summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--src/modules/m_sslinfo.cpp13
-rw-r--r--src/modules/ssl.h7
2 files changed, 19 insertions, 1 deletions
diff --git a/src/modules/m_sslinfo.cpp b/src/modules/m_sslinfo.cpp
index b67498072..9ad742416 100644
--- a/src/modules/m_sslinfo.cpp
+++ b/src/modules/m_sslinfo.cpp
@@ -193,7 +193,18 @@ class ModuleSSLInfo : public Module
ModResult OnSetConnectClass(LocalUser* user, ConnectClass* myclass)
{
- if (myclass->config->getBool("requiressl") && !cmd.CertExt.get(user))
+ ssl_cert* cert = cmd.CertExt.get(user);
+ bool ok = true;
+ if (myclass->config->getBool("requiressl"))
+ {
+ ok = (cert != NULL);
+ }
+ else if (myclass->config->getString("requiressl") == "trusted")
+ {
+ ok = (cert && cert->IsCAVerified());
+ }
+
+ if (!ok)
return MOD_RES_DENY;
return MOD_RES_PASSTHRU;
}
diff --git a/src/modules/ssl.h b/src/modules/ssl.h
index 17fa6b3f6..5b1f03627 100644
--- a/src/modules/ssl.h
+++ b/src/modules/ssl.h
@@ -34,6 +34,8 @@ class ssl_cert : public refcountbase
std::string fingerprint;
bool trusted, invalid, unknownsigner, revoked;
+ ssl_cert() : trusted(false), invalid(true), unknownsigner(true), revoked(false) {}
+
/** Get certificate distinguished name
* @return Certificate DN
*/
@@ -104,6 +106,11 @@ class ssl_cert : public refcountbase
return revoked;
}
+ bool IsCAVerified()
+ {
+ return trusted && !invalid && !revoked && !unknownsigner && error.empty();
+ }
+
std::string GetMetaLine()
{
std::stringstream value;