From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from gate001.proxmox.com (gate001.proxmox.com [IPv6:2a0f:8001:1:32::40]) by lore.proxmox.com (Postfix) with ESMTPS id 1B9F81FF13E for ; Wed, 01 Jul 2026 12:32:57 +0200 (CEST) Received: from gate001.proxmox.com (localhost.localdomain [127.0.0.1]) by gate001.proxmox.com (Proxmox) with ESMTP id 20363214B5; Wed, 01 Jul 2026 12:32:16 +0200 (CEST) From: Dominik Csapak To: pve-devel@lists.proxmox.com, pbs-devel@lists.proxmox.com Subject: [PATCH proxmox-backup v4 7/8] pbs-client: honor already verified fingerprint Date: Wed, 1 Jul 2026 12:30:51 +0200 Message-ID: <20260701103120.1593265-8-d.csapak@proxmox.com> X-Mailer: git-send-email 2.47.3 In-Reply-To: <20260701103120.1593265-1-d.csapak@proxmox.com> References: <20260701103120.1593265-1-d.csapak@proxmox.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-SPAM-LEVEL: Spam detection results: 0 DMARC_MISSING 0.1 Missing DMARC policy KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment (newer systems) SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record Message-ID-Hash: HEKAPSHKKNZQFLGAYLK3ANIQFC7BLFHT X-Message-ID-Hash: HEKAPSHKKNZQFLGAYLK3ANIQFC7BLFHT X-MailFrom: d.csapak@proxmox.com X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; loop; banned-address; emergency; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header X-Mailman-Version: 3.3.10 Precedence: list List-Id: Proxmox VE development discussion List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: When there is an invalid fingerprint or a mismatch and the client is executed in an interactive way, the user is asked if he wants to trust the fingerprint. OpenSSL might evaluate the verify callback multiple times per certificate (for different errors for example), so we have to check if the fingerprint matches the one we already verified. Otherwise the user gets multiple prompts directly after another. Signed-off-by: Dominik Csapak --- pbs-client/src/http_client.rs | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/pbs-client/src/http_client.rs b/pbs-client/src/http_client.rs index 27f5a1782..f953a1e58 100644 --- a/pbs-client/src/http_client.rs +++ b/pbs-client/src/http_client.rs @@ -431,6 +431,18 @@ impl HttpClient { let interactive = options.interactive; let fingerprint_cache = options.fingerprint_cache; let prefix = options.prefix.clone(); + let check_fp_verified = |verified_fingerprint: &Arc>>, + fingerprint: &Fingerprint| + -> bool { + let verified = verified_fingerprint.lock().unwrap(); + if let Some(verified) = &*verified { + if *verified == fingerprint.to_string() { + // already verified + return true; + } + } + false + }; ssl_connector_builder.set_verify_callback( openssl::ssl::SslVerifyMode::PEER, move |valid, ctx| match openssl_verify_callback( @@ -453,6 +465,9 @@ impl HttpClient { error!("certificate validation failed - failed to calculate FP - {error_stack}") }, SslVerifyError::UntrustedCertificate { fingerprint } => { + if check_fp_verified(&verified_fingerprint, &fingerprint) { + return true; + } if interactive && std::io::stdin().is_terminal() { match Self::interactive_fp_check(prefix.as_deref(), &server, verified_fingerprint.clone(), fingerprint_cache, fingerprint) { Ok(()) => return true, @@ -461,6 +476,9 @@ impl HttpClient { } } SslVerifyError::FingerprintMismatch { fingerprint, expected } => { + if check_fp_verified(&verified_fingerprint, &fingerprint) { + return true; + } warn!("WARNING: certificate fingerprint does not match expected fingerprint!"); warn!("expected: {expected}"); -- 2.47.3