Add <connect requiressl="trusted"> to force CA verification for clients on this block

git-svn-id: http://svn.inspircd.org/repository/trunk/inspircd@12401 e03df62e-2008-0410-955e-edbf42e46eb7
author: danieldg <danieldg@e03df62e-2008-0410-955e-edbf42e46eb7> 2010-02-08 19:38:54 +0000
committer: danieldg <danieldg@e03df62e-2008-0410-955e-edbf42e46eb7> 2010-02-08 19:38:54 +0000
commit: 7cf132bc6a8251ad2d7ee73cdf5f019fe18d11a0 (patch)
tree: 278718539ff675cab67443b72be5cd9350d294a3 /src/modules/m_sslinfo.cpp
parent: e827892a1353e2954b7ac6595bb40d7c89950350 (diff)
1 files changed, 12 insertions, 1 deletions
diff --git a/src/modules/m_sslinfo.cpp b/src/modules/m_sslinfo.cpp
index b67498072..9ad742416 100644
--- a/src/modules/m_sslinfo.cpp
+++ b/src/modules/m_sslinfo.cpp
@@ -193,7 +193,18 @@ class ModuleSSLInfo : public Module
 
 	ModResult OnSetConnectClass(LocalUser* user, ConnectClass* myclass)
 	{
-		if (myclass->config->getBool("requiressl") && !cmd.CertExt.get(user))
+		ssl_cert* cert = cmd.CertExt.get(user);
+		bool ok = true;
+		if (myclass->config->getBool("requiressl"))
+		{
+			ok = (cert != NULL);
+		}
+		else if (myclass->config->getString("requiressl") == "trusted")
+		{
+			ok = (cert && cert->IsCAVerified());
+		}
+
+		if (!ok)
 			return MOD_RES_DENY;
 		return MOD_RES_PASSTHRU;
 	}
author	danieldg <danieldg@e03df62e-2008-0410-955e-edbf42e46eb7>	2010-02-08 19:38:54 +0000
committer	danieldg <danieldg@e03df62e-2008-0410-955e-edbf42e46eb7>	2010-02-08 19:38:54 +0000
commit	7cf132bc6a8251ad2d7ee73cdf5f019fe18d11a0 (patch)
tree	278718539ff675cab67443b72be5cd9350d294a3 /src/modules/m_sslinfo.cpp
parent	e827892a1353e2954b7ac6595bb40d7c89950350 (diff)