]> git.netwichtig.de Git - user/henk/code/inspircd.git/blobdiff - src/modules/extra/m_ssl_gnutls.cpp
projects / user / henk / code / inspircd.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Fix typo opermoth -> opermotd. Thanks Ankit.
[user/henk/code/inspircd.git] / src / modules / extra / m_ssl_gnutls.cpp
diff --git a/src/modules/extra/m_ssl_gnutls.cpp b/src/modules/extra/m_ssl_gnutls.cpp
index ebf46d59592b7d75702baf8256f85535a2cc9b46..59397e000613b49860d68ff41619eb3d225b1bba 100644 (file)
--- a/src/modules/extra/m_ssl_gnutls.cpp
+++ b/src/modules/extra/m_ssl_gnutls.cpp
@@ -12,17 +12,8 @@
  */
 
 #include "inspircd.h"
-
 #include <gnutls/gnutls.h>
 #include <gnutls/x509.h>
-
-#include "inspircd_config.h"
-#include "configreader.h"
-#include "users.h"
-#include "channels.h"
-#include "modules.h"
-#include "socket.h"
-#include "hashcomp.h"
 #include "transport.h"
 #include "m_cap.h"
 
@@ -80,9 +71,13 @@ class CommandStartTLS : public Command
 
        CmdResult Handle (const std::vector<std::string> &parameters, User *user)
        {
-               if (user->registered == REG_ALL)
+               /* changed from == REG_ALL to catch clients sending STARTTLS
+                * after NICK and USER but before OnUserConnect completes and
+                * give a proper error message (see bug #645) - dz
+                */
+               if (user->registered != REG_NONE)
                {
-                       ServerInstance->Users->QuitUser(user, "STARTTLS not allowed after client registration");
+                       ServerInstance->Users->QuitUser(user, "STARTTLS is not permitted after client registration has started");
                }
                else
                {
@@ -93,7 +88,7 @@ class CommandStartTLS : public Command
                                Caller->OnRawSocketAccept(user->GetFd(), user->GetIPString(), user->GetPort());
                        }
                        else
-                               user->WriteNumeric(671, "%s :STARTTLS failure", user->nick.c_str());
+                               user->WriteNumeric(691, "%s :STARTTLS failure", user->nick.c_str());
                }
 
                return CMD_FAILURE;
@@ -271,7 +266,7 @@ class ModuleSSLGnuTLS : public Module
                if((ret = gnutls_certificate_set_x509_key_file (x509_cred, certfile.c_str(), keyfile.c_str(), GNUTLS_X509_FMT_PEM)) < 0)
                {
                        // If this fails, no SSL port will work. At all. So, do the smart thing - throw a ModuleException
-                       throw ModuleException("Unable to load GnuTLS server certificate: " + std::string(gnutls_strerror(ret)));
+                       throw ModuleException("Unable to load GnuTLS server certificate (" + std::string(certfile) + ", key: " + keyfile + "): " + std::string(gnutls_strerror(ret)));
                }
 
                // This may be on a large (once a day or week) timer eventually.
@@ -543,6 +538,9 @@ class ModuleSSLGnuTLS : public Module
                                }
                                else
                                {
+                                       ServerInstance->Logs->Log("m_ssl_gnutls", DEFAULT,
+                                                       "m_ssl_gnutls.so: Error while reading on fd %d: %s",
+                                                       session->fd, gnutls_strerror(ret));
                                        readresult = 0;
                                        CloseSession(session);
                                }
@@ -623,6 +621,9 @@ class ModuleSSLGnuTLS : public Module
                        {
                                if(ret != GNUTLS_E_AGAIN && ret != GNUTLS_E_INTERRUPTED)
                                {
+                                       ServerInstance->Logs->Log("m_ssl_gnutls", DEFAULT,
+                                                       "m_ssl_gnutls.so: Error while writing to fd %d: %s",
+                                                       session->fd, gnutls_strerror(ret));
                                        CloseSession(session);
                                }
                                else
@@ -711,6 +712,9 @@ class ModuleSSLGnuTLS : public Module
                        else
                        {
                                // Handshake failed.
+                               ServerInstance->Logs->Log("m_ssl_gnutls", DEFAULT,
+                                               "m_ssl_gnutls.so: Handshake failed on fd %d: %s",
+                                               session->fd, gnutls_strerror(ret));
                                CloseSession(session);
                                session->status = ISSL_CLOSING;
                        }
@@ -912,7 +916,7 @@ class ModuleSSLGnuTLS : public Module
 
                /* Beware here we do not check for errors.
                 */
-               if ((gnutls_x509_crt_get_expiration_time(cert) < time(0)) || (gnutls_x509_crt_get_activation_time(cert) > time(0)))
+               if ((gnutls_x509_crt_get_expiration_time(cert) < ServerInstance->Time()) || (gnutls_x509_crt_get_activation_time(cert) > ServerInstance->Time()))
                {
                        certinfo->data.insert(std::make_pair("error","Not activated, or expired certificate"));
                }