kiwiirc / irc-framework

🛠️ A better IRC framework for node.js. For bots and full clients.
MIT License
182 stars 65 forks source link

Fix retrieving multiple certificate fingerprints on InspIRCd v4. #379

Closed SadieCat closed 2 months ago

SadieCat commented 2 months ago

InspIRCd v4 supports using multiple TLS fingerprint algorithms to allow upgrading from insecure algorithms over time. We expose this to clients by sending multiple RPL_WHOISCERTFP lines.

Unfortunately, irc-framework only caches the last of these to users which breaks WHOIS output on The Lounge as the last one on multiple-fingerprint networks is always a fallback. This has resulted in confused users who are unsure why their client is showing a different fingerprint to services.

This PR fixes that by caching the multiple fingerprint algorithms sent by the IRC server.

ItsOnlyBinary commented 2 months ago

Thanks for pointing this out.

Would you be happy if the first RPL_WHOISCERTFP is set as certfp then any extras are added to certfp_fallbacks array? This way would ensure backwards compatibility, while offering the option to update and display the extra certs.

I can make the changes if you think this is acceptable

SadieCat commented 2 months ago

I'm fine with that. :)

You could also just add a certfps field and deprecate the old API. I'm not too bothered either way.

SadieCat commented 2 months ago

I updated this to match what I suggested. Is this acceptable?