aboutsummaryrefslogtreecommitdiff
path: root/contrib/epee
diff options
context:
space:
mode:
authormoneromooo-monero <moneromooo-monero@users.noreply.github.com>2019-04-25 16:35:27 +0000
committermoneromooo-monero <moneromooo-monero@users.noreply.github.com>2019-04-26 11:37:15 +0000
commit5e0da6fb68446612844970be1e862f0e5bc25183 (patch)
tree4ed606653be6d510b3a7f27f12e79681732704c3 /contrib/epee
parentMerge pull request #5486 (diff)
downloadmonero-5e0da6fb68446612844970be1e862f0e5bc25183.tar.xz
change SSL certificate fingerprint whitelisting from SHA1 to SHA-256
SHA1 is too close to bruteforceable
Diffstat (limited to 'contrib/epee')
-rw-r--r--contrib/epee/include/net/net_ssl.h2
-rw-r--r--contrib/epee/src/net_ssl.cpp2
2 files changed, 3 insertions, 1 deletions
diff --git a/contrib/epee/include/net/net_ssl.h b/contrib/epee/include/net/net_ssl.h
index 957903ff8..5ef2ff59d 100644
--- a/contrib/epee/include/net/net_ssl.h
+++ b/contrib/epee/include/net/net_ssl.h
@@ -37,6 +37,8 @@
#include <boost/asio/ssl.hpp>
#include <boost/system/error_code.hpp>
+#define SSL_FINGERPRINT_SIZE 32
+
namespace epee
{
namespace net_utils
diff --git a/contrib/epee/src/net_ssl.cpp b/contrib/epee/src/net_ssl.cpp
index 7bedb18ac..c17d86eca 100644
--- a/contrib/epee/src/net_ssl.cpp
+++ b/contrib/epee/src/net_ssl.cpp
@@ -321,7 +321,7 @@ bool ssl_options_t::has_fingerprint(boost::asio::ssl::verify_context &ctx) const
unsigned int size{ 0 };
// create the digest from the certificate
- if (!X509_digest(cert, EVP_sha1(), digest.data(), &size)) {
+ if (!X509_digest(cert, EVP_sha256(), digest.data(), &size)) {
MERROR("Failed to create certificate fingerprint");
return false;
}