diff options
author | Attila Molnar <attilamolnar@hush.com> | 2012-07-13 12:24:06 -0700 |
---|---|---|
committer | Attila Molnar <attilamolnar@hush.com> | 2012-07-13 12:24:06 -0700 |
commit | 74ee9af96639323d852a8b15be72ee9974e0a826 (patch) | |
tree | 2a37207f6517a5dd7ceb7562b86a2e200fb6debc /src/modules/extra/m_ssl_openssl.cpp | |
parent | c59a768fc72a96d88606acd4c5ffa59934da6e60 (diff) | |
parent | 230f6f87aec8b1e0920091c44f149fdc3fced377 (diff) |
Merge pull request #230 from Robby-/insp20-openssl
[2.0] m_ssl_openssl: Show cipher used on connect and allow available ciphers to be customized.
Diffstat (limited to 'src/modules/extra/m_ssl_openssl.cpp')
-rw-r--r-- | src/modules/extra/m_ssl_openssl.cpp | 13 |
1 files changed, 11 insertions, 2 deletions
diff --git a/src/modules/extra/m_ssl_openssl.cpp b/src/modules/extra/m_ssl_openssl.cpp index 0a5a76792..fa9442a00 100644 --- a/src/modules/extra/m_ssl_openssl.cpp +++ b/src/modules/extra/m_ssl_openssl.cpp @@ -198,6 +198,13 @@ class ModuleSSLOpenSSL : public Module throw ModuleException("Unknown hash type " + hash); use_sha = (hash == "sha1"); + std::string ciphers = conf->getString("ciphers", "ALL"); + if ((!SSL_CTX_set_cipher_list(ctx, ciphers.c_str())) || (!SSL_CTX_set_cipher_list(clictx, ciphers.c_str()))) + { + ServerInstance->Logs->Log("m_ssl_openssl",DEFAULT, "m_ssl_openssl.so: Can't set cipher list to %s.", ciphers.c_str()); + ERR_print_errors_cb(error_callback, this); + } + /* Load our keys and certificates * NOTE: OpenSSL's error logging API sucks, don't blame us for this clusterfuck. @@ -262,8 +269,10 @@ class ModuleSSLOpenSSL : public Module if (sessions[user->eh.GetFd()].sess) { if (!sessions[user->eh.GetFd()].cert->fingerprint.empty()) - user->WriteServ("NOTICE %s :*** You are connected using SSL fingerprint %s", - user->nick.c_str(), sessions[user->eh.GetFd()].cert->fingerprint.c_str()); + user->WriteServ("NOTICE %s :*** You are connected using SSL cipher \"%s\"" + " and your SSL fingerprint is %s", user->nick.c_str(), SSL_get_cipher(sessions[user->eh.GetFd()].sess), sessions[user->eh.GetFd()].cert->fingerprint.c_str()); + else + user->WriteServ("NOTICE %s :*** You are connected using SSL cipher \"%s\"", user->nick.c_str(), SSL_get_cipher(sessions[user->eh.GetFd()].sess)); } } } |