irc: add support of SHA-256 and SHA-512 algorithms in server option "ssl_fingerprint" (closes #281)

2026-06-28 13:56:37 +02:00 · 2015-04-18 18:52:20 +02:00
parent 9598bd4919
commit fe9a9fbfce
22 changed files with 382 additions and 121 deletions
@@ -28,6 +28,8 @@ https://weechat.org/files/releasenotes/ReleaseNotes-devel.html[release notes]
 * core: add option "-s" in command /eval to split expression before evaluating
  it (no more split by default) (closes #324)
 * core: add priority in plugins to initialize them in order
+* irc: add support of SHA-256 and SHA-512 algorithms in server option
+  "ssl_fingerprint" (closes #281)
 * irc: add option "-noswitch" in command /query (closes #394)
 * irc: format message 008 (RPL_SNOMASK) (closes #144)
 * irc: add support of "account-notify" capability (closes #11, closes #246)
@@ -613,7 +613,7 @@
 ** Werte: 0 .. 2147483647 (Standardwert: `2048`)

 * [[option_irc.server_default.ssl_fingerprint]] *irc.server_default.ssl_fingerprint*
-** Beschreibung: `SHA1 Fingerprint des Zertifikates welches als vertrauenswürdig eingestuft und für diesen Server akzeptiert wird (hier müssen exakt 40 hexadezimale Zeichen, ohne Trennung, angegeben werden); mehrere Fingerprints können durch Kommata voneinander getrennt werden; wenn diese Einstellung verwendet wird, dann werden andere Einstellungen, die eine Überprüfung von Zertifikaten vornehmen, NICHT berücksichtigt (Einstellung "ssl_verify")`
+** Beschreibung: `fingerprint of certificate which is trusted and accepted for the server; only hexadecimal digits are allowed (0-9, a-f): 64 chars for SHA-512, 32 chars for SHA-256, 20 chars for SHA-1 (insecure, not recommended); many fingerprints can be separated by commas; if this option is set, the other checks on certificates are NOT performed (option "ssl_verify")`
 ** Typ: Zeichenkette
 ** Werte: beliebige Zeichenkette (Standardwert: `""`)

@@ -613,7 +613,7 @@
 ** values: 0 .. 2147483647 (default value: `2048`)

 * [[option_irc.server_default.ssl_fingerprint]] *irc.server_default.ssl_fingerprint*
-** description: `SHA1 fingerprint of certificate which is trusted and accepted for the server (it must be exactly 40 hexadecimal digits without separators); many fingerprints can be separated by commas; if this option is set, the other checks on certificates are NOT performed (option "ssl_verify")`
+** description: `fingerprint of certificate which is trusted and accepted for the server; only hexadecimal digits are allowed (0-9, a-f): 64 chars for SHA-512, 32 chars for SHA-256, 20 chars for SHA-1 (insecure, not recommended); many fingerprints can be separated by commas; if this option is set, the other checks on certificates are NOT performed (option "ssl_verify")`
 ** type: string
 ** values: any string (default value: `""`)

@@ -613,7 +613,7 @@
 ** valeurs: 0 .. 2147483647 (valeur par défaut: `2048`)

 * [[option_irc.server_default.ssl_fingerprint]] *irc.server_default.ssl_fingerprint*
-** description: `empreinte SHA1 du certificat qui est de confiance et accepté pour le serveur (elle doit avoir exactement 40 caractères hexadécimaux sans séparateurs) ; plusieurs empreintes peuvent être séparées par des virgules ; si cette option est définie, les autres vérifications sur les certificats ne sont PAS effectuées (option "ssl_verify")`
+** description: `empreinte du certificat qui est de confiance et accepté pour le serveur ; seuls les chiffres hexadécimaux sont autorisés (0-9, a-f) : 64 caractères pour SHA-512, 32 caractères pour SHA-256, 20 caractères pour SHA-1 (non sûr, non recommandé) ; plusieurs empreintes peuvent être séparées par des virgules ; si cette option est définie, les autres vérifications sur les certificats ne sont PAS effectuées (option "ssl_verify")`
 ** type: chaîne
 ** valeurs: toute chaîne (valeur par défaut: `""`)

@@ -613,7 +613,7 @@
 ** valori: 0 .. 2147483647 (valore predefinito: `2048`)

 * [[option_irc.server_default.ssl_fingerprint]] *irc.server_default.ssl_fingerprint*
-** descrizione: `SHA1 fingerprint of certificate which is trusted and accepted for the server (it must be exactly 40 hexadecimal digits without separators); many fingerprints can be separated by commas; if this option is set, the other checks on certificates are NOT performed (option "ssl_verify")`
+** descrizione: `fingerprint of certificate which is trusted and accepted for the server; only hexadecimal digits are allowed (0-9, a-f): 64 chars for SHA-512, 32 chars for SHA-256, 20 chars for SHA-1 (insecure, not recommended); many fingerprints can be separated by commas; if this option is set, the other checks on certificates are NOT performed (option "ssl_verify")`
 ** tipo: stringa
 ** valori: qualsiasi stringa (valore predefinito: `""`)

@@ -613,7 +613,7 @@
 ** 値: 0 .. 2147483647 (デフォルト値: `2048`)

 * [[option_irc.server_default.ssl_fingerprint]] *irc.server_default.ssl_fingerprint*
-** 説明: `信頼でき、通信を認めるサーバ証明書の SHA1 指紋 (指紋は必ず空白を含まない 40 桁の 16 進数です); 複数の指紋を設定する場合はコンマで区切ってください; このオプションを設定した場合、証明書に対する他の妥当性確認は行われません (オプション "ssl_verify")`
+** 説明: `fingerprint of certificate which is trusted and accepted for the server; only hexadecimal digits are allowed (0-9, a-f): 64 chars for SHA-512, 32 chars for SHA-256, 20 chars for SHA-1 (insecure, not recommended); many fingerprints can be separated by commas; if this option is set, the other checks on certificates are NOT performed (option "ssl_verify")`
 ** タイプ: 文字列
 ** 値: 未制約文字列 (デフォルト値: `""`)

