Closed SadieCat closed 2 months ago
Thanks for pointing this out.
Would you be happy if the first RPL_WHOISCERTFP
is set as certfp
then any extras are added to certfp_fallbacks array? This way would ensure backwards compatibility, while offering the option to update and display the extra certs.
I can make the changes if you think this is acceptable
I'm fine with that. :)
You could also just add a certfps
field and deprecate the old API. I'm not too bothered either way.
I updated this to match what I suggested. Is this acceptable?
InspIRCd v4 supports using multiple TLS fingerprint algorithms to allow upgrading from insecure algorithms over time. We expose this to clients by sending multiple
RPL_WHOISCERTFP
lines.Unfortunately, irc-framework only caches the last of these to users which breaks WHOIS output on The Lounge as the last one on multiple-fingerprint networks is always a fallback. This has resulted in confused users who are unsure why their client is showing a different fingerprint to services.
This PR fixes that by caching the multiple fingerprint algorithms sent by the IRC server.