+ void OnUserConnect(LocalUser* user)
+ {
+ SocketCertificateRequest req(&user->eh, this);
+ if (!req.cert)
+ return;
+ cmd.CertExt.set(user, req.cert);
+ }
+
+ void OnPostConnect(User* user)
+ {
+ ssl_cert *cert = cmd.CertExt.get(user);
+ if (!cert || cert->fingerprint.empty())
+ return;
+ // find an auto-oper block for this user
+ for(OperIndex::iterator i = ServerInstance->Config->oper_blocks.begin(); i != ServerInstance->Config->oper_blocks.end(); i++)
+ {
+ OperInfo* ifo = i->second;
+ if (!ifo->oper_block)
+ continue;
+
+ std::string fp = ifo->oper_block->getString("fingerprint");
+ if (fp == cert->fingerprint && ifo->oper_block->getBool("autologin"))
+ user->Oper(ifo);
+ }
+ }
+
+ ModResult OnSetConnectClass(LocalUser* user, ConnectClass* myclass)
+ {
+ SocketCertificateRequest req(&user->eh, this);
+ bool ok = true;
+ if (myclass->config->getString("requiressl") == "trusted")
+ {
+ ok = (req.cert && req.cert->IsCAVerified());
+ }
+ else if (myclass->config->getBool("requiressl"))
+ {
+ ok = (req.cert != NULL);
+ }
+
+ if (!ok)
+ return MOD_RES_DENY;
+ return MOD_RES_PASSTHRU;
+ }
+