Page 1 of 1

[9.20rc2] ClientCert thumbprint stored partially

Posted: 2018-06-20, 19:54 UTC
by Flint
The newly added SHA1 thumbprint part of the ClientCert key contains only the first half of the actual thumbprint.

For example, when I choose some certificate I get:

Code: Select all

ClientCert=kxpndYZUqkSBfrIMBZAZSw==:0AC7658CBF903E84E7D6
while the full thumbprint looks like:

Code: Select all

0a c7 65 8c bf 90 3e 84 e7 d6 dc db 75 8c 46 c6 ab 0f e5 75
<Added>
Sorry, posted into wrong forum. Should be under "9.2x bug reports". :oops:

Posted: 2018-06-21, 09:26 UTC
by ghisler(Author)
Yes indeed I'm using only half the hash. This is fully sufficient to find the right certificate in the certificate store. Before this change I only used the serial number - this is something the certificate creator can set, and may be meaningless when using a self signed certificate.