@@ -613,7 +613,7 @@
 ** wartości: 0 .. 2147483647 (domyślna wartość: `2048`)

 * [[option_irc.server_default.ssl_fingerprint]] *irc.server_default.ssl_fingerprint*
-** opis: `skrót SHA1 certyfikatu, który jest zaufany i akceptowany dla serwera (dokładnie 40 znaków heksadecymalnych bez separatorów); wiele skrótów można oddzielić przecinkami; jeśli ta opcja jest ustawiona, certyfikat NIE jest dalej sprawdzany (opcja "ssl_verify")`
+** opis: `fingerprint of certificate which is trusted and accepted for the server; only hexadecimal digits are allowed (0-9, a-f): 64 chars for SHA-512, 32 chars for SHA-256, 20 chars for SHA-1 (insecure, not recommended); many fingerprints can be separated by commas; if this option is set, the other checks on certificates are NOT performed (option "ssl_verify")`
 ** typ: ciąg
 ** wartości: dowolny ciąg (domyślna wartość: `""`)

@@ -20,7 +20,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: WeeChat\n"
 "Report-Msgid-Bugs-To: flashcode@flashtux.org\n"
-"POT-Creation-Date: 2015-04-17 07:43+0200\n"
+"POT-Creation-Date: 2015-04-18 17:36+0200\n"
 "PO-Revision-Date: 2015-03-21 08:41+0100\n"
 "Last-Translator: Jiri Golembiovsky <golemj@gmail.com>\n"
 "Language-Team: weechat-dev <weechat-dev@nongnu.org>\n"
@@ -6648,7 +6648,14 @@ msgstr ""
 "%s%s: nevalidní řetězec priorit, chyba je na této pozici v řetězci: \"%s\""

 #, c-format
-msgid "%s%s: fingerprint must have exactly 40 hexadecimal digits"
+msgid ""
+"%s%s: invalid fingerprint size, the number of hexadecimal digits must be one "
+"of: %s"
+msgstr ""
+
+#, c-format
+msgid ""
+"%s%s: invalid fingerprint, it must contain only hexadecimal digits (0-9, a-f)"
 msgstr ""

 #, c-format
@@ -6723,8 +6730,9 @@ msgid "size of the key used during the Diffie-Hellman Key Exchange"
 msgstr "velikost klíče použitého při použití výměny klíčů Diffie Hellman"

 msgid ""
-"SHA1 fingerprint of certificate which is trusted and accepted for the server "
-"(it must be exactly 40 hexadecimal digits without separators); many "
+"fingerprint of certificate which is trusted and accepted for the server; "
+"only hexadecimal digits are allowed (0-9, a-f): 64 chars for SHA-512, 32 "
+"chars for SHA-256, 20 chars for SHA-1 (insecure, not recommended); many "
 "fingerprints can be separated by commas; if this option is set, the other "
 "checks on certificates are NOT performed (option \"ssl_verify\")"
 msgstr ""
@@ -8218,7 +8226,7 @@ msgid "%s%s: unable to create socket"
 msgstr "%s%s: nemohu vytvořit server"

 #, fuzzy, c-format
-msgid "%sgnutls: failed to calculate certificate fingerprint"
+msgid "%sgnutls: failed to calculate certificate fingerprint (%s)"
 msgstr "%sgnutls: nemůžu číst certifikát \"%s\""

 #, fuzzy, c-format
@@ -24,7 +24,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: WeeChat\n"
 "Report-Msgid-Bugs-To: flashcode@flashtux.org\n"
-"POT-Creation-Date: 2015-04-17 07:43+0200\n"
+"POT-Creation-Date: 2015-04-18 17:36+0200\n"
 "PO-Revision-Date: 2015-04-15 18:52+0100\n"
 "Last-Translator: Nils Görs <weechatter@arcor.de>\n"
 "Language-Team: German <>\n"
@@ -7597,8 +7597,15 @@ msgstr ""
 "%s%s: ungültige Zeichenkette für Prioritäten. Fehler befindet sich an "
 "folgender Position der Zeichenkette: \"%s\""

-#, c-format
-msgid "%s%s: fingerprint must have exactly 40 hexadecimal digits"
+#, fuzzy, c-format
+msgid ""
+"%s%s: invalid fingerprint size, the number of hexadecimal digits must be one "
+"of: %s"
+msgstr "%s%s: Fingerprint muss aus exakt 40 hexadezimalen Zeichen bestehen"
+
+#, fuzzy, c-format
+msgid ""
+"%s%s: invalid fingerprint, it must contain only hexadecimal digits (0-9, a-f)"
 msgstr "%s%s: Fingerprint muss aus exakt 40 hexadezimalen Zeichen bestehen"

 #, c-format
@@ -7682,9 +7689,11 @@ msgstr ""
 "Größe des Schlüssels der während des Diffie-Hellman-Schlüsselaustausches "
 "genutzt wurde"

+#, fuzzy
 msgid ""
-"SHA1 fingerprint of certificate which is trusted and accepted for the server "
-"(it must be exactly 40 hexadecimal digits without separators); many "
+"fingerprint of certificate which is trusted and accepted for the server; "
+"only hexadecimal digits are allowed (0-9, a-f): 64 chars for SHA-512, 32 "
+"chars for SHA-256, 20 chars for SHA-1 (insecure, not recommended); many "
 "fingerprints can be separated by commas; if this option is set, the other "
 "checks on certificates are NOT performed (option \"ssl_verify\")"
 msgstr ""
@@ -9385,8 +9394,8 @@ msgstr "%s%s: Zeitüberschreitung"
 msgid "%s%s: unable to create socket"
 msgstr "%s%s: Socket kann nicht erstellt werden"

-#, c-format
-msgid "%sgnutls: failed to calculate certificate fingerprint"
+#, fuzzy, c-format
+msgid "%sgnutls: failed to calculate certificate fingerprint (%s)"
 msgstr "%sgnutls: Fingerprint-Zertifikat konnte nicht berechnet werden"

