summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to 'src')
-rw-r--r--src/modules/extra/m_ssl_gnutls.cpp24
-rw-r--r--src/modules/extra/m_ssl_openssl.cpp13
-rw-r--r--src/modules/m_ssl_data.cpp11
-rw-r--r--src/modules/transport.h13
4 files changed, 35 insertions, 26 deletions
diff --git a/src/modules/extra/m_ssl_gnutls.cpp b/src/modules/extra/m_ssl_gnutls.cpp
index 4ff5a9062..f76148843 100644
--- a/src/modules/extra/m_ssl_gnutls.cpp
+++ b/src/modules/extra/m_ssl_gnutls.cpp
@@ -679,10 +679,7 @@ class ModuleSSLGnuTLS : public Module
// protocol module has propagated the NICK message.
if (user->GetIOHook() == this && (IS_LOCAL(user)))
{
- // Tell whatever protocol module we're using that we need to inform other servers of this metadata NOW.
- ServerInstance->PI->SendMetaData(user, TYPE_USER, "ssl", "on");
-
- VerifyCertificate(&sessions[user->GetFd()],user);
+ ssl_cert* certdata = VerifyCertificate(&sessions[user->GetFd()],user);
if (sessions[user->GetFd()].sess)
{
std::string cipher = gnutls_kx_get_name(gnutls_kx_get(sessions[user->GetFd()].sess));
@@ -690,6 +687,9 @@ class ModuleSSLGnuTLS : public Module
cipher.append(gnutls_mac_get_name(gnutls_mac_get(sessions[user->GetFd()].sess)));
user->WriteServ("NOTICE %s :*** You are connected using SSL cipher \"%s\"", user->nick.c_str(), cipher.c_str());
}
+
+ ServerInstance->PI->SendMetaData(user, TYPE_USER, "ssl", "ON");
+ ServerInstance->PI->SendMetaData(user, TYPE_USER, "ssl_cert", certdata->GetMetaLine().c_str());
}
}
@@ -724,10 +724,10 @@ class ModuleSSLGnuTLS : public Module
session->status = ISSL_NONE;
}
- void VerifyCertificate(issl_session* session, Extensible* user)
+ ssl_cert* VerifyCertificate(issl_session* session, Extensible* user)
{
if (!session->sess || !user)
- return;
+ return NULL;
unsigned int status;
const gnutls_datum_t* cert_list;
@@ -750,7 +750,7 @@ class ModuleSSLGnuTLS : public Module
if (ret < 0)
{
certinfo->error = std::string(gnutls_strerror(ret));
- return;
+ return certinfo;
}
certinfo->invalid = (status & GNUTLS_CERT_INVALID);
@@ -765,14 +765,14 @@ class ModuleSSLGnuTLS : public Module
if (gnutls_certificate_type_get(session->sess) != GNUTLS_CRT_X509)
{
certinfo->error = "No X509 keys sent";
- return;
+ return certinfo;
}
ret = gnutls_x509_crt_init(&cert);
if (ret < 0)
{
certinfo->error = gnutls_strerror(ret);
- return;
+ return certinfo;
}
cert_list_size = 0;
@@ -780,7 +780,7 @@ class ModuleSSLGnuTLS : public Module
if (cert_list == NULL)
{
certinfo->error = "No certificate was found";
- return;
+ return certinfo;
}
/* This is not a real world example, since we only check the first
@@ -791,7 +791,7 @@ class ModuleSSLGnuTLS : public Module
if (ret < 0)
{
certinfo->error = gnutls_strerror(ret);
- return;
+ return certinfo;
}
gnutls_x509_crt_get_dn(cert, name, &name_size);
@@ -818,7 +818,7 @@ class ModuleSSLGnuTLS : public Module
gnutls_x509_crt_deinit(cert);
- return;
+ return certinfo;
}
void OnEvent(Event* ev)
diff --git a/src/modules/extra/m_ssl_openssl.cpp b/src/modules/extra/m_ssl_openssl.cpp
index 6aaf8ab1f..8c35d5d0f 100644
--- a/src/modules/extra/m_ssl_openssl.cpp
+++ b/src/modules/extra/m_ssl_openssl.cpp
@@ -776,9 +776,13 @@ class ModuleSSLOpenSSL : public Module
// Tell whatever protocol module we're using that we need to inform other servers of this metadata NOW.
