فهرست منبع

Bug fix: SHA-1 fingerprint of TLS/SSL certificate was incorrectly presented as MD5 by Session.ScanFingerprint

Source commit: 84a05cb0005a569ce7c44a5b569565ec4c53ae5b
Martin Prikryl 5 سال پیش
والد
کامیت
354626cb12
3فایلهای تغییر یافته به همراه16 افزوده شده و 5 حذف شده
  1. 8 3
      source/core/Terminal.cpp
  2. 2 1
      source/core/Terminal.h
  3. 6 1
      source/windows/ConsoleRunner.cpp

+ 8 - 3
source/core/Terminal.cpp

@@ -1124,7 +1124,7 @@ void __fastcall TTerminal::ResetConnection()
   // as they can still be referenced in the GUI atm
 }
 //---------------------------------------------------------------------------
-void __fastcall TTerminal::FingerprintScan(UnicodeString & SHA256, UnicodeString & MD5)
+void __fastcall TTerminal::FingerprintScan(UnicodeString & SHA256, UnicodeString & SHA1, UnicodeString & MD5)
 {
   SessionData->FingerprintScan = true;
   try
@@ -1136,9 +1136,12 @@ void __fastcall TTerminal::FingerprintScan(UnicodeString & SHA256, UnicodeString
   }
   catch (...)
   {
-    if (!FFingerprintScannedSHA256.IsEmpty() || !FFingerprintScannedMD5.IsEmpty())
+    if (!FFingerprintScannedSHA256.IsEmpty() ||
+        !FFingerprintScannedSHA1.IsEmpty() ||
+        !FFingerprintScannedMD5.IsEmpty())
     {
       SHA256 = FFingerprintScannedSHA256;
+      SHA1 = FFingerprintScannedSHA1;
       MD5 = FFingerprintScannedMD5;
     }
     else
@@ -1240,6 +1243,7 @@ void __fastcall TTerminal::Open()
                   if (SessionData->FingerprintScan)
                   {
                     FSecureShell->GetHostKeyFingerprint(FFingerprintScannedSHA256, FFingerprintScannedMD5);
+                    FFingerprintScannedSHA1 = UnicodeString();
                   }
                   if (!FSecureShell->Active && !FTunnelError.IsEmpty())
                   {
@@ -1326,7 +1330,8 @@ void __fastcall TTerminal::Open()
             DebugAlwaysTrue(SessionData->Ftps != ftpsNone))
         {
           FFingerprintScannedSHA256 = UnicodeString();
-          FFingerprintScannedMD5 = FFileSystem->GetSessionInfo().CertificateFingerprint;
+          FFingerprintScannedSHA1 = FFileSystem->GetSessionInfo().CertificateFingerprint;
+          FFingerprintScannedMD5 = UnicodeString();
         }
         // Particularly to prevent reusing a wrong client certificate passphrase
         // in the next login attempt

+ 2 - 1
source/core/Terminal.h

@@ -218,6 +218,7 @@ private:
   bool FRememberedTunnelPasswordTried;
   int FNesting;
   UnicodeString FFingerprintScannedSHA256;
+  UnicodeString FFingerprintScannedSHA1;
   UnicodeString FFingerprintScannedMD5;
   DWORD FLastProgressLogged;
   UnicodeString FDestFileName;
@@ -495,7 +496,7 @@ public:
   __fastcall ~TTerminal();
   void __fastcall Open();
   void __fastcall Close();
-  void __fastcall FingerprintScan(UnicodeString & SHA256, UnicodeString & MD5);
+  void __fastcall FingerprintScan(UnicodeString & SHA256, UnicodeString & SHA1, UnicodeString & MD5);
   void __fastcall Reopen(int Params);
   virtual void __fastcall DirectoryModified(const UnicodeString Path, bool SubDirs);
   virtual void __fastcall DirectoryLoaded(TRemoteFileList * FileList);

+ 6 - 1
source/windows/ConsoleRunner.cpp

@@ -2584,12 +2584,17 @@ int __fastcall FingerprintScan(TConsole * Console, TProgramParams * Params)
 
     std::unique_ptr<TTerminal> Terminal(new TTerminal(SessionData.get(), Configuration));
     UnicodeString SHA256;
+    UnicodeString SHA1;
     UnicodeString MD5;
-    Terminal->FingerprintScan(SHA256, MD5);
+    Terminal->FingerprintScan(SHA256, SHA1, MD5);
     if (!SHA256.IsEmpty())
     {
       Console->PrintLine(FORMAT(L"SHA-256: %s", (SHA256)));
     }
+    if (!SHA1.IsEmpty())
+    {
+      Console->PrintLine(FORMAT(L"SHA-1: %s", (SHA1)));
+    }
     if (!MD5.IsEmpty())
     {
       Console->PrintLine(FORMAT(L"MD5:     %s", (MD5)));