++)
menu->dialog[i] = (char *) safe_calloc (1, SHORT_STRING * sizeof (char));
@@ -1018,8 +1060,16 @@
row++;
buf[0] = '\0';
- x509_fingerprint (buf, sizeof (buf), cert);
- snprintf (menu->dialog[row++], SHORT_STRING, _("Fingerprint: %s"), buf);
+ x509_fingerprint_md5 (buf, sizeof (buf), cert);
+ snprintf (menu->dialog[row++], SHORT_STRING, _("MD5 Fingerprint: %s"), buf);
+
+ buf[0] = '\0';
+ x509_fingerprint_sha1 (buf, sizeof (buf), cert);
+ snprintf (menu->dialog[row++], SHORT_STRING, _("SHA1 Fingerprint: %s"), buf);
+
+ buf[0] = '\0';
+ x509_fingerprint_sha2 (buf, sizeof (buf), cert);
+ snprintf (menu->dialog[row++], SHORT_STRING, _("SHA2 Fingerprint: %s"), buf);
snprintf (title, sizeof (title),
_("SSL Certificate check (certificate %d of %d in chain)"),
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.