- // For each <bind> tag
- if (((Conf->ReadValue("bind", "type", i) == "") || (Conf->ReadValue("bind", "type", i) == "clients")) && (Conf->ReadValue("bind", "ssl", i) == "openssl"))
- {
- // Get the port we're meant to be listening on with SSL
- std::string port = Conf->ReadValue("bind", "port", i);
- irc::portparser portrange(port, false);
- long portno = -1;
- while ((portno = portrange.GetToken()))
- {
- if (ServerInstance->Config->AddIOHook(portno, this))
- {
- listenports.push_back(portno);
- for (unsigned int i = 0; i < ServerInstance->stats->BoundPortCount; i++)
- if (ServerInstance->Config->ports[i])
- ServerInstance->Config->openSockfd[i]->SetDescription("ssl");
- ServerInstance->Log(DEFAULT, "m_ssl_openssl.so: Enabling SSL for port %d", portno);
- }
- else
- {
- ServerInstance->Log(DEFAULT, "m_ssl_openssl.so: FAILED to enable SSL on port %d, maybe you have another ssl or similar module loaded?", portno);
- }
- }
- }
- }
-
- std::string confdir(CONFIG_FILE);
- // +1 so we the path ends with a /
- confdir = confdir.substr(0, confdir.find_last_of('/') + 1);
-
- cafile = Conf->ReadValue("openssl", "cafile", 0);
- certfile = Conf->ReadValue("openssl", "certfile", 0);
- keyfile = Conf->ReadValue("openssl", "keyfile", 0);
- dhfile = Conf->ReadValue("openssl", "dhfile", 0);
-
- // Set all the default values needed.
- if (cafile == "")
- cafile = "ca.pem";
-
- if (certfile == "")
- certfile = "cert.pem";
-
- if (keyfile == "")
- keyfile = "key.pem";
-
- if (dhfile == "")
- dhfile = "dhparams.pem";
-
- // Prepend relative paths with the path to the config directory.
- if (cafile[0] != '/')
- cafile = confdir + cafile;
-
- //if(crlfile[0] != '/')
- // crlfile = confdir + crlfile;
-
- if (certfile[0] != '/')
- certfile = confdir + certfile;
-
- if (keyfile[0] != '/')
- keyfile = confdir + keyfile;
-
- if (dhfile[0] != '/')
- dhfile = confdir + dhfile;
-
- /* Load our keys and certificates*/
- if (!SSL_CTX_use_certificate_chain_file(ctx, certfile.c_str()))
- {
- ServerInstance->Log(DEFAULT, "m_ssl_openssl.so: Can't read certificate file %s", certfile.c_str());
- }
-
- if (!SSL_CTX_use_PrivateKey_file(ctx, keyfile.c_str(), SSL_FILETYPE_PEM))
- {
- ServerInstance->Log(DEFAULT, "m_ssl_openssl.so: Can't read key file %s", keyfile.c_str());
- }
-
- /* Load the CAs we trust*/
- if (!SSL_CTX_load_verify_locations(ctx, cafile.c_str(), 0))
- {
- ServerInstance->Log(DEFAULT, "m_ssl_openssl.so: Can't read CA list from ", cafile.c_str());
- }
-
- FILE* dhpfile = fopen(dhfile.c_str(), "r");
- DH* ret;
-
- if (dhpfile == NULL)
- {
- ServerInstance->Log(DEFAULT, "m_ssl_openssl.so Couldn't open DH file %s: %s", dhfile.c_str(), strerror(errno));
- throw ModuleException("Couldn't open DH file " + dhfile + ": " + strerror(errno));