 #, c-format
@@ -22,7 +22,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: WeeChat\n"
 "Report-Msgid-Bugs-To: flashcode@flashtux.org\n"
-"POT-Creation-Date: 2015-04-17 07:43+0200\n"
+"POT-Creation-Date: 2015-04-18 17:36+0200\n"
 "PO-Revision-Date: 2015-03-21 08:41+0100\n"
 "Last-Translator: Elián Hanisch <lambdae2@gmail.com>\n"
 "Language-Team: weechat-dev <weechat-dev@nongnu.org>\n"
@@ -6891,7 +6891,14 @@ msgstr ""
 "\"%s\""

 #, c-format
-msgid "%s%s: fingerprint must have exactly 40 hexadecimal digits"
+msgid ""
+"%s%s: invalid fingerprint size, the number of hexadecimal digits must be one "
+"of: %s"
+msgstr ""
+
+#, c-format
+msgid ""
+"%s%s: invalid fingerprint, it must contain only hexadecimal digits (0-9, a-f)"
 msgstr ""

 #, c-format
@@ -6965,8 +6972,9 @@ msgid "size of the key used during the Diffie-Hellman Key Exchange"
 msgstr "tamaño de la llave usada durante Diffie-Hellman Key Exchange"

 msgid ""
-"SHA1 fingerprint of certificate which is trusted and accepted for the server "
-"(it must be exactly 40 hexadecimal digits without separators); many "
+"fingerprint of certificate which is trusted and accepted for the server; "
+"only hexadecimal digits are allowed (0-9, a-f): 64 chars for SHA-512, 32 "
+"chars for SHA-256, 20 chars for SHA-1 (insecure, not recommended); many "
 "fingerprints can be separated by commas; if this option is set, the other "
 "checks on certificates are NOT performed (option \"ssl_verify\")"
 msgstr ""
@@ -8509,7 +8517,7 @@ msgid "%s%s: unable to create socket"
 msgstr "%s%s: no es posible crear el socket"

 #, fuzzy, c-format
-msgid "%sgnutls: failed to calculate certificate fingerprint"
+msgid "%sgnutls: failed to calculate certificate fingerprint (%s)"
 msgstr "%sgnutls: no es posible leer el certificado \"%s\""

 #, c-format
@@ -21,8 +21,8 @@ msgid ""
 msgstr ""
 "Project-Id-Version: WeeChat\n"
 "Report-Msgid-Bugs-To: flashcode@flashtux.org\n"
-"POT-Creation-Date: 2015-04-17 07:43+0200\n"
-"PO-Revision-Date: 2015-04-17 07:44+0200\n"
+"POT-Creation-Date: 2015-04-18 17:36+0200\n"
+"PO-Revision-Date: 2015-04-18 17:36+0200\n"
 "Last-Translator: Sébastien Helleu <flashcode@flashtux.org>\n"
 "Language-Team: weechat-dev <weechat-dev@nongnu.org>\n"
 "Language: fr\n"
@@ -7456,8 +7456,19 @@ msgstr ""
 "chaîne : \"%s\""

 #, c-format
-msgid "%s%s: fingerprint must have exactly 40 hexadecimal digits"
-msgstr "%s%s : l'empreinte doit avoir exactement 40 chiffres hexadécimaux"
+msgid ""
+"%s%s: invalid fingerprint size, the number of hexadecimal digits must be one "
+"of: %s"
+msgstr ""
+"%s%s : taille d'empreinte invalide, le nombre de chiffres hexadécimaux doit "
+"être l'un de ceux-ci : %s"
+
+#, c-format
+msgid ""
+"%s%s: invalid fingerprint, it must contain only hexadecimal digits (0-9, a-f)"
+msgstr ""
+"%s%s : empreinte invalide, elle doit contenir uniquement des chiffres "
+"hexadécimaux (0-9, a-f)"

 #, c-format
 msgid ""
@@ -7536,16 +7547,18 @@ msgid "size of the key used during the Diffie-Hellman Key Exchange"
 msgstr "taille de clé utilisée pour l'échange de clé Diffie-Hellman"

 msgid ""
-"SHA1 fingerprint of certificate which is trusted and accepted for the server "
-"(it must be exactly 40 hexadecimal digits without separators); many "
+"fingerprint of certificate which is trusted and accepted for the server; "
+"only hexadecimal digits are allowed (0-9, a-f): 64 chars for SHA-512, 32 "
+"chars for SHA-256, 20 chars for SHA-1 (insecure, not recommended); many "
 "fingerprints can be separated by commas; if this option is set, the other "
 "checks on certificates are NOT performed (option \"ssl_verify\")"
 msgstr ""
-"empreinte SHA1 du certificat qui est de confiance et accepté pour le serveur "
-"(elle doit avoir exactement 40 caractères hexadécimaux sans séparateurs) ; "
-"plusieurs empreintes peuvent être séparées par des virgules ; si cette "
-"option est définie, les autres vérifications sur les certificats ne sont PAS "
-"effectuées (option \"ssl_verify\")"
+"empreinte du certificat qui est de confiance et accepté pour le serveur ; "
+"seuls les chiffres hexadécimaux sont autorisés (0-9, a-f) : 64 caractères "
+"pour SHA-512, 32 caractères pour SHA-256, 20 caractères pour SHA-1 (non sûr, "
+"non recommandé) ; plusieurs empreintes peuvent être séparées par des "
+"virgules ; si cette option est définie, les autres vérifications sur les "
+"certificats ne sont PAS effectuées (option \"ssl_verify\")"

 msgid "check that the SSL connection is fully trusted"
 msgstr "vérifier que la connexion SSL est entièrement de confiance"
@@ -9163,8 +9176,8 @@ msgid "%s%s: unable to create socket"
 msgstr "%s%s : impossible de créer le socket"

 #, c-format
-msgid "%sgnutls: failed to calculate certificate fingerprint"
-msgstr "%sgnutls : échec de calcul de l'empreinte du certificat"
+msgid "%sgnutls: failed to calculate certificate fingerprint (%s)"
+msgstr "%sgnutls : échec de calcul de l'empreinte du certificat (%s)"

