summaryrefslogtreecommitdiff
path: root/src/modules/extra
diff options
context:
space:
mode:
authordanieldg <danieldg@e03df62e-2008-0410-955e-edbf42e46eb7>2009-07-02 18:17:33 +0000
committerdanieldg <danieldg@e03df62e-2008-0410-955e-edbf42e46eb7>2009-07-02 18:17:33 +0000
commit7885a7e6cabe396e2c54eb3192fdbb6afd75c066 (patch)
tree9eeb5141adcf90e8398004722a98c2d3d73fe030 /src/modules/extra
parent2db8cb45f87b0406e88f6ecf6a46eb15f5238684 (diff)
Send ssl_cert metadata on signon
git-svn-id: http://svn.inspircd.org/repository/trunk/inspircd@11429 e03df62e-2008-0410-955e-edbf42e46eb7
Diffstat (limited to 'src/modules/extra')
-rw-r--r--src/modules/extra/m_ssl_gnutls.cpp24
-rw-r--r--src/modules/extra/m_ssl_openssl.cpp13
2 files changed, 21 insertions, 16 deletions
diff --git a/src/modules/extra/m_ssl_gnutls.cpp b/src/modules/extra/m_ssl_gnutls.cpp
index 4ff5a9062..f76148843 100644
--- a/src/modules/extra/m_ssl_gnutls.cpp
+++ b/src/modules/extra/m_ssl_gnutls.cpp
@@ -679,10 +679,7 @@ class ModuleSSLGnuTLS : public Module
// protocol module has propagated the NICK message.
if (user->GetIOHook() == this && (IS_LOCAL(user)))
{
- // Tell whatever protocol module we're using that we need to inform other servers of this metadata NOW.
- ServerInstance->PI->SendMetaData(user, TYPE_USER, "ssl", "on");
-
- VerifyCertificate(&sessions[user->GetFd()],user);
+ ssl_cert* certdata = VerifyCertificate(&sessions[user->GetFd()],user);
if (sessions[user->GetFd()].sess)
{
std::string cipher = gnutls_kx_get_name(gnutls_kx_get(sessions[user->GetFd()].sess));
@@ -690,6 +687,9 @@ class ModuleSSLGnuTLS : public Module
cipher.append(gnutls_mac_get_name(gnutls_mac_get(sessions[user->GetFd()].sess)));
user->WriteServ("NOTICE %s :*** You are connected using SSL cipher \"%s\"", user->nick.c_str(), cipher.c_str());
}
+
+ ServerInstance->PI->SendMetaData(user, TYPE_USER, "ssl", "ON");
+ ServerInstance->PI->SendMetaData(user, TYPE_USER, "ssl_cert", certdata->GetMetaLine().c_str());
}
}
@@ -724,10 +724,10 @@ class ModuleSSLGnuTLS : public Module
session->status = ISSL_NONE;
}
- void VerifyCertificate(issl_session* session, Extensible* user)
+ ssl_cert* VerifyCertificate(issl_session* session, Extensible* user)
{
if (!session->sess || !user)
- return;
+ return NULL;
unsigned int status;
const gnutls_datum_t* cert_list;
@@ -750,7 +750,7 @@ class ModuleSSLGnuTLS : public Module
if (ret < 0)
{
certinfo->error = std::string(gnutls_strerror(ret));
- return;
+ return certinfo;
}
certinfo->invalid = (status & GNUTLS_CERT_INVALID);
@@ -765,14 +765,14 @@ class ModuleSSLGnuTLS : public Module
if (gnutls_certificate_type_get(session->sess) != GNUTLS_CRT_X509)
{
certinfo->error = "No X509 keys sent";
- return;
+ return certinfo;
}
ret = gnutls_x509_crt_init(&cert);
if (ret < 0)
{
certinfo->error = gnutls_strerror(ret);
- return;
+ return certinfo;
}
cert_list_size = 0;
@@ -780,7 +780,7 @@ class ModuleSSLGnuTLS : public Module
if (cert_list == NULL)
{
certinfo->error = "No certificate was found";
- return;
+ return certinfo;
}
/* This is not a real world example, since we only check the first
@@ -791,7 +791,7 @@ class ModuleSSLGnuTLS : public Module
if (ret < 0)
{
certinfo->error = gnutls_strerror(ret);
- return;
+ return certinfo;
}
gnutls_x509_crt_get_dn(cert, name, &name_size);
@@ -818,7 +818,7 @@ class ModuleSSLGnuTLS : public Module
gnutls_x509_crt_deinit(cert);
- return;
+ return certinfo;
}
void OnEvent(Event* ev)
diff --git a/src/modules/extra/m_ssl_openssl.cpp b/src/modules/extra/m_ssl_openssl.cpp
index 6aaf8ab1f..8c35d5d0f 100644
--- a/src/modules/extra/m_ssl_openssl.cpp
+++ b/src/modules/extra/m_ssl_openssl.cpp
@@ -776,9 +776,13 @@ class ModuleSSLOpenSSL : public Module
// Tell whatever protocol module we're using that we need to inform other servers of this metadata NOW.
ServerInstance->PI->SendMetaData(user, TYPE_USER, "ssl", "on");
- VerifyCertificate(&sessions[user->GetFd()], user);
+ ssl_cert* certdata = VerifyCertificate(&sessions[user->GetFd()], user);
if (sessions[user->GetFd()].sess)
user->WriteServ("NOTICE %s :*** You are connected using SSL cipher \"%s\"", user->nick.c_str(), SSL_get_cipher(sessions[user->GetFd()].sess));
+
+ ServerInstance->PI->SendMetaData(user, TYPE_USER, "ssl", "ON");
+ if (certdata)
+ ServerInstance->PI->SendMetaData(user, TYPE_USER, "ssl_cert", certdata->GetMetaLine().c_str());
}
}
@@ -822,10 +826,10 @@ class ModuleSSLOpenSSL : public Module
errno = EIO;
}
- void VerifyCertificate(issl_session* session, Extensible* user)
+ ssl_cert* VerifyCertificate(issl_session* session, Extensible* user)
{
if (!session->sess || !user)
- return;
+ return NULL;
X509* cert;
ssl_cert* certinfo = new ssl_cert;
@@ -840,7 +844,7 @@ class ModuleSSLOpenSSL : public Module
if (!cert)
{
certinfo->error = "Could not get peer certificate: "+std::string(get_error());
- return;
+ return certinfo;
}
certinfo->invalid = (SSL_get_verify_result(session->sess) != X509_V_OK);
@@ -874,6 +878,7 @@ class ModuleSSLOpenSSL : public Module
}
X509_free(cert);
+ return certinfo;
}
void Prioritize()