Fossil SCM
Use a SHA2-256 hash instead of a SHA3-256 hash for remembered cert exceptions, because older versions of OpenSSL do not support SHA3.
Commit
3b529d9cd461b713c760ffaa7e4e603322b0f89b3870a0a86932fcdfe6ca9bcc
Parent
11bebbece21c696…
1 file changed
+2
-2
+2
-2
| --- src/http_ssl.c | ||
| +++ src/http_ssl.c | ||
| @@ -48,11 +48,11 @@ | ||
| 48 | 48 | static char *sslErrMsg = 0; /* Text of most recent OpenSSL error */ |
| 49 | 49 | static SSL_CTX *sslCtx; /* SSL context */ |
| 50 | 50 | static SSL *ssl; |
| 51 | 51 | static struct { /* Accept this SSL cert for this session only */ |
| 52 | 52 | char *zHost; /* Subject or host name */ |
| 53 | - char *zHash; /* SHA3 hash of the cert */ | |
| 53 | + char *zHash; /* SHA2-256 hash of the cert */ | |
| 54 | 54 | } sException; |
| 55 | 55 | static int sslNoCertVerify = 0; /* Do not verify SSL certs */ |
| 56 | 56 | |
| 57 | 57 | /* |
| 58 | 58 | ** Clear the SSL error message |
| @@ -338,11 +338,11 @@ | ||
| 338 | 338 | char zHash[32*2+1]; |
| 339 | 339 | unsigned int mdLength = (int)sizeof(md); |
| 340 | 340 | |
| 341 | 341 | memset(md, 0, sizeof(md)); |
| 342 | 342 | zHash[0] = 0; |
| 343 | - if( X509_digest(cert, EVP_sha3_256(), md, &mdLength) ){ | |
| 343 | + if( X509_digest(cert, EVP_sha256(), md, &mdLength) ){ | |
| 344 | 344 | int j; |
| 345 | 345 | for(j=0; j<mdLength && j*2+1<sizeof(zHash); ++j){ |
| 346 | 346 | zHash[j*2] = "0123456789abcdef"[md[j]>>4]; |
| 347 | 347 | zHash[j*2+1] = "0123456789abcdef"[md[j]&0xf]; |
| 348 | 348 | } |
| 349 | 349 |
| --- src/http_ssl.c | |
| +++ src/http_ssl.c | |
| @@ -48,11 +48,11 @@ | |
| 48 | static char *sslErrMsg = 0; /* Text of most recent OpenSSL error */ |
| 49 | static SSL_CTX *sslCtx; /* SSL context */ |
| 50 | static SSL *ssl; |
| 51 | static struct { /* Accept this SSL cert for this session only */ |
| 52 | char *zHost; /* Subject or host name */ |
| 53 | char *zHash; /* SHA3 hash of the cert */ |
| 54 | } sException; |
| 55 | static int sslNoCertVerify = 0; /* Do not verify SSL certs */ |
| 56 | |
| 57 | /* |
| 58 | ** Clear the SSL error message |
| @@ -338,11 +338,11 @@ | |
| 338 | char zHash[32*2+1]; |
| 339 | unsigned int mdLength = (int)sizeof(md); |
| 340 | |
| 341 | memset(md, 0, sizeof(md)); |
| 342 | zHash[0] = 0; |
| 343 | if( X509_digest(cert, EVP_sha3_256(), md, &mdLength) ){ |
| 344 | int j; |
| 345 | for(j=0; j<mdLength && j*2+1<sizeof(zHash); ++j){ |
| 346 | zHash[j*2] = "0123456789abcdef"[md[j]>>4]; |
| 347 | zHash[j*2+1] = "0123456789abcdef"[md[j]&0xf]; |
| 348 | } |
| 349 |
| --- src/http_ssl.c | |
| +++ src/http_ssl.c | |
| @@ -48,11 +48,11 @@ | |
| 48 | static char *sslErrMsg = 0; /* Text of most recent OpenSSL error */ |
| 49 | static SSL_CTX *sslCtx; /* SSL context */ |
| 50 | static SSL *ssl; |
| 51 | static struct { /* Accept this SSL cert for this session only */ |
| 52 | char *zHost; /* Subject or host name */ |
| 53 | char *zHash; /* SHA2-256 hash of the cert */ |
| 54 | } sException; |
| 55 | static int sslNoCertVerify = 0; /* Do not verify SSL certs */ |
| 56 | |
| 57 | /* |
| 58 | ** Clear the SSL error message |
| @@ -338,11 +338,11 @@ | |
| 338 | char zHash[32*2+1]; |
| 339 | unsigned int mdLength = (int)sizeof(md); |
| 340 | |
| 341 | memset(md, 0, sizeof(md)); |
| 342 | zHash[0] = 0; |
| 343 | if( X509_digest(cert, EVP_sha256(), md, &mdLength) ){ |
| 344 | int j; |
| 345 | for(j=0; j<mdLength && j*2+1<sizeof(zHash); ++j){ |
| 346 | zHash[j*2] = "0123456789abcdef"[md[j]>>4]; |
| 347 | zHash[j*2+1] = "0123456789abcdef"[md[j]&0xf]; |
| 348 | } |
| 349 |