- BufferedSocketCertificateRequest req(user, this, user->GetIOHook());
- req.Send();
- if (req.cert)
- return c->GetExtBanStatus(req.cert->GetFingerprint(), 'z');
+ if (msgtarget.type != MessageTarget::TYPE_USER)
+ return MOD_RES_PASSTHRU;
+
+ User* target = msgtarget.Get<User>();
+
+ /* If one or more of the parties involved is a ulined service, we won't stop it. */
+ if (user->server->IsULine() || target->server->IsULine())
+ return MOD_RES_PASSTHRU;
+
+ /* If the target is +z */
+ if (target->IsModeSet(sslquery))
+ {
+ if (!api || !api->GetCertificate(user))
+ {
+ /* The sending user is not on an SSL connection */
+ user->WriteNumeric(Numerics::CannotSendTo(target, "messages", &sslquery));
+ return MOD_RES_DENY;
+ }
+ }
+ /* If the user is +z */
+ else if (user->IsModeSet(sslquery))
+ {
+ if (!api || !api->GetCertificate(target))
+ {
+ user->WriteNumeric(Numerics::CannotSendTo(target, "messages", &sslquery, true));
+ return MOD_RES_DENY;
+ }
+ }
+