Am 09.02.2017 um 00:52 schrieb isdtor: > [...] Comparing the updated certificate file with a pre-update copy, > there was one certificate added, and openssl x509 confirms that this > is the certificate mutt presented above (on a side note, mutt shows > the MD5 fingerprint, and openssl without options shows SHA1). The attached patch should add the SHA1 fingerprint below the MD5 fingerprint in the menu. To be applied with "hg import" on top of 7c97a8af8718, on the default branch.
exporting patch: # HG changeset patch # User Matthias Andree <[email protected]> # Date 1486857933 -3600 # Sun Feb 12 01:05:33 2017 +0100 # Node ID d7bbaa10a2a02bb3466eb6184d00894c188e5cd6 # Parent 7c97a8af8718ae7807e0ed0f1eb2b11d436a2e91 Show SHA1 fp in interactive cert check menu. While here, fix a few compiler warnings about sign mismatch in comparison. diff --git a/mutt_ssl.c b/mutt_ssl.c --- a/mutt_ssl.c +++ b/mutt_ssl.c @@ -25,6 +25,7 @@ #include <openssl/x509v3.h> #include <openssl/err.h> #include <openssl/rand.h> +#include <openssl/evp.h> #undef _ @@ -598,13 +599,13 @@ return ret; } -static void x509_fingerprint (char *s, int l, X509 * cert) +static void x509_fingerprint (char *s, int l, X509 * cert, const EVP_MD *(*hashfunc)(void)) { unsigned char md[EVP_MAX_MD_SIZE]; unsigned int n; int j; - if (!X509_digest (cert, EVP_md5 (), md, &n)) + if (!X509_digest (cert, hashfunc(), md, &n)) { snprintf (s, l, _("[unable to calculate]")); } @@ -975,9 +976,10 @@ char title[STRING]; MUTTMENU *menu = mutt_new_menu (MENU_GENERIC); int done, row, i; + unsigned u; FILE *fp; - menu->max = mutt_array_size (part) * 2 + 9; + menu->max = mutt_array_size (part) * 2 + 10; menu->dialog = (char **) safe_calloc (1, menu->max * sizeof (char *)); for (i = 0; i < menu->max; i++) menu->dialog[i] = (char *) safe_calloc (1, SHORT_STRING * sizeof (char)); @@ -986,17 +988,17 @@ strfcpy (menu->dialog[row], _("This certificate belongs to:"), SHORT_STRING); row++; x509_subject = X509_get_subject_name (cert); - for (i = 0; i < mutt_array_size (part); i++) + for (u = 0; u < mutt_array_size (part); u++) snprintf (menu->dialog[row++], SHORT_STRING, " %s", - x509_get_part (x509_subject, part[i])); + x509_get_part (x509_subject, part[u])); row++; strfcpy (menu->dialog[row], _("This certificate was issued by:"), SHORT_STRING); row++; x509_issuer = X509_get_issuer_name (cert); - for (i = 0; i < mutt_array_size (part); i++) + for (u = 0; u < mutt_array_size (part); u++) snprintf (menu->dialog[row++], SHORT_STRING, " %s", - x509_get_part (x509_issuer, part[i])); + x509_get_part (x509_issuer, part[u])); row++; snprintf (menu->dialog[row++], SHORT_STRING, _("This certificate is valid")); @@ -1007,8 +1009,11 @@ row++; buf[0] = '\0'; - x509_fingerprint (buf, sizeof (buf), cert); + x509_fingerprint (buf, sizeof (buf), cert, EVP_md5); snprintf (menu->dialog[row++], SHORT_STRING, _("Fingerprint: %s"), buf); + buf[0] = '\0'; + x509_fingerprint (buf, sizeof (buf), cert, EVP_sha1); + snprintf (menu->dialog[row++], SHORT_STRING, _("SHA1 fingerprint: %s"), buf); snprintf (title, sizeof (title), _("SSL Certificate check (certificate %d of %d in chain)"),
