summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to 'src')
-rw-r--r--src/helperfuncs.cpp2
-rw-r--r--src/listensocket.cpp2
-rw-r--r--src/modules.cpp2
-rw-r--r--src/modules/extra/m_ssl_gnutls.cpp16
-rw-r--r--src/modules/extra/m_ssl_mbedtls.cpp16
-rw-r--r--src/modules/extra/m_ssl_openssl.cpp14
-rw-r--r--src/modules/extra/m_sslrehashsignal.cpp2
-rw-r--r--src/modules/m_haproxy.cpp6
-rw-r--r--src/modules/m_ircv3_sts.cpp4
-rw-r--r--src/modules/m_sslinfo.cpp16
-rw-r--r--src/modules/m_sslmodes.cpp10
-rw-r--r--src/modules/m_starttls.cpp2
12 files changed, 47 insertions, 45 deletions
diff --git a/src/helperfuncs.cpp b/src/helperfuncs.cpp
index 913bc0861..e019a660b 100644
--- a/src/helperfuncs.cpp
+++ b/src/helperfuncs.cpp
@@ -536,7 +536,7 @@ unsigned long InspIRCd::GenRandomInt(unsigned long max)
return rv % max;
}
-// This is overridden by a higher-quality algorithm when SSL support is loaded
+// This is overridden by a higher-quality algorithm when TLS (SSL) support is loaded
void InspIRCd::DefaultGenRandom(char* output, size_t max)
{
#if defined HAS_ARC4RANDOM_BUF
diff --git a/src/listensocket.cpp b/src/listensocket.cpp
index 7e73c1926..4bbffe0c0 100644
--- a/src/listensocket.cpp
+++ b/src/listensocket.cpp
@@ -244,6 +244,6 @@ void ListenSocket::ResetIOHookProvider()
if (!provname.empty())
provname.insert(0, "ssl/");
- // SSL should be the last
+ // TLS (SSL) should be the last
iohookprovs.back().SetProvider(provname);
}
diff --git a/src/modules.cpp b/src/modules.cpp
index 2b83bc0d8..36f5409c4 100644
--- a/src/modules.cpp
+++ b/src/modules.cpp
@@ -397,7 +397,7 @@ void ModuleManager::DoSafeUnload(Module* mod)
for (user_hash::const_iterator u = users.begin(); u != users.end(); )
{
User* user = u->second;
- // The module may quit the user (e.g. SSL mod unloading) and that will remove it from the container
+ // The module may quit the user (e.g. TLS (SSL) mod unloading) and that will remove it from the container
++u;
mod->OnCleanup(ExtensionItem::EXT_USER, user);
user->doUnhookExtensions(items);
diff --git a/src/modules/extra/m_ssl_gnutls.cpp b/src/modules/extra/m_ssl_gnutls.cpp
index 4d9216123..6cafcae22 100644
--- a/src/modules/extra/m_ssl_gnutls.cpp
+++ b/src/modules/extra/m_ssl_gnutls.cpp
@@ -907,7 +907,7 @@ info_done_dealloc:
}
CloseSession();
- sock->SetError("No SSL session");
+ sock->SetError("No TLS (SSL) session");
return -1;
}
@@ -1291,7 +1291,7 @@ class ModuleSSLGnuTLS : public Module
{
// First, store all profiles in a new, temporary container. If no problems occur, swap the two
// containers; this way if something goes wrong we can go back and continue using the current profiles,
- // avoiding unpleasant situations where no new SSL connections are possible.
+ // avoiding unpleasant situations where no new TLS (SSL) connections are possible.
