1 files changed, 14 insertions, 9 deletions
diff --git a/vchat-ssl.c b/vchat-ssl.c
index e584f6c..ef5b96e 100755
--- a/vchat-ssl.c
+++ b/vchat-ssl.c
@@ -221,7 +221,7 @@ int vc_connect_ssl( BIO **conn, vc_x509store_t *vc_store )
            assert ( ( fingerprint_len > 1 ) && (fingerprint_len * 3 < TMPSTRSIZE ));
            char * nf = new_fingerprint;
            for (j=0; j<(int)fingerprint_len; j++)
-              nf += snprintf(nf, 3, "%02X:", fingerprint_bin[j]);
+              nf += snprintf(nf, 4, "%02X:", fingerprint_bin[j]);
            assert ( nf > new_fingerprint );
            nf[-1] = 0;
            snprintf(tmpstr, TMPSTRSIZE, "[SSL FINGERPRINT  ] from server: %s", new_fingerprint);
@@ -236,15 +236,20 @@ int vc_connect_ssl( BIO **conn, vc_x509store_t *vc_store )
            char * r = fgets(old_fingerprint, TMPSTRSIZE, fingerprint_file);
            fclose(fingerprint_file);
-            /* verify fingerprint matches stored version */
+            if (r) {
-            if ( r &&!strncmp(new_fingerprint, old_fingerprint, TMPSTRSIZE))
+              // chomp
-              return 0;
+              char *nl = strchr(r, '\n');
-            else {
+              if (nl) *nl = 0;
-              snprintf(tmpstr, TMPSTRSIZE, "[SSL FINGERPRINT  ] from %s: %s", getstroption(CF_FINGERPRINT), r ? old_fingerprint : "<FILE READ ERROR>" );
-              writecf(FS_ERR, tmpstr);
+              /* verify fingerprint matches stored version */
-              writecf(FS_ERR, "[SSL CONNECT ERROR] Fingerprint mismatch! Server cert updated?");
+              if (!strcmp(new_fingerprint, old_fingerprint))
-              return 1;
+                return 0;
            }
+            snprintf(tmpstr, TMPSTRSIZE, "[SSL FINGERPRINT  ] from %s: %s", getstroption(CF_FINGERPRINT), r ? old_fingerprint : "<FILE READ ERROR>" );
+            writecf(FS_ERR, tmpstr);
+            writecf(FS_ERR, "[SSL CONNECT ERROR] Fingerprint mismatch! Server cert updated?");
+            return 1;
          } else {
            /* FIXME: there might be other errors than missing file */
            fingerprint_file = fopen(tilde_expand(getstroption(CF_FINGERPRINT)), "w");

diff --git a/vchat-ssl.c b/vchat-ssl.c index e584f6c..ef5b96e 100755 --- a/vchat-ssl.c +++ b/vchat-ssl.c
@@ -221,7 +221,7 @@ int vc_connect_ssl( BIO *conn, vc_x509store_t vc_store )
221	assert ( ( fingerprint_len > 1 ) && (fingerprint_len * 3 < TMPSTRSIZE ));	221	assert ( ( fingerprint_len > 1 ) && (fingerprint_len * 3 < TMPSTRSIZE ));
222	char * nf = new_fingerprint;	222	char * nf = new_fingerprint;
223	for (j=0; j<(int)fingerprint_len; j++)	223	for (j=0; j<(int)fingerprint_len; j++)
224	nf += snprintf(nf, 3, "%02X:", fingerprint_bin[j]);	224	nf += snprintf(nf, 4, "%02X:", fingerprint_bin[j]);
225	assert ( nf > new_fingerprint );	225	assert ( nf > new_fingerprint );
226	nf[-1] = 0;	226	nf[-1] = 0;
227	snprintf(tmpstr, TMPSTRSIZE, "[SSL FINGERPRINT ] from server: %s", new_fingerprint);	227	snprintf(tmpstr, TMPSTRSIZE, "[SSL FINGERPRINT ] from server: %s", new_fingerprint);
@@ -236,15 +236,20 @@ int vc_connect_ssl( BIO *conn, vc_x509store_t vc_store )
236	char * r = fgets(old_fingerprint, TMPSTRSIZE, fingerprint_file);	236	char * r = fgets(old_fingerprint, TMPSTRSIZE, fingerprint_file);
237	fclose(fingerprint_file);	237	fclose(fingerprint_file);
238		238
239	/* verify fingerprint matches stored version */	239	if (r) {
240	if ( r &&!strncmp(new_fingerprint, old_fingerprint, TMPSTRSIZE))	240	// chomp
241	return 0;	241	char *nl = strchr(r, '\n');
242	else {	242	if (nl) *nl = 0;
243	snprintf(tmpstr, TMPSTRSIZE, "[SSL FINGERPRINT ] from %s: %s", getstroption(CF_FINGERPRINT), r ? old_fingerprint : "<FILE READ ERROR>" );	243
244	writecf(FS_ERR, tmpstr);	244	/* verify fingerprint matches stored version */
245	writecf(FS_ERR, "[SSL CONNECT ERROR] Fingerprint mismatch! Server cert updated?");	245	if (!strcmp(new_fingerprint, old_fingerprint))
246	return 1;	246	return 0;
247	}	247	}
		248
		249	snprintf(tmpstr, TMPSTRSIZE, "[SSL FINGERPRINT ] from %s: %s", getstroption(CF_FINGERPRINT), r ? old_fingerprint : "<FILE READ ERROR>" );
		250	writecf(FS_ERR, tmpstr);
		251	writecf(FS_ERR, "[SSL CONNECT ERROR] Fingerprint mismatch! Server cert updated?");
		252	return 1;
248	} else {	253	} else {
249	/* FIXME: there might be other errors than missing file */	254	/* FIXME: there might be other errors than missing file */
250	fingerprint_file = fopen(tilde_expand(getstroption(CF_FINGERPRINT)), "w");	255	fingerprint_file = fopen(tilde_expand(getstroption(CF_FINGERPRINT)), "w");