+ void OnUserConnect(LocalUser* user) CXX11_OVERRIDE
+ {
+ ssl_cert* cert = SSLClientCert::GetCertificate(&user->eh);
+ if (cert)
+ cmd.CertExt.set(user, cert);
+ }
+
+ void OnPostConnect(User* user) CXX11_OVERRIDE
+ {
+ ssl_cert *cert = cmd.CertExt.get(user);
+ if (!cert || cert->fingerprint.empty())
+ return;
+ // find an auto-oper block for this user
+ for (ServerConfig::OperIndex::const_iterator i = ServerInstance->Config->oper_blocks.begin(); i != ServerInstance->Config->oper_blocks.end(); ++i)
+ {
+ OperInfo* ifo = i->second;
+ std::string fp = ifo->oper_block->getString("fingerprint");
+ if (fp == cert->fingerprint && ifo->oper_block->getBool("autologin"))
+ user->Oper(ifo);
+ }
+ }
+
+ ModResult OnSetConnectClass(LocalUser* user, ConnectClass* myclass) CXX11_OVERRIDE
+ {
+ ssl_cert* cert = SSLClientCert::GetCertificate(&user->eh);
+ bool ok = true;
+ if (myclass->config->getString("requiressl") == "trusted")
+ {
+ ok = (cert && cert->IsCAVerified());
+ }
+ else if (myclass->config->getBool("requiressl"))
+ {
+ ok = (cert != NULL);
+ }