fix #3391: improve mismatched fingerprint handling
if the expected fingerprint and the one returned by the server don't match, print a warning and allow confirmation and proceeding if running interactive. previous: $ proxmox-backup-client ... Error: error trying to connect: error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:../ssl/statem/statem_clnt.c:1915: new: $ proxmox-backup-client ... WARNING: certificate fingerprint does not match expected fingerprint! expected: ac:cb:6a:bc:d6:b7:b4:77:3e:17:05:d6:b6:29:dd:1f:05:9c:2b:3a:df:84:3b:4d:f9:06:2c:be:da:06:52:12 fingerprint: ab:cb:6a:bc:d6:b7:b4:77:3e:17:05:d6:b6:29:dd:1f:05:9c:2b:3a:df:84:3b:4d:f9:06:2c:be:da:06:52:12 Are you sure you want to continue connecting? (y/n): n Error: error trying to connect: error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:../ssl/statem/statem_clnt.c:1915: Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
This commit is contained in:
parent
68b102269f
commit
dda1b4fa44
@ -498,10 +498,12 @@ impl HttpClient {
|
||||
.collect::<Vec<&str>>().join(":");
|
||||
|
||||
if let Some(expected_fingerprint) = expected_fingerprint {
|
||||
if expected_fingerprint.to_lowercase() == fp_string {
|
||||
let expected_fingerprint = expected_fingerprint.to_lowercase();
|
||||
if expected_fingerprint == fp_string {
|
||||
return (true, Some(fp_string));
|
||||
} else {
|
||||
return (false, None);
|
||||
eprintln!("WARNING: certificate fingerprint does not match expected fingerprint!");
|
||||
eprintln!("expected: {}", expected_fingerprint);
|
||||
}
|
||||
}
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user