summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--include/modules/ssl.h7
-rw-r--r--src/modules/extra/m_ssl_gnutls.cpp19
-rw-r--r--src/modules/extra/m_ssl_openssl.cpp10
-rw-r--r--src/modules/m_sslinfo.cpp5
4 files changed, 40 insertions, 1 deletions
diff --git a/include/modules/ssl.h b/include/modules/ssl.h
index 9cc504128..d3372c509 100644
--- a/include/modules/ssl.h
+++ b/include/modules/ssl.h
@@ -204,6 +204,13 @@ class SSLIOHook : public IOHook
* @param out String where the ciphersuite string will be appended to
*/
virtual void GetCiphersuite(std::string& out) const = 0;
+
+
+ /** Retrieves the name of the SSL connection which is sent via SNI.
+ * @param out String that the server name will be appended to.
+ * returns True if the server name was retrieved; otherwise, false.
+ */
+ virtual bool GetServerName(std::string& out) const = 0;
};
/** Helper functions for obtaining SSL client certificates and key fingerprints
diff --git a/src/modules/extra/m_ssl_gnutls.cpp b/src/modules/extra/m_ssl_gnutls.cpp
index 08b4be08f..50c847ee4 100644
--- a/src/modules/extra/m_ssl_gnutls.cpp
+++ b/src/modules/extra/m_ssl_gnutls.cpp
@@ -1182,6 +1182,25 @@ info_done_dealloc:
out.append(UnknownIfNULL(gnutls_mac_get_name(gnutls_mac_get(sess))));
}
+ bool GetServerName(std::string& out) const CXX11_OVERRIDE
+ {
+ std::vector<char> nameBuffer;
+ size_t nameLength = 0;
+ unsigned int nameType = GNUTLS_NAME_DNS;
+
+ // First, determine the size of the hostname.
+ if (gnutls_server_name_get(sess, &nameBuffer[0], &nameLength, &nameType, 0) != GNUTLS_E_SHORT_MEMORY_BUFFER)
+ return false;
+
+ // Then retrieve the hostname.
+ nameBuffer.resize(nameLength);
+ if (gnutls_server_name_get(sess, &nameBuffer[0], &nameLength, &nameType, 0) != GNUTLS_E_SUCCESS)
+ return false;
+
+ out.append(&nameBuffer[0]);
+ return true;
+ }
+
GnuTLS::Profile* GetProfile() { return profile; }
bool IsHandshakeDone() const { return (status == ISSL_HANDSHAKEN); }
};
diff --git a/src/modules/extra/m_ssl_openssl.cpp b/src/modules/extra/m_ssl_openssl.cpp
index 4c246d6f5..45a728106 100644
--- a/src/modules/extra/m_ssl_openssl.cpp
+++ b/src/modules/extra/m_ssl_openssl.cpp
@@ -779,6 +779,16 @@ class OpenSSLIOHook : public SSLIOHook
out.append(SSL_get_cipher(sess));
}
+ bool GetServerName(std::string& out) const CXX11_OVERRIDE
+ {
+ const char* name = SSL_get_servername(sess, TLSEXT_NAMETYPE_host_name);
+ if (!name)
+ return false;
+
+ out.append(name);
+ return true;
+ }
+
bool IsHandshakeDone() const { return (status == ISSL_OPEN); }
};
diff --git a/src/modules/m_sslinfo.cpp b/src/modules/m_sslinfo.cpp
index 9682e92cf..5a5b40319 100644
--- a/src/modules/m_sslinfo.cpp
+++ b/src/modules/m_sslinfo.cpp
@@ -220,7 +220,10 @@ class ModuleSSLInfo : public Module, public Whois::EventListener
ssl_cert* const cert = ssliohook->GetCertificate();
{
- std::string text = "*** You are connected using SSL cipher '";
+ std::string text = "*** You are connected to ";
+ if (!ssliohook->GetServerName(text))
+ text.append(ServerInstance->Config->ServerName);
+ text.append(" using SSL cipher '");
ssliohook->GetCiphersuite(text);
text.push_back('\'');
if ((cert) && (!cert->GetFingerprint().empty()))