 #, c-format
 msgid "%sgnutls: connected using %d-bit Diffie-Hellman shared secret exchange"
@@ -20,7 +20,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: WeeChat\n"
 "Report-Msgid-Bugs-To: flashcode@flashtux.org\n"
-"POT-Creation-Date: 2015-04-17 07:43+0200\n"
+"POT-Creation-Date: 2015-04-18 17:36+0200\n"
 "PO-Revision-Date: 2015-03-21 08:41+0100\n"
 "Last-Translator: Andras Voroskoi <voroskoi@frugalware.org>\n"
 "Language-Team: weechat-dev <weechat-dev@nongnu.org>\n"
@@ -6153,7 +6153,14 @@ msgid ""
 msgstr ""

 #, c-format
-msgid "%s%s: fingerprint must have exactly 40 hexadecimal digits"
+msgid ""
+"%s%s: invalid fingerprint size, the number of hexadecimal digits must be one "
+"of: %s"
+msgstr ""
+
+#, c-format
+msgid ""
+"%s%s: invalid fingerprint, it must contain only hexadecimal digits (0-9, a-f)"
 msgstr ""

 #, c-format
@@ -6216,8 +6223,9 @@ msgid "size of the key used during the Diffie-Hellman Key Exchange"
 msgstr ""

 msgid ""
-"SHA1 fingerprint of certificate which is trusted and accepted for the server "
-"(it must be exactly 40 hexadecimal digits without separators); many "
+"fingerprint of certificate which is trusted and accepted for the server; "
+"only hexadecimal digits are allowed (0-9, a-f): 64 chars for SHA-512, 32 "
+"chars for SHA-256, 20 chars for SHA-1 (insecure, not recommended); many "
 "fingerprints can be separated by commas; if this option is set, the other "
 "checks on certificates are NOT performed (option \"ssl_verify\")"
 msgstr ""
@@ -7639,7 +7647,7 @@ msgid "%s%s: unable to create socket"
 msgstr "%s nem sikerült a szervert létrehozni\n"

 #, fuzzy, c-format
-msgid "%sgnutls: failed to calculate certificate fingerprint"
+msgid "%sgnutls: failed to calculate certificate fingerprint (%s)"
 msgstr "Nem sikerült a(z) \"%s\" naplófájlt írni\n"

 #, c-format
@@ -20,7 +20,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: WeeChat\n"
 "Report-Msgid-Bugs-To: flashcode@flashtux.org\n"
-"POT-Creation-Date: 2015-04-17 07:43+0200\n"
+"POT-Creation-Date: 2015-04-18 17:36+0200\n"
 "PO-Revision-Date: 2015-03-21 08:41+0100\n"
 "Last-Translator: Esteban I. Ruiz Moreno <exio4.com@gmail.com>\n"
 "Language-Team: weechat-dev <weechat-dev@nongnu.org>\n"
@@ -7034,7 +7034,14 @@ msgstr ""
 "%s%s: stringa delle proprietà non valida, errore in questa posizione: \"%s\""

 #, c-format
-msgid "%s%s: fingerprint must have exactly 40 hexadecimal digits"
+msgid ""
+"%s%s: invalid fingerprint size, the number of hexadecimal digits must be one "
+"of: %s"
+msgstr ""
+
+#, c-format
+msgid ""
+"%s%s: invalid fingerprint, it must contain only hexadecimal digits (0-9, a-f)"
 msgstr ""

 #, c-format
@@ -7112,8 +7119,9 @@ msgid "size of the key used during the Diffie-Hellman Key Exchange"
 msgstr "dimensione della chiave usata durante lo Scambio Chiavi Diffie-Hellman"

 msgid ""
-"SHA1 fingerprint of certificate which is trusted and accepted for the server "
-"(it must be exactly 40 hexadecimal digits without separators); many "
+"fingerprint of certificate which is trusted and accepted for the server; "
+"only hexadecimal digits are allowed (0-9, a-f): 64 chars for SHA-512, 32 "
+"chars for SHA-256, 20 chars for SHA-1 (insecure, not recommended); many "
 "fingerprints can be separated by commas; if this option is set, the other "
 "checks on certificates are NOT performed (option \"ssl_verify\")"
 msgstr ""
@@ -8664,7 +8672,7 @@ msgid "%s%s: unable to create socket"
 msgstr "%s%s: impossibile creare il socket"

 #, fuzzy, c-format
-msgid "%sgnutls: failed to calculate certificate fingerprint"
+msgid "%sgnutls: failed to calculate certificate fingerprint (%s)"
 msgstr "%sgnutls: impossibile leggere il certificato \"%s\""

 #, c-format
@@ -20,7 +20,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: WeeChat\n"
 "Report-Msgid-Bugs-To: flashcode@flashtux.org\n"
-"POT-Creation-Date: 2015-04-17 07:43+0200\n"
+"POT-Creation-Date: 2015-04-18 17:36+0200\n"
 "PO-Revision-Date: 2015-04-13 00:40+0900\n"
 "Last-Translator: AYANOKOUZI, Ryuunosuke <i38w7i3@yahoo.co.jp>\n"
 "Language-Team: Japanese <https://github.com/l/weechat/tree/translation_ja>\n"
@@ -7146,8 +7146,15 @@ msgid ""
 "%s%s: invalid priorities string, error at this position in string: \"%s\""
 msgstr "%s%s: 不正なプロパティ文字列、文字列のエラーの位置: \"%s\""

-#, c-format
-msgid "%s%s: fingerprint must have exactly 40 hexadecimal digits"
+#, fuzzy, c-format
+msgid ""
+"%s%s: invalid fingerprint size, the number of hexadecimal digits must be one "
+"of: %s"
+msgstr "%s%s: 指紋は必ず 40 桁の 16 進数でなければいけません"
+
+#, fuzzy, c-format
+msgid ""
+"%s%s: invalid fingerprint, it must contain only hexadecimal digits (0-9, a-f)"
 msgstr "%s%s: 指紋は必ず 40 桁の 16 進数でなければいけません"

 #, c-format
@@ -7222,9 +7229,11 @@ msgstr ""
 msgid "size of the key used during the Diffie-Hellman Key Exchange"
 msgstr "Diffie-Hellman 鍵交換で使われる鍵長"

