+ ssl_cert* cert = sslext.get(user);
+ if (cert)
+ return cert;
+
+ LocalUser* luser = IS_LOCAL(user);
+ if (!luser || nosslext.get(luser))
+ return NULL;
+
+ cert = SSLClientCert::GetCertificate(&luser->eh);
+ if (!cert)
+ return NULL;
+
+ SetCertificate(user, cert);
+ return cert;
+ }
+
+ void SetCertificate(User* user, ssl_cert* cert) CXX11_OVERRIDE
+ {
+ ServerInstance->Logs->Log(MODNAME, LOG_DEBUG, "Setting TLS (SSL) client certificate for %s: %s",
+ user->GetFullHost().c_str(), cert->GetMetaLine().c_str());
+ sslext.set(user, cert);
+ }
+};
+
+class CommandSSLInfo : public SplitCommand
+{
+ private:
+ ChanModeReference sslonlymode;
+
+ void HandleUserInternal(LocalUser* source, User* target, bool verbose)
+ {
+ ssl_cert* cert = sslapi.GetCertificate(target);
+ if (!cert)
+ {
+ source->WriteNotice(InspIRCd::Format("*** %s is not connected using TLS (SSL).", target->nick.c_str()));
+ }
+ else if (cert->GetError().length())
+ {
+ source->WriteNotice(InspIRCd::Format("*** %s is connected using TLS (SSL) but has not specified a valid client certificate (%s).",
+ target->nick.c_str(), cert->GetError().c_str()));
+ }
+ else if (!verbose)
+ {
+ source->WriteNotice(InspIRCd::Format("*** %s is connected using TLS (SSL) with a valid client certificate (%s).",
+ target->nick.c_str(), cert->GetFingerprint().c_str()));
+ }
+ else
+ {
+ source->WriteNotice("*** Distinguished Name: " + cert->GetDN());
+ source->WriteNotice("*** Issuer: " + cert->GetIssuer());
+ source->WriteNotice("*** Key Fingerprint: " + cert->GetFingerprint());
+ }
+ }