Improve SSL fingerprint messages when linking servers

git-svn-id: http://svn.inspircd.org/repository/trunk/inspircd@11899 e03df62e-2008-0410-955e-edbf42e46eb7

1 files changed, 19 insertions, 10 deletions

diff --git a/src/modules/m_spanningtree/hmac.cpp b/src/modules/m_spanningtree/hmac.cpp
index 00f908dc8..bf98b16d1 100644
--- a/src/modules/m_spanningtree/hmac.cpp
+++ b/src/modules/m_spanningtree/hmac.cpp
@@ -132,10 +132,24 @@ bool TreeSocket::ComparePass(const Link& link, const std::string &theirs)
 		if (req.cert)
 		{
 			fp = req.cert->GetFingerprint();
-			ServerInstance->Logs->Log("m_spanningtree", DEFAULT, std::string("Server SSL fingerprint ") + fp);
 		}
 	}
 
+	if (auth_challenge)
+	{
+		std::string our_hmac = MakePass(link.RecvPass, ourchallenge);
+
+		/* Straight string compare of hashes */
+		if (our_hmac != theirs)
+			return false;
+	}
+	else
+	{
+		/* Straight string compare of plaintext */
+		if (link.RecvPass != theirs)
+			return false;
+	}
+
 	if (auth_fingerprint)
 	{
 		/* Require fingerprint to exist and match */
@@ -143,18 +157,13 @@ bool TreeSocket::ComparePass(const Link& link, const std::string &theirs)
 		{
 			ServerInstance->SNO->WriteToSnoMask('l',"Invalid SSL fingerprint on link %s: need '%s' got '%s'", 
 				link.Name.c_str(), link.Fingerprint.c_str(), fp.c_str());
+			SendError("Provided invalid SSL fingerprint " + fp + " - expected " + link.Fingerprint);
 			return false;
 		}
 	}
-
-	if (auth_challenge)
+	else if (!fp.empty())
 	{
-		std::string our_hmac = MakePass(link.RecvPass, ourchallenge);
-
-		/* Straight string compare of hashes */
-		return our_hmac == theirs;
+		ServerInstance->SNO->WriteToSnoMask('l', "SSL fingerprint for link %s is %s", link.Name.c_str(), fp.c_str());
 	}
-
-	/* Straight string compare of plaintext */
-	return link.RecvPass == theirs;
+	return true;
 }