ProfileList newprofiles;
ConfigTagList tags = ServerInstance->Config->ConfTags("sslprofile");
@@ -1309,7 +1309,7 @@ class ModuleSSLGnuTLS : public Module
}
catch (CoreException& ex)
{
- throw ModuleException("Error while initializing the default SSL profile - " + ex.GetReason());
+ throw ModuleException("Error while initializing the default TLS (SSL) profile - " + ex.GetReason());
}
}
@@ -1334,7 +1334,7 @@ class ModuleSSLGnuTLS : public Module
}
catch (CoreException& ex)
{
- throw ModuleException("Error while initializing SSL profile \"" + name + "\" at " + tag->getTagLocation() + " - " + ex.GetReason());
+ throw ModuleException("Error while initializing TLS (SSL) profile \"" + name + "\" at " + tag->getTagLocation() + " - " + ex.GetReason());
}
newprofiles.push_back(prov);
@@ -1375,7 +1375,7 @@ class ModuleSSLGnuTLS : public Module
try
{
ReadProfiles();
- ServerInstance->SNO->WriteToSnoMask('a', "SSL module %s rehashed.", MODNAME);
+ ServerInstance->SNO->WriteToSnoMask('a', "TLS (SSL) module GnuTLS rehashed.");
}
catch (ModuleException& ex)
{
@@ -1396,9 +1396,9 @@ class ModuleSSLGnuTLS : public Module
if ((user) && (user->eh.GetModHook(this)))
{
- // User is using SSL, they're a local user, and they're using one of *our* SSL ports.
- // Potentially there could be multiple SSL modules loaded at once on different ports.
- ServerInstance->Users->QuitUser(user, "SSL module unloading");
+ // User is using TLS (SSL), they're a local user, and they're using one of *our* TLS (SSL) ports.
+ // Potentially there could be multiple TLS (SSL) modules loaded at once on different ports.
+ ServerInstance->Users->QuitUser(user, "GnuTLS module unloading");
}
}
}
diff --git a/src/modules/extra/m_ssl_mbedtls.cpp b/src/modules/extra/m_ssl_mbedtls.cpp
index dded7e171..628230d29 100644
--- a/src/modules/extra/m_ssl_mbedtls.cpp
+++ b/src/modules/extra/m_ssl_mbedtls.cpp
@@ -586,7 +586,7 @@ class mbedTLSIOHook : public SSLIOHook
}
CloseSession();
- sock->SetError("No SSL session");
+ sock->SetError("No TLS (SSL) session");
return -1;
}
@@ -865,7 +865,7 @@ class ModuleSSLmbedTLS : public Module
{
// First, store all profiles in a new, temporary container. If no problems occur, swap the two
// containers; this way if something goes wrong we can go back and continue using the current profiles,
- // avoiding unpleasant situations where no new SSL connections are possible.
+ // avoiding unpleasant situations where no new TLS (SSL) connections are possible.
ProfileList newprofiles;
ConfigTagList tags = ServerInstance->Config->ConfTags("sslprofile");
@@ -883,7 +883,7 @@ class ModuleSSLmbedTLS : public Module
}
catch (CoreException& ex)
{
- throw ModuleException("Error while initializing the default SSL profile - " + ex.GetReason());
+ throw ModuleException("Error while initializing the default TLS (SSL) profile - " + ex.GetReason());
}
}
@@ -908,7 +908,7 @@ class ModuleSSLmbedTLS : public Module
}
catch (CoreException& ex)
{
- throw ModuleException("Error while initializing SSL profile \"" + name + "\" at " + tag->getTagLocation() + " - " + ex.GetReason());
+ throw ModuleException("Error while initializing TLS (SSL) profile \"" + name + "\" at " + tag->getTagLocation() + " - " + ex.GetReason());
}
newprofiles.push_back(prov);
@@ -945,7 +945,7 @@ class ModuleSSLmbedTLS : public Module
try
{
ReadProfiles();
- ServerInstance->SNO->WriteToSnoMask('a', "SSL module %s rehashed.", MODNAME);
+ ServerInstance->SNO->WriteToSnoMask('a', "TLS (SSL) module mbedTLS rehashed.");
}
catch (ModuleException& ex)
{
@@ -961,9 +961,9 @@ class ModuleSSLmbedTLS : public Module
LocalUser* user = IS_LOCAL(static_cast<User*>(item));
if ((user) && (user->eh.GetModHook(this)))
{
- // User is using SSL, they're a local user, and they're using our IOHook.
- // Potentially there could be multiple SSL modules loaded at once on different ports.
- ServerInstance->Users.QuitUser(user, "SSL module unloading");
+ // User is using TLS (SSL), they're a local user, and they're using our IOHook.
+ // Potentially there could be multiple TLS (SSL) modules loaded at once on different ports.
