Author: maroon
Added: 2y
Updated: 2y
mIRC: 7.48+
Hits: 375
Downloads: 12
Review: westor
Size: 4.41KB
1 0
Login to vote.
$sslcert Fingerprint of the SSL certificate you're using for SASL External
v1.01
Sorta like $sslcertsha1 and $sslcertsha256 except it also supports all 5 hash identifiers supported by mIRC, including the sha512 fingerprint used by Libera.Chat and the md5 fingerprint (aaargh!) used by Snoonet
You no longer need to reconnect to Libera.Chat in order to find out what's the sha512 fingerprint of your new certificate. Just install the new certificate, and then while still logged in you can do:
//msg nickserv CERT ADD $sslcert(sha512)
You can even use it to check the fingerprint of some other certificate that isn't loaded. This shows the sha256 fingerprint of all *.pem in your mirc folder:
//noop $findfile(.,*.pem,0,1,echo -a $nopath($1-) : $sslcert(sha256,$1-) )
/* $sslcert 1.0 by maroon 2021 Supports additional certificate hashes beyond $sslcertsha1 and $sslcertsha256 i.e. Libera.Chat uses sha512 and Snoonet uses md5 Syntax: $sslcert(<hashname>,optional filename.pem) hashname must be any of sha512 sha256 sha384 sha1 md5. without the filename.pem specified, it looks at the key=filename item of [ssl] section within mirc.ini Tested in v7.67, should work since v7.48 when $sslcertsha1 was added if $sslcert(sha256) returns same result as $sslcertsha256 you should be good to go! * Assumes no certificate is loaded if $sslcertsha1 returns null * Performs sanity check by comparing sha1 hash of certificate found against the $sslcertsha1 result If you find that unneccessary, edit the 1 into 0 in "if (1)" Note that the warning is not checked if you use the optional $2 parm to get the fingerprint of a specific certificate file * Assumes that mirc.ini [ssl] key=filename points to the file containing the cert unless cert= isn't blank if the cert used by $sslcertsha1 is always in the key=filename then comment the scriptline as directed below * Supports ONLY a public certificate contained in the format found in .pem files. That's the format created when letting mIRC create the certificate. Let me know if there's another format you need supported * Uses only the 1st certificate header it finds in the [ssl] key= file The fingerprint returned by $sslcertsha256 is the sha256 hash of the binary certificate that's encoded as mime inside the .pem file created by mIRC. The other fingerprints are simply using a different hash against the same string //tokenize 32 sha512 sha256 sha1 sha384 md5 | while ($1) { if ($sslcertsha1) echo -a $1 : $sslcert($1) | tokenize 32 $2- } If you're logged in at Libera.Chat and have installed a certificate that's not yet broadcast at ON CONNECT, you can now add the certificate without needing to reconnect first: //msg nickserv CERT ADD $sslcert(sha512) This snippet runs fine in the aliases.ini if you remove the 'alias' keyword */ alias sslcert { ; preserves $v1 and $v2 in the calling script var %v1 $v1, %v2 $v2 if (!$isid) { var %err must be used as an identifier | goto bad } var %hashname $1 | if (!$istok(sha512 sha256 sha1 sha384 md5,$1,32)) { var %err unknown hash $1 | goto bad } var %sha1 $~sslcertsha1 | if (%sha1 == $null) { var %result | goto result } if ($2 != $null) var %readfile $2 else var %readfile $readini($mircini,n,ssl,key) if (!$isfile(%readfile)) { var %err CERT file %readfile missing | goto bad } var %pattern ^-{3,}\s*BEGIN CERTIFICATE\s*-{3,}$ var %header $read(%readfile,ntr,%pattern) , %readn $readn + 1 if (%header == $null) { var %err can't find CERT in %readfile | goto bad } var %mime , %err invalid cert in %readfile , %footer ^-{3,}\s*END CERTIFICATE\s*-{3,}$ while ($read(%readfile,nt,%readn) != $null) { var %v1 $v1 | if ($regex(foo,%v1,%footer)) goto success if ($regex(foo,%v1,^[A-Za-z0-9\/+]+=*$) <= 0) { var %err unexpected base64 encountered in %readfile %v1 | goto bad } var %mime $+(%mime,%v1) | inc %readn } :bad echo 2 -s *$sslcert: %err syntax: $ $+ sslcert( <sha512|sha256|sha1|md5|sha384> , [optional filename.pem] ) halt return :success var %err if (%mime == $null) { var %err missing CERT data in %readfile | goto bad } bset -tc &maroon.tmp 1 %mime if (!$decode(&maroon.tmp,bm)) { var %err error decoding certificate | goto bad } if ($1 == sha512) { var %result $sha512(&maroon.tmp,1) | goto validate } if ($1 == sha256) { var %result $sha256(&maroon.tmp,1) | goto validate } if ($1 == sha1 ) { var %result $sha1(&maroon.tmp,1) | goto validate } if ($1 == sha384) { var %result $sha384(&maroon.tmp,1) | goto validate } if ($1 == md5 ) { var %result $md5(&maroon.tmp,1) | goto validate } goto bad :validate if ($2 == $null) { if (1) { var %sha1 $sslcertsha1 if (%sha1 != $sha1(&maroon.tmp,1)) { var %err unknown error causes CERT in %readfile to not return same result $v1 for sha1 as from $ $+ sslcertsha1 $v2 goto bad } } } :result if (%v1 != %v2) noop | return %result ; restoring $v1 and $v2 for caller script }
Fixed the syntax message, and now ignore the cert chain file