Allow client fingerprint expectation to be generated from CHISEL_KEY as per server #210
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
I have a use case for chisel where a dynamic server instance is created and a client connects shortly after. The service is internet facing so fingerprint validation would be highly desirable. While I can securely share authentication details via other means I can't easily determine the fingerprint a given server will start with. The server accepts a --key option to seed the fingerprint, but the fingerprint this generates isn't known, in advance, to the client.
This mod allows the client to use CHISEL_KEY to generate a fingerprint expectation that matches the fingerprint which will be generated by the server. This key can be generated from, for example, one-time generated private infromation that is only available to the server and client instances allowing the client to avoid man in the middle attacks.