+#, fuzzy
 msgid ""
-"SHA1 fingerprint of certificate which is trusted and accepted for the server "
-"(it must be exactly 40 hexadecimal digits without separators); many "
+"fingerprint of certificate which is trusted and accepted for the server; "
+"only hexadecimal digits are allowed (0-9, a-f): 64 chars for SHA-512, 32 "
+"chars for SHA-256, 20 chars for SHA-1 (insecure, not recommended); many "
 "fingerprints can be separated by commas; if this option is set, the other "
 "checks on certificates are NOT performed (option \"ssl_verify\")"
 msgstr ""
@@ -8794,8 +8803,8 @@ msgstr "%s%s: タイムアウト"
 msgid "%s%s: unable to create socket"
 msgstr "%s%s: ソケットの作成に失敗"

-#, c-format
-msgid "%sgnutls: failed to calculate certificate fingerprint"
+#, fuzzy, c-format
+msgid "%sgnutls: failed to calculate certificate fingerprint (%s)"
 msgstr "%sgnutls: 証明書指紋の計算に失敗しました"

 #, c-format
@@ -21,7 +21,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: WeeChat\n"
 "Report-Msgid-Bugs-To: flashcode@flashtux.org\n"
-"POT-Creation-Date: 2015-04-17 07:43+0200\n"
+"POT-Creation-Date: 2015-04-18 17:36+0200\n"
 "PO-Revision-Date: 2015-03-21 08:41+0100\n"
 "Last-Translator: Krzysztof Korościk <soltys@szluug.org>\n"
 "Language-Team: weechat-dev <weechat-dev@nongnu.org>\n"
@@ -7278,8 +7278,15 @@ msgid ""
 "%s%s: invalid priorities string, error at this position in string: \"%s\""
 msgstr "%s%s: nieprawidłowy ciąg priorytetów, błąd na pozycji: \"%s\""

-#, c-format
-msgid "%s%s: fingerprint must have exactly 40 hexadecimal digits"
+#, fuzzy, c-format
+msgid ""
+"%s%s: invalid fingerprint size, the number of hexadecimal digits must be one "
+"of: %s"
+msgstr "%s%s: skrót musi mieć dokładnie 40 znaków heksadecymalnych"
+
+#, fuzzy, c-format
+msgid ""
+"%s%s: invalid fingerprint, it must contain only hexadecimal digits (0-9, a-f)"
 msgstr "%s%s: skrót musi mieć dokładnie 40 znaków heksadecymalnych"

 #, c-format
@@ -7355,9 +7362,11 @@ msgid "size of the key used during the Diffie-Hellman Key Exchange"
 msgstr ""
 "rozmiar klucza używanego podczas połączenia Wymiany Kluczy Diffie-Hellmana"

+#, fuzzy
 msgid ""
-"SHA1 fingerprint of certificate which is trusted and accepted for the server "
-"(it must be exactly 40 hexadecimal digits without separators); many "
+"fingerprint of certificate which is trusted and accepted for the server; "
+"only hexadecimal digits are allowed (0-9, a-f): 64 chars for SHA-512, 32 "
+"chars for SHA-256, 20 chars for SHA-1 (insecure, not recommended); many "
 "fingerprints can be separated by commas; if this option is set, the other "
 "checks on certificates are NOT performed (option \"ssl_verify\")"
 msgstr ""
@@ -8954,8 +8963,8 @@ msgstr "%s%s: timeout"
 msgid "%s%s: unable to create socket"
 msgstr "%s%s: nie można utworzyć gniazda"

-#, c-format
-msgid "%sgnutls: failed to calculate certificate fingerprint"
+#, fuzzy, c-format
+msgid "%sgnutls: failed to calculate certificate fingerprint (%s)"
 msgstr "%sgnutls: nie udało się wyliczyć odcisku certyfikatu"

 #, c-format
@@ -21,7 +21,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: WeeChat\n"
 "Report-Msgid-Bugs-To: flashcode@flashtux.org\n"
-"POT-Creation-Date: 2015-04-17 07:43+0200\n"
+"POT-Creation-Date: 2015-04-18 17:36+0200\n"
 "PO-Revision-Date: 2015-03-21 08:41+0100\n"
 "Last-Translator: Eduardo Elias <camponez@gmail.com>\n"
 "Language-Team: weechat-dev <weechat-dev@nongnu.org>\n"
@@ -6506,7 +6506,14 @@ msgstr ""
 "%s%s: string de prioridades inválida, erro nesta posição da string: \"%s\""

 #, c-format
-msgid "%s%s: fingerprint must have exactly 40 hexadecimal digits"
+msgid ""
+"%s%s: invalid fingerprint size, the number of hexadecimal digits must be one "
+"of: %s"
+msgstr ""
+
+#, c-format
+msgid ""
+"%s%s: invalid fingerprint, it must contain only hexadecimal digits (0-9, a-f)"
 msgstr ""

 #, c-format
@@ -6582,8 +6589,9 @@ msgid "size of the key used during the Diffie-Hellman Key Exchange"
 msgstr "tamanho da chave utilizada durante a Troca de Chaves Diffie-Hellman"

 msgid ""
-"SHA1 fingerprint of certificate which is trusted and accepted for the server "
-"(it must be exactly 40 hexadecimal digits without separators); many "
+"fingerprint of certificate which is trusted and accepted for the server; "
+"only hexadecimal digits are allowed (0-9, a-f): 64 chars for SHA-512, 32 "
+"chars for SHA-256, 20 chars for SHA-1 (insecure, not recommended); many "
 "fingerprints can be separated by commas; if this option is set, the other "
 "checks on certificates are NOT performed (option \"ssl_verify\")"
 msgstr ""
@@ -8036,7 +8044,7 @@ msgid "%s%s: unable to create socket"
 msgstr "%s%s: não foi possível criar pipe"

 #, fuzzy, c-format
-msgid "%sgnutls: failed to calculate certificate fingerprint"
+msgid "%sgnutls: failed to calculate certificate fingerprint (%s)"
 msgstr "%sgnutls: não foi possível ler certificado \"%s\""

