repo: tlswrap
action: commit
revision: 
path_from: 
revision_from: 5392bf4e1735be79cf334e59c90c7bc8891f015a:
path_to: 
revision_to:
git.thebackupbox.net
tlswrap
git clone git://git.thebackupbox.net/tlswrap
commit 5392bf4e1735be79cf334e59c90c7bc8891f015a
Author: epoch 
Date:   Tue Mar 1 14:51:40 2022 +0000

    forgot to include the sha256: bit of the client hash

diff --git a/tlswrap.c b/tlswrap.c
index 46d1a99aec2f495a819f1e04894f21a714d5ba86..
index ..dd4600bb9ca4ead65c8dfc52c4e346d2da42bcbd 100644
--- a/tlswrap.c
+++ b/tlswrap.c
@@ -78,7 +78,7 @@ int client_cert(const SSL *ssl) {
   char not_before_str[DATE_LEN];
   char not_after_str[DATE_LEN];
   unsigned char client_hash_bin[SHA256LEN];
-  char client_hash_str[2*SHA256LEN+1];//two bytes for each byte and 1 null at the end
+  char client_hash_str[7+(2*SHA256LEN)+1]="sha256:";//7 for strlen("sha256:") and two bytes for each byte and 1 null at the end
   char *serial_str;
   unsigned int len;
   int rc;
@@ -107,7 +107,7 @@ int client_cert(const SSL *ssl) {
   }

   if((rc = X509_digest(peer_cert, digest, (unsigned char *)client_hash_bin, &len))) {
-    hex_encode(client_hash_bin, client_hash_str, SHA256LEN);
+    hex_encode(client_hash_bin, client_hash_str+7, SHA256LEN);// +7 because we want to skip the sha256: that is already in it.
     setenv("TLS_CLIENT_HASH",client_hash_str,1);
   }

-----END OF PAGE-----