summaryrefslogtreecommitdiff
path: root/src/modules/extra
diff options
context:
space:
mode:
authorAttila Molnar <attilamolnar@hush.com>2014-10-10 14:26:09 +0200
committerAttila Molnar <attilamolnar@hush.com>2014-10-10 14:26:09 +0200
commit44542c1f1acabbf00f8f468f3bb837c5a8b2736e (patch)
tree2e69d4fd83dff1e47c8d01344eb2a99befb8e53e /src/modules/extra
parentb4dc9d871cd8c7817c6dff17c76b66e989712ffc (diff)
m_ssl_openssl Allow configuring raw OpenSSL context options
Diffstat (limited to 'src/modules/extra')
-rw-r--r--src/modules/extra/m_ssl_openssl.cpp29
1 files changed, 27 insertions, 2 deletions
diff --git a/src/modules/extra/m_ssl_openssl.cpp b/src/modules/extra/m_ssl_openssl.cpp
index 37d2a9cdf..518712c00 100644
--- a/src/modules/extra/m_ssl_openssl.cpp
+++ b/src/modules/extra/m_ssl_openssl.cpp
@@ -102,10 +102,29 @@ class ModuleSSLOpenSSL : public Module
SSL_CTX* ctx;
SSL_CTX* clictx;
+ long ctx_options;
+ long clictx_options;
+
std::string sslports;
bool use_sha;
ServiceProvider iohook;
+
+ static void SetContextOptions(SSL_CTX* ctx, long defoptions, const std::string& ctxname, ConfigTag* tag)
+ {
+ long setoptions = tag->getInt(ctxname + "setoptions");
+ long clearoptions = tag->getInt(ctxname + "clearoptions");
+ ServerInstance->Logs->Log("m_ssl_openssl", DEBUG, "Setting OpenSSL %s context options, default: %ld set: %ld clear: %ld", ctxname.c_str(), defoptions, clearoptions, setoptions);
+
+ // Clear everything
+ SSL_CTX_clear_options(ctx, SSL_CTX_get_options(ctx));
+
+ // Set the default options and what is in the conf
+ SSL_CTX_set_options(ctx, defoptions | setoptions);
+ long final = SSL_CTX_clear_options(ctx, clearoptions);
+ ServerInstance->Logs->Log("m_ssl_openssl", DEFAULT, "OpenSSL %s context options: %ld", ctxname.c_str(), final);
+ }
+
public:
ModuleSSLOpenSSL() : iohook(this, "ssl/openssl", SERVICE_IOHOOK)
@@ -140,8 +159,8 @@ class ModuleSSLOpenSSL : public Module
opts |= SSL_OP_NO_TICKET;
#endif
- SSL_CTX_set_options(ctx, opts);
- SSL_CTX_set_options(clictx, opts);
+ ctx_options = SSL_CTX_set_options(ctx, opts);
+ clictx_options = SSL_CTX_set_options(clictx, opts);
}
void init()
@@ -223,6 +242,12 @@ class ModuleSSLOpenSSL : public Module
throw ModuleException("Unknown hash type " + hash);
use_sha = (hash == "sha1");
+ if (conf->getBool("customcontextoptions"))
+ {
+ SetContextOptions(ctx, ctx_options, "server", conf);
+ SetContextOptions(clictx, clictx_options, "client", conf);
+ }
+
std::string ciphers = conf->getString("ciphers", "");
if (!ciphers.empty())