Merge tag 'v2.0.26' into master.

[user/henk/code/inspircd.git] / include / modules / ssl.h

diff --git a/include/modules/ssl.h b/include/modules/ssl.h
index 9cc504128daae20a0daee6b4ea0c2880d8ccaa67..930cb6dc605a73373bc2ea52561e5a953671c4f3 100644 (file)
--- a/include/modules/ssl.h
+++ b/include/modules/ssl.h
@@ -112,9 +112,21 @@ class ssl_cert : public refcountbase
                return revoked;
        }
 
+       /** Get certificate usability
+       * @return True if the certificate is not expired nor revoked
+       */
+       bool IsUsable()
+       {
+               return !invalid && !revoked && error.empty();
+       }
+
+       /** Get CA trust status
+       * @return True if the certificate is issued by a CA
+       * and valid.
+       */
        bool IsCAVerified()
        {
-               return trusted && !invalid && !revoked && !unknownsigner && error.empty();
+               return IsUsable() && trusted && !unknownsigner;
        }
 
        std::string GetMetaLine()
@@ -183,7 +195,9 @@ class SSLIOHook : public IOHook
         */
        ssl_cert* GetCertificate() const
        {
-               return certificate;
+               if (certificate && certificate->IsUsable())
+                       return certificate;
+               return NULL;
        }
 
        /**
@@ -204,6 +218,13 @@ class SSLIOHook : public IOHook
         * @param out String where the ciphersuite string will be appended to
         */
        virtual void GetCiphersuite(std::string& out) const = 0;
+
+
+       /** Retrieves the name of the SSL connection which is sent via SNI.
+        * @param out String that the server name will be appended to.
+        * returns True if the server name was retrieved; otherwise, false.
+        */
+       virtual bool GetServerName(std::string& out) const = 0;
 };
 
 /** Helper functions for obtaining SSL client certificates and key fingerprints