+ ServerInstance->Users.QuitUser(user, "mbedTLS module unloading");
}
}
diff --git a/src/modules/extra/m_ssl_openssl.cpp b/src/modules/extra/m_ssl_openssl.cpp
index 330055e4a..30cabdf27 100644
--- a/src/modules/extra/m_ssl_openssl.cpp
+++ b/src/modules/extra/m_ssl_openssl.cpp
@@ -251,7 +251,7 @@ namespace OpenSSL
X509_STORE* store = SSL_CTX_get_cert_store(ctx);
if (!store)
{
- throw ModuleException("Unable to get X509_STORE from SSL context; this should never happen");
+ throw ModuleException("Unable to get X509_STORE from TLS (SSL) context; this should never happen");
}
ERR_clear_error();
if (!X509_STORE_load_locations(store,
@@ -987,7 +987,7 @@ class ModuleSSLOpenSSL : public Module
}
catch (OpenSSL::Exception& ex)
{
- throw ModuleException("Error while initializing the default SSL profile - " + ex.GetReason());
+ throw ModuleException("Error while initializing the default TLS (SSL) profile - " + ex.GetReason());
}
}
@@ -1011,7 +1011,7 @@ class ModuleSSLOpenSSL : public Module
}
catch (CoreException& ex)
{
- throw ModuleException("Error while initializing SSL profile \"" + name + "\" at " + tag->getTagLocation() + " - " + ex.GetReason());
+ throw ModuleException("Error while initializing TLS (SSL) profile \"" + name + "\" at " + tag->getTagLocation() + " - " + ex.GetReason());
}
newprofiles.push_back(prov);
@@ -1062,7 +1062,7 @@ class ModuleSSLOpenSSL : public Module
try
{
ReadProfiles();
- ServerInstance->SNO->WriteToSnoMask('a', "SSL module %s rehashed.", MODNAME);
+ ServerInstance->SNO->WriteToSnoMask('a', "TLS (SSL) module OpenSSL rehashed.");
}
catch (ModuleException& ex)
{
@@ -1078,9 +1078,9 @@ class ModuleSSLOpenSSL : public Module
if ((user) && (user->eh.GetModHook(this)))
{
- // User is using SSL, they're a local user, and they're using one of *our* SSL ports.
- // Potentially there could be multiple SSL modules loaded at once on different ports.
- ServerInstance->Users->QuitUser(user, "SSL module unloading");
+ // User is using TLS (SSL), they're a local user, and they're using one of *our* TLS (SSL) ports.
+ // Potentially there could be multiple TLS (SSL) modules loaded at once on different ports.
+ ServerInstance->Users->QuitUser(user, "OpenSSL module unloading");
}
}
}
diff --git a/src/modules/extra/m_sslrehashsignal.cpp b/src/modules/extra/m_sslrehashsignal.cpp
index c0cf8fada..b70deedfa 100644
--- a/src/modules/extra/m_sslrehashsignal.cpp
+++ b/src/modules/extra/m_sslrehashsignal.cpp
@@ -45,7 +45,7 @@ class ModuleSSLRehashSignal : public Module
if (!signaled)
return;
- const std::string feedbackmsg = "Got SIGUSR1, reloading SSL credentials";
+ const std::string feedbackmsg = "Got SIGUSR1, reloading TLS (SSL) credentials";
ServerInstance->SNO->WriteGlobalSno('a', feedbackmsg);
ServerInstance->Logs->Log(MODNAME, LOG_DEFAULT, feedbackmsg);
diff --git a/src/modules/m_haproxy.cpp b/src/modules/m_haproxy.cpp
index f18738779..1a6583e6f 100644
--- a/src/modules/m_haproxy.cpp
+++ b/src/modules/m_haproxy.cpp
@@ -200,16 +200,16 @@ class HAProxyHook : public IOHookMiddle
if (!sslapi)
return true;
- // If the client is not connecting via SSL the rest of this TLV is irrelevant.