 #, fuzzy, c-format
@@ -21,7 +21,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: WeeChat\n"
 "Report-Msgid-Bugs-To: flashcode@flashtux.org\n"
-"POT-Creation-Date: 2015-04-17 07:43+0200\n"
+"POT-Creation-Date: 2015-04-18 17:36+0200\n"
 "PO-Revision-Date: 2015-03-21 08:41+0100\n"
 "Last-Translator: Aleksey V Zapparov AKA ixti <ixti@member.fsf.org>\n"
 "Language-Team: weechat-dev <weechat-dev@nongnu.org>\n"
@@ -6179,7 +6179,14 @@ msgid ""
 msgstr ""

 #, c-format
-msgid "%s%s: fingerprint must have exactly 40 hexadecimal digits"
+msgid ""
+"%s%s: invalid fingerprint size, the number of hexadecimal digits must be one "
+"of: %s"
+msgstr ""
+
+#, c-format
+msgid ""
+"%s%s: invalid fingerprint, it must contain only hexadecimal digits (0-9, a-f)"
 msgstr ""

 #, c-format
@@ -6242,8 +6249,9 @@ msgid "size of the key used during the Diffie-Hellman Key Exchange"
 msgstr ""

 msgid ""
-"SHA1 fingerprint of certificate which is trusted and accepted for the server "
-"(it must be exactly 40 hexadecimal digits without separators); many "
+"fingerprint of certificate which is trusted and accepted for the server; "
+"only hexadecimal digits are allowed (0-9, a-f): 64 chars for SHA-512, 32 "
+"chars for SHA-256, 20 chars for SHA-1 (insecure, not recommended); many "
 "fingerprints can be separated by commas; if this option is set, the other "
 "checks on certificates are NOT performed (option \"ssl_verify\")"
 msgstr ""
@@ -7672,7 +7680,7 @@ msgid "%s%s: unable to create socket"
 msgstr "%s не могу создать сервер\n"

 #, fuzzy, c-format
-msgid "%sgnutls: failed to calculate certificate fingerprint"
+msgid "%sgnutls: failed to calculate certificate fingerprint (%s)"
 msgstr "Не могу записать лог-файл \"%s\"\n"

 #, c-format
@@ -20,7 +20,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: WeeChat\n"
 "Report-Msgid-Bugs-To: flashcode@flashtux.org\n"
-"POT-Creation-Date: 2015-04-17 07:43+0200\n"
+"POT-Creation-Date: 2015-04-18 17:36+0200\n"
 "PO-Revision-Date: 2015-03-10 21:33+0100\n"
 "Last-Translator: Hasan Kiran <sunder67@hotmail.com>\n"
 "Language-Team: weechat-dev <weechat-dev@nongnu.org>\n"
@@ -5507,7 +5507,14 @@ msgid ""
 msgstr ""

 #, c-format
-msgid "%s%s: fingerprint must have exactly 40 hexadecimal digits"
+msgid ""
+"%s%s: invalid fingerprint size, the number of hexadecimal digits must be one "
+"of: %s"
+msgstr ""
+
+#, c-format
+msgid ""
+"%s%s: invalid fingerprint, it must contain only hexadecimal digits (0-9, a-f)"
 msgstr ""

 #, c-format
@@ -5566,8 +5573,9 @@ msgid "size of the key used during the Diffie-Hellman Key Exchange"
 msgstr ""

 msgid ""
-"SHA1 fingerprint of certificate which is trusted and accepted for the server "
-"(it must be exactly 40 hexadecimal digits without separators); many "
+"fingerprint of certificate which is trusted and accepted for the server; "
+"only hexadecimal digits are allowed (0-9, a-f): 64 chars for SHA-512, 32 "
+"chars for SHA-256, 20 chars for SHA-1 (insecure, not recommended); many "
 "fingerprints can be separated by commas; if this option is set, the other "
 "checks on certificates are NOT performed (option \"ssl_verify\")"
 msgstr ""
@@ -6891,9 +6899,9 @@ msgstr "%s%s: zaman aşımı"
 msgid "%s%s: unable to create socket"
 msgstr ""

-#, c-format
-msgid "%sgnutls: failed to calculate certificate fingerprint"
-msgstr ""
+#, fuzzy, c-format
+msgid "%sgnutls: failed to calculate certificate fingerprint (%s)"
+msgstr "%sHata: dosya \"%s\" oluşturulamaz"

 #, c-format
 msgid "%sgnutls: connected using %d-bit Diffie-Hellman shared secret exchange"
@@ -21,7 +21,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: WeeChat\n"
 "Report-Msgid-Bugs-To: flashcode@flashtux.org\n"
-"POT-Creation-Date: 2015-04-17 07:43+0200\n"
+"POT-Creation-Date: 2015-04-18 17:36+0200\n"
 "PO-Revision-Date: 2014-08-16 10:27+0200\n"
 "Last-Translator: Sébastien Helleu <flashcode@flashtux.org>\n"
 "Language-Team: weechat-dev <weechat-dev@nongnu.org>\n"
@@ -5442,7 +5442,14 @@ msgid ""
 msgstr ""

 #, c-format
-msgid "%s%s: fingerprint must have exactly 40 hexadecimal digits"
+msgid ""
+"%s%s: invalid fingerprint size, the number of hexadecimal digits must be one "
+"of: %s"
+msgstr ""
+
+#, c-format
+msgid ""
+"%s%s: invalid fingerprint, it must contain only hexadecimal digits (0-9, a-f)"
 msgstr ""

 #, c-format
@@ -5501,8 +5508,9 @@ msgid "size of the key used during the Diffie-Hellman Key Exchange"
 msgstr ""

 msgid ""
-"SHA1 fingerprint of certificate which is trusted and accepted for the server "
-"(it must be exactly 40 hexadecimal digits without separators); many "
+"fingerprint of certificate which is trusted and accepted for the server; "
+"only hexadecimal digits are allowed (0-9, a-f): 64 chars for SHA-512, 32 "
+"chars for SHA-256, 20 chars for SHA-1 (insecure, not recommended); many "
 "fingerprints can be separated by commas; if this option is set, the other "
 "checks on certificates are NOT performed (option \"ssl_verify\")"
 msgstr ""
@@ -6827,7 +6835,7 @@ msgid "%s%s: unable to create socket"
 msgstr ""