ServerInstance->PI->SendMetaData(user, TYPE_USER, "ssl", "on");
- VerifyCertificate(&sessions[user->GetFd()], user);
+ ssl_cert* certdata = VerifyCertificate(&sessions[user->GetFd()], user);
if (sessions[user->GetFd()].sess)
user->WriteServ("NOTICE %s :*** You are connected using SSL cipher \"%s\"", user->nick.c_str(), SSL_get_cipher(sessions[user->GetFd()].sess));
+
+ ServerInstance->PI->SendMetaData(user, TYPE_USER, "ssl", "ON");
+ if (certdata)
+ ServerInstance->PI->SendMetaData(user, TYPE_USER, "ssl_cert", certdata->GetMetaLine().c_str());
}
}
@@ -822,10 +826,10 @@ class ModuleSSLOpenSSL : public Module
errno = EIO;
}
- void VerifyCertificate(issl_session* session, Extensible* user)
+ ssl_cert* VerifyCertificate(issl_session* session, Extensible* user)
{
if (!session->sess || !user)
- return;
+ return NULL;
X509* cert;
ssl_cert* certinfo = new ssl_cert;
@@ -840,7 +844,7 @@ class ModuleSSLOpenSSL : public Module
if (!cert)
{
certinfo->error = "Could not get peer certificate: "+std::string(get_error());
- return;
+ return certinfo;
}
certinfo->invalid = (SSL_get_verify_result(session->sess) != X509_V_OK);
@@ -874,6 +878,7 @@ class ModuleSSLOpenSSL : public Module
}
X509_free(cert);
+ return certinfo;
}
void Prioritize()
diff --git a/src/modules/m_ssl_data.cpp b/src/modules/m_ssl_data.cpp
index 2cc712c65..efc99d3f2 100644
--- a/src/modules/m_ssl_data.cpp
+++ b/src/modules/m_ssl_data.cpp
@@ -58,16 +58,7 @@ class ModuleSSLData : public Module
if (!user->GetExt("ssl_cert", cert))
return;
- std::stringstream value;
- bool hasError = cert->GetError().length();
- value << (cert->IsInvalid() ? "v" : "V") << (cert->IsTrusted() ? "T" : "t") << (cert->IsRevoked() ? "R" : "r")
- << (cert->IsUnknownSigner() ? "s" : "S") << (hasError ? "E" : "e") << " ";
- if (hasError)
- value << cert->GetError();
- else
- value << cert->GetFingerprint() << " " << cert->GetDN() << " " << cert->GetIssuer();
-
- proto->ProtoSendMetaData(opaque, TYPE_USER, user, extname, value.str().c_str());
+ proto->ProtoSendMetaData(opaque, TYPE_USER, user, extname, cert->GetMetaLine().c_str());
}
}
diff --git a/src/modules/transport.h b/src/modules/transport.h
index f4cf3f4a5..9f29ab3d8 100644
--- a/src/modules/transport.h
+++ b/src/modules/transport.h
@@ -104,6 +104,19 @@ class ssl_cert
{
return revoked;
}
+
+ std::string GetMetaLine()
+ {
+ std::stringstream value;
+ bool hasError = error.length();
+ value << (IsInvalid() ? "v" : "V") << (IsTrusted() ? "T" : "t") << (IsRevoked() ? "R" : "r")
+ << (IsUnknownSigner() ? "s" : "S") << (hasError ? "E" : "e") << " ";
+ if (hasError)
+ value << GetError();
+ else
+ value << GetFingerprint() << " " << GetDN() << " " << GetIssuer();
+ return value.str();
+ }
};
/** Used to represent a request to a transport provider module