+ // If the client is not connecting via TLS (SSL) the rest of this TLV is irrelevant.
std::string& recvq = GetRecvQ();
if ((recvq[start_index] & PP2_CLIENT_SSL) == 0)
return true;
// Create a fake ssl_cert for the user. Ideally we should use the user's
- // SSL client certificate here but as of 2018-10-16 this is not forwarded
+ // TLS (SSL) client certificate here but as of 2018-10-16 this is not forwarded
// by HAProxy.
ssl_cert* cert = new ssl_cert;
- cert->error = "HAProxy does not forward client SSL certificates";
+ cert->error = "HAProxy does not forward client TLS (SSL) certificates";
cert->invalid = true;
cert->revoked = true;
cert->trusted = false;
diff --git a/src/modules/m_ircv3_sts.cpp b/src/modules/m_ircv3_sts.cpp
index 6d616f74e..bca378f24 100644
--- a/src/modules/m_ircv3_sts.cpp
+++ b/src/modules/m_ircv3_sts.cpp
@@ -128,7 +128,7 @@ class ModuleIRCv3STS : public Module
private:
STSCap cap;
- // The IRCv3 STS specification requires that the server is listening using SSL using a valid certificate.
+ // The IRCv3 STS specification requires that the server is listening using TLS (SSL) using a valid certificate.
bool HasValidSSLPort(unsigned int port)
{
for (std::vector<ListenSocket*>::const_iterator iter = ServerInstance->ports.begin(); iter != ServerInstance->ports.end(); ++iter)
@@ -140,7 +140,7 @@ class ModuleIRCv3STS : public Module
if (saport != port)
continue;
- // Is this listener using SSL?
+ // Is this listener using TLS (SSL)?
if (ls->bind_tag->getString("ssl").empty())
continue;
diff --git a/src/modules/m_sslinfo.cpp b/src/modules/m_sslinfo.cpp
index 4f784c87c..885ae6f74 100644
--- a/src/modules/m_sslinfo.cpp
+++ b/src/modules/m_sslinfo.cpp
@@ -138,7 +138,7 @@ class UserCertificateAPIImpl : public UserCertificateAPIBase
void SetCertificate(User* user, ssl_cert* cert) CXX11_OVERRIDE
{
- ServerInstance->Logs->Log(MODNAME, LOG_DEBUG, "Setting SSL certificate for %s: %s",
+ ServerInstance->Logs->Log(MODNAME, LOG_DEBUG, "Setting TLS (SSL) client certificate for %s: %s",
user->GetFullHost().c_str(), cert->GetMetaLine().c_str());
sslext.set(user, cert);
}
@@ -165,20 +165,22 @@ class CommandSSLInfo : public Command
user->WriteNumeric(Numerics::NoSuchNick(parameters[0]));
return CMD_FAILURE;
}
+
bool operonlyfp = ServerInstance->Config->ConfValue("sslinfo")->getBool("operonly");
if (operonlyfp && !user->IsOper() && target != user)
{
- user->WriteNotice("*** You cannot view SSL certificate information for other users");
+ user->WriteNotice("*** You cannot view TLS (SSL) client certificate information for other users");
return CMD_FAILURE;
}
+
ssl_cert* cert = sslapi.GetCertificate(target);
if (!cert)
{
- user->WriteNotice("*** No SSL certificate for this user");
+ user->WriteNotice("*** No TLS (SSL) client certificate for this user");
}
else if (cert->GetError().length())
{
- user->WriteNotice("*** No SSL certificate information for this user (" + cert->GetError() + ").");
+ user->WriteNotice("*** No TLS (SSL) client certificate information for this user (" + cert->GetError() + ").");
}
else
{
@@ -226,7 +228,7 @@ class ModuleSSLInfo
whois.SendLine(RPL_WHOISSECURE, "is using a secure connection");
bool operonlyfp = ServerInstance->Config->ConfValue("sslinfo")->getBool("operonly");
if ((!operonlyfp || whois.IsSelfWhois() || whois.GetSource()->IsOper()) && !cert->fingerprint.empty())
- whois.SendLine(RPL_WHOISCERTFP, InspIRCd::Format("has client certificate fingerprint %s", cert->fingerprint.c_str()));
+ whois.SendLine(RPL_WHOISCERTFP, InspIRCd::Format("has TLS (SSL) client certificate fingerprint %s", cert->fingerprint.c_str()));
}
}
@@ -320,12 +322,12 @@ class ModuleSSLInfo
