On Thu, May 10, 2018 at 4:38 AM, Ryan Taylor <rptaylor at uvic.ca> wrote: > > Hello, > > The manual describes the --servercert option as follows: > http://www.infradead.org/openconnect/manual.html > > "Accept server?s SSL certificate only if the provided fingerprint matches. The allowed fingerprint > types are SHA1, and SHA256. They are distinguished by the ?sha1:? or ?sha256:? prefixes to the hex > encoded hash. To ease certain testing use-cases, a partial match of the hash will also be accepted, > if it is at least 4 characters." > > Is it really true that only 4 characters need to match the hash in order for the certificate to be > accepted? ... > Probability of a random 4-char hex string matching a given 64-char hex string is (ignoring the > possibility of consecutive repeated characters): 1 - (1 - 16^-4)^61 = 0.00093 > > A random 64-char string has 61 attempts to match a 4-char substring, so the probability is > (ignoring the possibility of consecutive repeated characters): 1 - (1 - 0.00093)^61 = 0.055 No, openconnect checks for a matching *prefix*, not for a match to a substring at an arbitrary position. This is from openconnect_check_peer_cert_hash in library.c: int openconnect_check_peer_cert_hash(struct openconnect_info *vpninfo, const char *old_hash) { ... /* allow partial matches */ if (old_len < fingerprint_len) { if (strncasecmp(old_hash, fingerprint, MAX(min_match_len, old_len))) { if (old_len < min_match_len) { vpn_progress(vpninfo, PRG_ERR, _("The size of the provided fingerprint is less than the minimum required (%u).\n"), real_min_match_len); } return 1; } } else { if (strcasecmp(old_hash, fingerprint)) return 1;
