[PR #1343] [MERGED] Add support for SHA256 fingerprints #1782

New issue

Closed

opened 2026-05-05 08:01:45 -06:00 by gitea-mirror · 0 comments

gitea-mirror commented

2026-05-05 08:01:45 -06:00

Owner

📋 Pull Request Information

Original PR: https://github.com/debauchee/barrier/pull/1343
Author: @p12tic
Created: 11/1/2021
Status: ✅ Merged
Merged: 11/1/2021
Merged by: @p12tic

Base: master ← Head: sha256-fingerprints

📝 Commits (10+)

0e406d4 lib/net: Extract fingerprint formatting out of SecureSocket
7f71924 lib/net: Make format_ssl_fingerprint() easier to use
96e0021 lib/base: Make to_hex() easier to use
9d8e1fa test: Add test for format_ssl_fingerprint()
767f3d3 test: Extract common test utilities to separate file
a9b3095 lib: Add utility function to convert from hex to binary
b793675 lib/net: Put secure utils into barrier namespace
ef08470 src/lib: Use standard std::vsnprintf() instead of hacking our own
cd7e731 lib: Switch to std::vectorstd::uint8_t for fingerprint data
8548692 lib/base: Implement pattern to execute something at function exit

📊 Changes

41 files changed (+1329 additions, -602 deletions)

View changed files

📝 CMakeLists.txt (+0 -1)
➕ doc/newsfragments/dont-use-openssl-cli.bugfix (+1 -0)
➕ doc/newsfragments/fingerprint-randomart.feature (+3 -0)
➕ doc/newsfragments/sha256-fingerprints.bugfix (+4 -0)
📝 res/config.h.in (+0 -3)
➖ res/openssl/barrier.conf (+0 -65)
📝 src/gui/CMakeLists.txt (+1 -3)
➖ src/gui/src/Fingerprint.cpp (+0 -147)
➖ src/gui/src/Fingerprint.h (+0 -42)
📝 src/gui/src/MainWindow.cpp (+94 -12)
📝 src/gui/src/MainWindow.h (+3 -0)
📝 src/gui/src/MainWindowBase.ui (+83 -17)
📝 src/gui/src/SslCertificate.cpp (+31 -137)
📝 src/gui/src/SslCertificate.h (+2 -2)
📝 src/lib/arch/IArchString.h (+0 -10)
📝 src/lib/arch/unix/ArchStringUnix.cpp (+0 -1)
➖ src/lib/arch/vsnprintf.h (+0 -67)
📝 src/lib/arch/win32/ArchStringWindows.cpp (+0 -5)
📝 src/lib/base/Log.cpp (+1 -1)
📝 src/lib/base/String.cpp (+68 -6)

...and 21 more files

📄 Description

SHA1 fingerprints are no longer state of the art, switch to verifying SHA256 fingerprints.

For the time being both SHA1 and SHA256 fingerprints are shown in the UI. This allows users to verify new connections between old and new versions of Barrier. After the verification is done we store SHA256 fingerprint in our internal fingerprint database and use only that for identifying all future connections from that client.

The issue has been reported by Matthias Gerstner mgerstner@suse.de @mgerstner.

_{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

## 📋 Pull Request Information **Original PR:** https://github.com/debauchee/barrier/pull/1343 **Author:** [@p12tic](https://github.com/p12tic) **Created:** 11/1/2021 **Status:** ✅ Merged **Merged:** 11/1/2021 **Merged by:** [@p12tic](https://github.com/p12tic) **Base:** `master` ← **Head:** `sha256-fingerprints` --- ### 📝 Commits (10+) - [`0e406d4`](https://github.com/debauchee/barrier/commit/0e406d491823bfc9dfed0fcc7934cdece8db7dd0) lib/net: Extract fingerprint formatting out of SecureSocket - [`7f71924`](https://github.com/debauchee/barrier/commit/7f71924a862f64b984688b0c6eb3c14c64f60e2c) lib/net: Make format_ssl_fingerprint() easier to use - [`96e0021`](https://github.com/debauchee/barrier/commit/96e002157213bd127ab4a9c3ea4cab8e97cbbd5a) lib/base: Make to_hex() easier to use - [`9d8e1fa`](https://github.com/debauchee/barrier/commit/9d8e1faf59bbbc0360adc52b964d71a510f4e8a2) test: Add test for format_ssl_fingerprint() - [`767f3d3`](https://github.com/debauchee/barrier/commit/767f3d37ec71b13ed72ea07c9b0b3ff476af3307) test: Extract common test utilities to separate file - [`a9b3095`](https://github.com/debauchee/barrier/commit/a9b30951ce6762353e28e9068af5364778f1fcb2) lib: Add utility function to convert from hex to binary - [`b793675`](https://github.com/debauchee/barrier/commit/b793675ef8cbf7f69fe8ba7cbdf3689e7f60c657) lib/net: Put secure utils into barrier namespace - [`ef08470`](https://github.com/debauchee/barrier/commit/ef08470286fc95be69a8f6307797fc7502064235) src/lib: Use standard std::vsnprintf() instead of hacking our own - [`cd7e731`](https://github.com/debauchee/barrier/commit/cd7e731cb730e912f512ea8b5821aa7b10f90b52) lib: Switch to std::vector<std::uint8_t> for fingerprint data - [`8548692`](https://github.com/debauchee/barrier/commit/85486927b342cd7eceb5d1fd8315a95d5f09f9fd) lib/base: Implement pattern to execute something at function exit ### 📊 Changes **41 files changed** (+1329 additions, -602 deletions) <details> <summary>View changed files</summary> 📝 `CMakeLists.txt` (+0 -1) ➕ `doc/newsfragments/dont-use-openssl-cli.bugfix` (+1 -0) ➕ `doc/newsfragments/fingerprint-randomart.feature` (+3 -0) ➕ `doc/newsfragments/sha256-fingerprints.bugfix` (+4 -0) 📝 `res/config.h.in` (+0 -3) ➖ `res/openssl/barrier.conf` (+0 -65) 📝 `src/gui/CMakeLists.txt` (+1 -3) ➖ `src/gui/src/Fingerprint.cpp` (+0 -147) ➖ `src/gui/src/Fingerprint.h` (+0 -42) 📝 `src/gui/src/MainWindow.cpp` (+94 -12) 📝 `src/gui/src/MainWindow.h` (+3 -0) 📝 `src/gui/src/MainWindowBase.ui` (+83 -17) 📝 `src/gui/src/SslCertificate.cpp` (+31 -137) 📝 `src/gui/src/SslCertificate.h` (+2 -2) 📝 `src/lib/arch/IArchString.h` (+0 -10) 📝 `src/lib/arch/unix/ArchStringUnix.cpp` (+0 -1) ➖ `src/lib/arch/vsnprintf.h` (+0 -67) 📝 `src/lib/arch/win32/ArchStringWindows.cpp` (+0 -5) 📝 `src/lib/base/Log.cpp` (+1 -1) 📝 `src/lib/base/String.cpp` (+68 -6) _...and 21 more files_ </details> ### 📄 Description SHA1 fingerprints are no longer state of the art, switch to verifying SHA256 fingerprints. For the time being both SHA1 and SHA256 fingerprints are shown in the UI. This allows users to verify new connections between old and new versions of Barrier. After the verification is done we store SHA256 fingerprint in our internal fingerprint database and use only that for identifying all future connections from that client. The issue has been reported by Matthias Gerstner <mgerstner@suse.de> @mgerstner. --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>