diff options
-rw-r--r-- | src/modules/extra/m_ssl_openssl.cpp | 29 |
1 files changed, 29 insertions, 0 deletions
diff --git a/src/modules/extra/m_ssl_openssl.cpp b/src/modules/extra/m_ssl_openssl.cpp index f45334e7e..a3f54edb1 100644 --- a/src/modules/extra/m_ssl_openssl.cpp +++ b/src/modules/extra/m_ssl_openssl.cpp @@ -25,6 +25,8 @@ enum issl_status { ISSL_NONE, ISSL_HANDSHAKING, ISSL_OPEN }; enum issl_io_status { ISSL_WRITE, ISSL_READ }; +static bool SelfSigned = false; + bool isin(int port, const std::vector<int> &portlist) { for(unsigned int i = 0; i < portlist.size(); i++) @@ -66,6 +68,10 @@ static int OnVerify(int preverify_ok, X509_STORE_CTX *ctx) * we can just return preverify_ok here, and openssl * will boot off self-signed and invalid peer certs. */ + int ve = X509_STORE_CTX_get_error(ctx); + + SelfSigned = (ve == X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT); + return 1; } @@ -313,6 +319,16 @@ class ModuleSSLOpenSSL : public Module { ServerInstance->Log(DEBUG, "m_ssl_openssl.so: OnRawSocketClose: %d", fd); CloseSession(&sessions[fd]); + + EventHandler* user = ServerInstance->SE->GetRef(fd); + + if ((user) && (user->GetExt("ssl_cert", dummy))) + { + ssl_cert* tofree; + user->GetExt("ssl_cert", tofree); + delete tofree; + user->Shrink("ssl_cert"); + } } virtual int OnRawSocketRead(int fd, char* buffer, unsigned int count, int &readresult) @@ -698,6 +714,19 @@ class ModuleSSLOpenSSL : public Module return; } + certinfo->data.insert(std::make_pair("invalid", SSL_get_verify_result(session->sess) != X509_V_OK ? ConvToStr(1) : ConvToStr(0))); + + if (SelfSigned) + { + certinfo->data.insert(std::make_pair("unknownsigner",ConvToStr(0))); + certinfo->data.insert(std::make_pair("trusted",ConvToStr(1))); + } + else + { + certinfo->data.insert(std::make_pair("unknownsigner",ConvToStr(1))); + certinfo->data.insert(std::make_pair("trusted",ConvToStr(0))); + } + /*if (!X509_verify_cert(cert)) { certinfo->data.insert(std::make_pair("invalid",ConvToStr(1))); |