 #, c-format
-msgid "%sgnutls: failed to calculate certificate fingerprint"
+msgid "%sgnutls: failed to calculate certificate fingerprint (%s)"
 msgstr ""

 #, c-format
@@ -23,6 +23,7 @@
 #include <unistd.h>
 #include <stdio.h>
 #include <string.h>
+#include <ctype.h>
 #include <time.h>
 #include <limits.h>
 #include <pwd.h>
@@ -1060,10 +1061,13 @@ irc_config_server_check_value_cb (void *data,
                                  struct t_config_option *option,
                                  const char *value)
 {
-    int i, index_option, proxy_found, rc;
+    int index_option, proxy_found;
    const char *pos_error, *proxy_name;
-    char **fingerprints;
    struct t_infolist *infolist;
+    #ifdef HAVE_GNUTLS
+    char **fingerprints, *str_sizes;
+    int i, j, rc, algo, length;
+    #endif

    /* make C compiler happy */
    (void) option;
@@ -1115,33 +1119,63 @@ irc_config_server_check_value_cb (void *data,
                }
                break;
            case IRC_SERVER_OPTION_SSL_FINGERPRINT:
-                if (value && value[0] && (strlen (value) != 40))
+                #ifdef HAVE_GNUTLS
+                if (value && value[0])
                {
                    fingerprints = weechat_string_split (value, ",", 0, 0,
                                                         NULL);
                    if (fingerprints)
                    {
-                        rc = 1;
+                        rc = 0;
                        for (i = 0; fingerprints[i]; i++)
                        {
-                            if (strlen (fingerprints[i]) != 40)
+                            length = strlen (fingerprints[i]);
+                            algo = irc_server_fingerprint_search_algo_with_size (
+                                length * 4);
+                            if (algo < 0)
                            {
-                                rc = 0;
+                                rc = -1;
                                break;
                            }
+                            for (j = 0; j < length; j++)
+                            {
+                                if (!isxdigit (fingerprints[i][j]))
+                                {
+                                    rc = -2;
+                                    break;
+                                }
+                            }
+                            if (rc < 0)
+                                break;
                        }
                        weechat_string_free_split (fingerprints);
-                        if (!rc)
+                        switch (rc)
                        {
-                            weechat_printf (
-                                NULL,
-                                _("%s%s: fingerprint must have exactly 40 "
-                                  "hexadecimal digits"),
-                                weechat_prefix ("error"), IRC_PLUGIN_NAME);
-                            return 0;
+                            case -1:  /* invalid size */
+                                str_sizes = irc_server_fingerprint_str_sizes ();
+                                weechat_printf (
+                                    NULL,
+                                    _("%s%s: invalid fingerprint size, the "
+                                      "number of hexadecimal digits must be "
+                                      "one of: %s"),
+                                    weechat_prefix ("error"),
+                                    IRC_PLUGIN_NAME,
+                                    (str_sizes) ? str_sizes : "?");
+                                if (str_sizes)
+                                    free (str_sizes);
+                                return 0;
+                            case -2:  /* invalid content */
+                                weechat_printf (
+                                    NULL,
+                                    _("%s%s: invalid fingerprint, it must "
+                                      "contain only hexadecimal digits (0-9, "
+                                      "a-f)"),
+                                    weechat_prefix ("error"), IRC_PLUGIN_NAME);
+                                return 0;
                        }
                    }
                }
+                #endif
                break;
        }
    }
@@ -1621,12 +1655,13 @@ irc_config_server_new_option (struct t_config_file *config_file,
            new_option = weechat_config_new_option (
                config_file, section,
                option_name, "string",
-                N_("SHA1 fingerprint of certificate which is trusted and "
-                   "accepted for the server (it must be exactly 40 hexadecimal "
-                   "digits without separators); many fingerprints can be "
-                   "separated by commas; if this option is set, the other "
-                   "checks on certificates are NOT performed (option "
-                   "\"ssl_verify\")"),
+                N_("fingerprint of certificate which is trusted and accepted "
+                   "for the server; only hexadecimal digits are allowed (0-9, "
+                   "a-f): 64 chars for SHA-512, 32 chars for SHA-256, "
+                   "20 chars for SHA-1 (insecure, not recommended); many "
+                   "fingerprints can be separated by commas; if this option "
+                   "is set, the other checks on certificates are NOT "
+                   "performed (option \"ssl_verify\")"),
                NULL, 0, 0,
                default_value, value,
                null_value_allowed,
@@ -125,6 +125,15 @@ char *irc_server_chanmodes_default    = "beI,k,l";
 const char *irc_server_send_default_tags = NULL;  /* default tags when       */
                                                  /* sending a message       */

+#ifdef HAVE_GNUTLS
+gnutls_digest_algorithm_t irc_fingerprint_digest_algos[IRC_FINGERPRINT_NUM_ALGOS] =
+{ GNUTLS_DIG_SHA1, GNUTLS_DIG_SHA256, GNUTLS_DIG_SHA512 };
+char *irc_fingerprint_digest_algos_name[IRC_FINGERPRINT_NUM_ALGOS] =
+{ "SHA-1", "SHA-256", "SHA-512" };
+int irc_fingerprint_digest_algos_size[IRC_FINGERPRINT_NUM_ALGOS] =
+{ 160, 256, 512 };
+#endif
+

 void irc_server_reconnect (struct t_irc_server *server);
 void irc_server_free_data (struct t_irc_server *server);
@@ -3706,6 +3715,62 @@ irc_server_create_buffer (struct t_irc_server *server)
    return server->buffer;
 }

