diff options
-rw-r--r-- | src/modules/m_sslinfo.cpp | 13 | ||||
-rw-r--r-- | src/modules/ssl.h | 7 |
2 files changed, 19 insertions, 1 deletions
diff --git a/src/modules/m_sslinfo.cpp b/src/modules/m_sslinfo.cpp index b67498072..9ad742416 100644 --- a/src/modules/m_sslinfo.cpp +++ b/src/modules/m_sslinfo.cpp @@ -193,7 +193,18 @@ class ModuleSSLInfo : public Module ModResult OnSetConnectClass(LocalUser* user, ConnectClass* myclass) { - if (myclass->config->getBool("requiressl") && !cmd.CertExt.get(user)) + ssl_cert* cert = cmd.CertExt.get(user); + bool ok = true; + if (myclass->config->getBool("requiressl")) + { + ok = (cert != NULL); + } + else if (myclass->config->getString("requiressl") == "trusted") + { + ok = (cert && cert->IsCAVerified()); + } + + if (!ok) return MOD_RES_DENY; return MOD_RES_PASSTHRU; } diff --git a/src/modules/ssl.h b/src/modules/ssl.h index 17fa6b3f6..5b1f03627 100644 --- a/src/modules/ssl.h +++ b/src/modules/ssl.h @@ -34,6 +34,8 @@ class ssl_cert : public refcountbase std::string fingerprint; bool trusted, invalid, unknownsigner, revoked; + ssl_cert() : trusted(false), invalid(true), unknownsigner(true), revoked(false) {} + /** Get certificate distinguished name * @return Certificate DN */ @@ -104,6 +106,11 @@ class ssl_cert : public refcountbase return revoked; } + bool IsCAVerified() + { + return trusted && !invalid && !revoked && !unknownsigner && error.empty(); + } + std::string GetMetaLine() { std::stringstream value; |