From 7cf132bc6a8251ad2d7ee73cdf5f019fe18d11a0 Mon Sep 17 00:00:00 2001
From: danieldg <danieldg@e03df62e-2008-0410-955e-edbf42e46eb7>
Date: Mon, 8 Feb 2010 19:38:54 +0000
Subject: Add <connect requiressl="trusted"> to force CA verification for
 clients on this block

git-svn-id: http://svn.inspircd.org/repository/trunk/inspircd@12401 e03df62e-2008-0410-955e-edbf42e46eb7
---
 src/modules/m_sslinfo.cpp | 13 ++++++++++++-
 1 file changed, 12 insertions(+), 1 deletion(-)

(limited to 'src/modules/m_sslinfo.cpp')

diff --git a/src/modules/m_sslinfo.cpp b/src/modules/m_sslinfo.cpp
index b67498072..9ad742416 100644
--- a/src/modules/m_sslinfo.cpp
+++ b/src/modules/m_sslinfo.cpp
@@ -193,7 +193,18 @@ class ModuleSSLInfo : public Module
 
 	ModResult OnSetConnectClass(LocalUser* user, ConnectClass* myclass)
 	{
-		if (myclass->config->getBool("requiressl") && !cmd.CertExt.get(user))
+		ssl_cert* cert = cmd.CertExt.get(user);
+		bool ok = true;
+		if (myclass->config->getBool("requiressl"))
+		{
+			ok = (cert != NULL);
+		}
+		else if (myclass->config->getString("requiressl") == "trusted")
+		{
+			ok = (cert && cert->IsCAVerified());
+		}
+
+		if (!ok)
 			return MOD_RES_DENY;
 		return MOD_RES_PASSTHRU;
 	}
-- 
cgit v1.2.3