From fc1151326ca37b40d030676c4bec0eb65175a126 Mon Sep 17 00:00:00 2001 From: Simon Ser Date: Wed, 9 Aug 2023 18:04:30 +0200 Subject: [PATCH] service: add a way to reset a network certfp --- doc/soju.1.scd | 3 ++- service.go | 4 +++- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/doc/soju.1.scd b/doc/soju.1.scd index aae2b20..df33be4 100644 --- a/doc/soju.1.scd +++ b/doc/soju.1.scd @@ -258,7 +258,8 @@ character. Instead of using certificate authorities to check the server's TLS certificate, check whether the server certificate matches the provided fingerprint. This can be used to connect to servers using self-signed - certificates. The fingerprint format is SHA512. + certificates. The fingerprint format is SHA512. An empty string + removes any previous fingerprint. *-nick* Connect with the specified nickname. By default, the account's username diff --git a/service.go b/service.go index 1d11501..788bc06 100644 --- a/service.go +++ b/service.go @@ -530,7 +530,9 @@ func (fs *networkFlagSet) update(network *database.Network) error { if _, err := hex.DecodeString(certFP); err != nil { return fmt.Errorf("the certificate fingerprint must be hex-encoded") } - if len(certFP) == 64 { + if len(certFP) == 0 { + network.CertFP = "" + } else if len(certFP) == 64 { network.CertFP = "sha-256:" + certFP } else if len(certFP) == 128 { network.CertFP = "sha-512:" + certFP