diff options
author | Attila Molnar <attilamolnar@hush.com> | 2014-10-10 14:26:09 +0200 |
---|---|---|
committer | Attila Molnar <attilamolnar@hush.com> | 2014-10-10 14:26:09 +0200 |
commit | 44542c1f1acabbf00f8f468f3bb837c5a8b2736e (patch) | |
tree | 2e69d4fd83dff1e47c8d01344eb2a99befb8e53e /src/modules/extra | |
parent | b4dc9d871cd8c7817c6dff17c76b66e989712ffc (diff) |
m_ssl_openssl Allow configuring raw OpenSSL context options
Diffstat (limited to 'src/modules/extra')
-rw-r--r-- | src/modules/extra/m_ssl_openssl.cpp | 29 |
1 files changed, 27 insertions, 2 deletions
diff --git a/src/modules/extra/m_ssl_openssl.cpp b/src/modules/extra/m_ssl_openssl.cpp index 37d2a9cdf..518712c00 100644 --- a/src/modules/extra/m_ssl_openssl.cpp +++ b/src/modules/extra/m_ssl_openssl.cpp @@ -102,10 +102,29 @@ class ModuleSSLOpenSSL : public Module SSL_CTX* ctx; SSL_CTX* clictx; + long ctx_options; + long clictx_options; + std::string sslports; bool use_sha; ServiceProvider iohook; + + static void SetContextOptions(SSL_CTX* ctx, long defoptions, const std::string& ctxname, ConfigTag* tag) + { + long setoptions = tag->getInt(ctxname + "setoptions"); + long clearoptions = tag->getInt(ctxname + "clearoptions"); + ServerInstance->Logs->Log("m_ssl_openssl", DEBUG, "Setting OpenSSL %s context options, default: %ld set: %ld clear: %ld", ctxname.c_str(), defoptions, clearoptions, setoptions); + + // Clear everything + SSL_CTX_clear_options(ctx, SSL_CTX_get_options(ctx)); + + // Set the default options and what is in the conf + SSL_CTX_set_options(ctx, defoptions | setoptions); + long final = SSL_CTX_clear_options(ctx, clearoptions); + ServerInstance->Logs->Log("m_ssl_openssl", DEFAULT, "OpenSSL %s context options: %ld", ctxname.c_str(), final); + } + public: ModuleSSLOpenSSL() : iohook(this, "ssl/openssl", SERVICE_IOHOOK) @@ -140,8 +159,8 @@ class ModuleSSLOpenSSL : public Module opts |= SSL_OP_NO_TICKET; #endif - SSL_CTX_set_options(ctx, opts); - SSL_CTX_set_options(clictx, opts); + ctx_options = SSL_CTX_set_options(ctx, opts); + clictx_options = SSL_CTX_set_options(clictx, opts); } void init() @@ -223,6 +242,12 @@ class ModuleSSLOpenSSL : public Module throw ModuleException("Unknown hash type " + hash); use_sha = (hash == "sha1"); + if (conf->getBool("customcontextoptions")) + { + SetContextOptions(ctx, ctx_options, "server", conf); + SetContextOptions(clictx, clictx_options, "client", conf); + } + std::string ciphers = conf->getString("ciphers", ""); if (!ciphers.empty()) |