+/*
+ * Searches for a fingerprint digest algorithm with the size (in bits).
+ *
+ * Returns index of algo in enum t_irc_fingerprint_digest_algo,
+ * -1 if not found.
+ */
+
+#ifdef HAVE_GNUTLS
+int
+irc_server_fingerprint_search_algo_with_size (int size)
+{
+    int i;
+
+    for (i = 0; i < IRC_FINGERPRINT_NUM_ALGOS; i++)
+    {
+        if (irc_fingerprint_digest_algos_size[i] == size)
+            return i;
+    }
+
+    /* digest algorithm not found */
+    return -1;
+}
+#endif
+
+/*
+ * Returns a string with sizes of allowed fingerprint,
+ * in number of hexadecimal digits (== bits / 4).
+ *
+ * Example of output: "64=SHA-512, 32=SHA-256, 20=SHA-1".
+ *
+ * Note: result must be freed after use.
+ */
+
+#ifdef HAVE_GNUTLS
+char *
+irc_server_fingerprint_str_sizes ()
+{
+    char str_sizes[1024], str_one_size[128];
+    int i;
+
+    str_sizes[0] = '\0';
+
+    for (i = IRC_FINGERPRINT_NUM_ALGOS - 1; i >= 0; i--)
+    {
+        snprintf (str_one_size, sizeof (str_one_size),
+                  "%d=%s%s",
+                  irc_fingerprint_digest_algos_size[i] / 8,
+                  irc_fingerprint_digest_algos_name[i],
+                  (i > 0) ? ", " : "");
+        strcat (str_sizes, str_one_size);
+    }
+
+    return strdup (str_sizes);
+}
+#endif
+
 /*
 * Compares two fingerprints: one hexadecimal (given by user), the second binary
 * (received from IRC server).
@@ -3754,23 +3819,14 @@ irc_server_check_certificate_fingerprint (struct t_irc_server *server,
                                          gnutls_x509_crt_t certificate,
                                          const char *good_fingerprints)
 {
-    unsigned char fingerprint_server[20];
+    unsigned char *fingerprint_server[IRC_FINGERPRINT_NUM_ALGOS];
    char **fingerprints;
-    int i, rc;
-    size_t fingerprint_size;
+    int i, rc, algo;
+    size_t size_bits, size_bytes;

-    fingerprint_size = sizeof (fingerprint_server);
-
-    /* calculate the SHA1 fingerprint for the certificate */
-    if (gnutls_x509_crt_get_fingerprint (certificate, GNUTLS_DIG_SHA1,
-                                         fingerprint_server,
-                                         &fingerprint_size) != GNUTLS_E_SUCCESS)
+    for (i = 0; i < IRC_FINGERPRINT_NUM_ALGOS; i++)
    {
-        weechat_printf (
-            server->buffer,
-            _("%sgnutls: failed to calculate certificate fingerprint"),
-            weechat_prefix ("error"));
-        return 0;
+        fingerprint_server[i] = NULL;
    }

    /* split good_fingerprints */
@@ -3782,18 +3838,65 @@ irc_server_check_certificate_fingerprint (struct t_irc_server *server,

    for (i = 0; fingerprints[i]; i++)
    {
-        /* check if the fingerprint matches */
-        if (irc_server_compare_fingerprints (fingerprints[i],
-                                             fingerprint_server,
-                                             fingerprint_size) == 0)
+        size_bits = strlen (fingerprints[i]) * 4;
+        size_bytes = size_bits / 8;
+
+        algo = irc_server_fingerprint_search_algo_with_size (size_bits);
+        if (algo < 0)
+            continue;
+
+        if (!fingerprint_server[algo])
        {
-            rc = 1;
-            break;
+            fingerprint_server[algo] = malloc (size_bytes);
+            if (fingerprint_server[algo])
+            {
+                /* calculate the fingerprint for the certificate */
+                if (gnutls_x509_crt_get_fingerprint (
+                        certificate,
+                        irc_fingerprint_digest_algos[algo],
+                        fingerprint_server[algo],
+                        &size_bytes) != GNUTLS_E_SUCCESS)
+                {
+                    weechat_printf (
+                        server->buffer,
+                        _("%sgnutls: failed to calculate certificate "
+                          "fingerprint (%s)"),
+                        weechat_prefix ("error"),
+                        irc_fingerprint_digest_algos_name[algo]);
+                    free (fingerprint_server[algo]);
+                    fingerprint_server[algo] = NULL;
+                }
+            }
+            else
+            {
+                weechat_printf (
+                    server->buffer,
+                    _("%s%s: not enough memory"),
+                    weechat_prefix ("error"), IRC_PLUGIN_NAME);
+            }
+        }
+
+        if (fingerprint_server[algo])
+        {
+            /* check if the fingerprint matches */
+            if (irc_server_compare_fingerprints (fingerprints[i],
+                                                 fingerprint_server[algo],
+                                                 size_bytes) == 0)
+            {
+                rc = 1;
+                break;
+            }
        }
    }

    weechat_string_free_split (fingerprints);

+    for (i = 0; i < IRC_FINGERPRINT_NUM_ALGOS; i++)
+    {
+        if (fingerprint_server[i])
+            free (fingerprint_server[i]);
+    }
+
    return rc;
 }
 #endif /* HAVE_GNUTLS */
@@ -241,6 +241,19 @@ struct t_irc_message
    struct t_irc_message *next_message; /* link to next message              */
 };

+/* digest algorithms for fingerprint */
+
+#ifdef HAVE_GNUTLS
+enum t_irc_fingerprint_digest_algo
+{
+    IRC_FINGERPRINT_ALGO_SHA1 = 0,
+    IRC_FINGERPRINT_ALGO_SHA256,
+    IRC_FINGERPRINT_ALGO_SHA512,
+    /* number of digest algorithms */
+    IRC_FINGERPRINT_NUM_ALGOS,
+};
+#endif
+
 extern struct t_irc_server *irc_servers;
 #ifdef HAVE_GNUTLS
 extern const int gnutls_cert_type_prio[];
@@ -307,6 +320,10 @@ extern void irc_server_msgq_add_buffer (struct t_irc_server *server,
 extern void irc_server_msgq_flush ();
 extern void irc_server_set_buffer_title (struct t_irc_server *server);
 extern struct t_gui_buffer *irc_server_create_buffer (struct t_irc_server *server);
+#ifdef HAVE_GNUTLS
+int irc_server_fingerprint_search_algo_with_size (int size);
+char *irc_server_fingerprint_str_sizes ();
+#endif
 extern int irc_server_connect (struct t_irc_server *server);
 extern void irc_server_auto_connect (int auto_connect);
 extern void irc_server_autojoin_channels ();