if (stdalgo::string::equalsci(requiressl, "trusted"))
{
ok = (cert && cert->IsCAVerified());
- ServerInstance->Logs->Log("CONNECTCLASS", LOG_DEBUG, "Class requires a trusted SSL cert. Client %s one.", (ok ? "has" : "does not have"));
+ ServerInstance->Logs->Log("CONNECTCLASS", LOG_DEBUG, "Class requires a trusted TLS (SSL) client certificate. Client %s one.", (ok ? "has" : "does not have"));
}
else if (myclass->config->getBool("requiressl"))
{
ok = (cert != NULL);
- ServerInstance->Logs->Log("CONNECTCLASS", LOG_DEBUG, "Class requires SSL. Client %s using SSL.", (ok ? "is" : "is not"));
+ ServerInstance->Logs->Log("CONNECTCLASS", LOG_DEBUG, "Class requires a secure connection. Client %s on a secure connection.", (ok ? "is" : "is not"));
}
if (!ok)
diff --git a/src/modules/m_sslmodes.cpp b/src/modules/m_sslmodes.cpp
index 27f7a4af1..5c7f1fca1 100644
--- a/src/modules/m_sslmodes.cpp
+++ b/src/modules/m_sslmodes.cpp
@@ -60,7 +60,7 @@ class SSLMode : public ModeHandler
{
if (!API)
{
- source->WriteNumeric(ERR_ALLMUSTSSL, channel->name, "Unable to determine whether all members of the channel are connected via SSL");
+ source->WriteNumeric(ERR_ALLMUSTSSL, channel->name, "Unable to determine whether all members of the channel are connected via TLS (SSL)");
return MODEACTION_DENY;
}
@@ -75,7 +75,7 @@ class SSLMode : public ModeHandler
if (nonssl)
{
- source->WriteNumeric(ERR_ALLMUSTSSL, channel->name, InspIRCd::Format("All members of the channel must be connected via SSL (%lu/%lu are non-SSL)",
+ source->WriteNumeric(ERR_ALLMUSTSSL, channel->name, InspIRCd::Format("All members of the channel must be connected via TLS (SSL) (%lu/%lu are non-TLS (SSL))",
nonssl, static_cast<unsigned long>(userlist.size())));
return MODEACTION_DENY;
}
@@ -167,13 +167,13 @@ class ModuleSSLModes
{
if (!api)
{
- user->WriteNumeric(ERR_SECUREONLYCHAN, cname, "Cannot join channel; unable to determine if you are an SSL user (+z is set)");
+ user->WriteNumeric(ERR_SECUREONLYCHAN, cname, "Cannot join channel; unable to determine if you are a TLS (SSL) user (+z is set)");
return MOD_RES_DENY;
}
if (!api->GetCertificate(user))
{
- user->WriteNumeric(ERR_SECUREONLYCHAN, cname, "Cannot join channel; SSL users only (+z is set)");
+ user->WriteNumeric(ERR_SECUREONLYCHAN, cname, "Cannot join channel; TLS (SSL) users only (+z is set)");
return MOD_RES_DENY;
}
}
@@ -243,7 +243,7 @@ class ModuleSSLModes
Version GetVersion() CXX11_OVERRIDE
{
- return Version("Adds channel mode z (sslonly) which prevents users who are not connecting using TLS (SSL) from joining the channel and user mode z (sslqueries) to prevent messages from non-SSL users.", VF_VENDOR);
+ return Version("Adds channel mode z (sslonly) which prevents users who are not connecting using TLS (SSL) from joining the channel and user mode z (sslqueries) to prevent messages from non-TLS (SSL) users.", VF_VENDOR);
}
};
diff --git a/src/modules/m_starttls.cpp b/src/modules/m_starttls.cpp
index 5280146cc..35e9985e9 100644
--- a/src/modules/m_starttls.cpp
+++ b/src/modules/m_starttls.cpp
@@ -65,7 +65,7 @@ class CommandStartTLS : public SplitCommand
user->WriteNumeric(RPL_STARTTLS, "STARTTLS successful, go ahead with TLS handshake");
/* We need to flush the write buffer prior to adding the IOHook,
- * otherwise we'll be sending this line inside the SSL session - which
+ * otherwise we'll be sending this line inside the TLS (SSL) session - which
* won't start its handshake until the client gets this line. Currently,
* we assume the write will not block here; this is usually safe, as
* STARTTLS is sent very early on in the registration phase, where the