m_spanningtree Send the cert fingerprint message to opers only after successful auth

author: Attila Molnar <attilamolnar@hush.com> 2014-06-28 18:15:59 +0200
committer: Attila Molnar <attilamolnar@hush.com> 2014-06-28 18:15:59 +0200
commit: 0c9a94ea9285d1094c031d0c4ed06326b99cf890 (patch)
tree: 677ee5764adb89f43ac878ef716e84f743c1fa2b /src
parent: 2cffabe0c7375a15c702aeaea5d553d90a549860 (diff)
1 files changed, 9 insertions, 5 deletions
diff --git a/src/modules/m_spanningtree/hmac.cpp b/src/modules/m_spanningtree/hmac.cpp
index 15cfbc37a..9b368d60b 100644
--- a/src/modules/m_spanningtree/hmac.cpp
+++ b/src/modules/m_spanningtree/hmac.cpp
@@ -81,11 +81,6 @@ bool TreeSocket::ComparePass(const Link& link, const std::string &theirs)
 			return false;
 		}
 	}
-	else if (!fp.empty())
-	{
-		ServerInstance->SNO->WriteToSnoMask('l', "SSL fingerprint for link %s is \"%s\". "
-			"You can improve security by specifying this in <link:fingerprint>.", link.Name.c_str(), fp.c_str());
-	}
 
 	if (capab->auth_challenge)
 	{
@@ -101,5 +96,14 @@ bool TreeSocket::ComparePass(const Link& link, const std::string &theirs)
 		if (link.RecvPass != theirs)
 			return false;
 	}
+
+	// Tell opers to set up fingerprint verification if it's not already set up and the SSL mod gave us a fingerprint
+	// this time
+	if ((!capab->auth_fingerprint) && (!fp.empty()))
+	{
+		ServerInstance->SNO->WriteToSnoMask('l', "SSL fingerprint for link %s is \"%s\". "
+			"You can improve security by specifying this in <link:fingerprint>.", link.Name.c_str(), fp.c_str());
+	}
+
 	return true;
 }
author	Attila Molnar <attilamolnar@hush.com>	2014-06-28 18:15:59 +0200
committer	Attila Molnar <attilamolnar@hush.com>	2014-06-28 18:15:59 +0200
commit	0c9a94ea9285d1094c031d0c4ed06326b99cf890 (patch)
tree	677ee5764adb89f43ac878ef716e84f743c1fa2b /src
parent	2cffabe0c7375a15c702aeaea5d553d90a549860 (diff)