/*
* InspIRCd -- Internet Relay Chat Daemon
*
+ * Copyright (C) 2019 linuxdaemon <linuxdaemon.irc@gmail.com>
+ * Copyright (C) 2019 Matt Schatz <genius3000@g3k.solutions>
+ * Copyright (C) 2017 Wade Cline <wadecline@hotmail.com>
+ * Copyright (C) 2014, 2016 Adam <Adam@anope.org>
+ * Copyright (C) 2014 Julien Vehent <julien@linuxwall.info>
+ * Copyright (C) 2013-2014, 2016-2019 Sadie Powell <sadie@witchery.services>
+ * Copyright (C) 2012-2017 Attila Molnar <attilamolnar@hush.com>
+ * Copyright (C) 2012, 2019 Robby <robby@chatbelgie.be>
+ * Copyright (C) 2012 ChrisTX <xpipe@hotmail.de>
* Copyright (C) 2009-2010 Daniel De Graaf <danieldg@inspircd.org>
- * Copyright (C) 2008 Pippijn van Steenhoven <pip88nl@gmail.com>
- * Copyright (C) 2006-2008 Craig Edwards <craigedwards@brainbox.cc>
- * Copyright (C) 2008 Thomas Stagner <aquanight@inspircd.org>
+ * Copyright (C) 2008 Robin Burchell <robin+git@viroteck.net>
+ * Copyright (C) 2007-2008, 2010 Craig Edwards <brain@inspircd.org>
* Copyright (C) 2007 Dennis Friis <peavey@inspircd.org>
- * Copyright (C) 2006 Oliver Lupton <oliverlupton@gmail.com>
*
* This file is part of InspIRCd. InspIRCd is free software: you can
* redistribute it and/or modify it under the terms of the GNU General Public
X509_STORE* store = SSL_CTX_get_cert_store(ctx);
if (!store)
{
- throw ModuleException("Unable to get X509_STORE from SSL context; this should never happen");
+ throw ModuleException("Unable to get X509_STORE from TLS (SSL) context; this should never happen");
}
ERR_clear_error();
if (!X509_STORE_load_locations(store,
public:
Profile(const std::string& profilename, ConfigTag* tag)
: name(profilename)
- , dh(ServerInstance->Config->Paths.PrependConfig(tag->getString("dhfile", "dhparams.pem")))
+ , dh(ServerInstance->Config->Paths.PrependConfig(tag->getString("dhfile", "dhparams.pem", 1)))
, ctx(SSL_CTX_new(SSLv23_server_method()))
, clictx(SSL_CTX_new(SSLv23_client_method()))
, allowrenego(tag->getBool("renegotiation")) // Disallow by default
if ((!ctx.SetDH(dh)) || (!clictx.SetDH(dh)))
throw Exception("Couldn't set DH parameters");
- std::string hash = tag->getString("hash", "md5");
+ const std::string hash = tag->getString("hash", "md5", 1);
digest = EVP_get_digestbyname(hash.c_str());
if (digest == NULL)
throw Exception("Unknown hash type " + hash);
}
#ifndef OPENSSL_NO_ECDH
- std::string curvename = tag->getString("ecdhcurve", "prime256v1");
+ const std::string curvename = tag->getString("ecdhcurve", "prime256v1", 1);
if (!curvename.empty())
ctx.SetECDH(curvename);
#endif
/* Load our keys and certificates
* NOTE: OpenSSL's error logging API sucks, don't blame us for this clusterfuck.
*/
- std::string filename = ServerInstance->Config->Paths.PrependConfig(tag->getString("certfile", "cert.pem"));
+ std::string filename = ServerInstance->Config->Paths.PrependConfig(tag->getString("certfile", "cert.pem", 1));
if ((!ctx.SetCerts(filename)) || (!clictx.SetCerts(filename)))
{
ERR_print_errors_cb(error_callback, this);
throw Exception("Can't read certificate file: " + lasterr);
}
- filename = ServerInstance->Config->Paths.PrependConfig(tag->getString("keyfile", "key.pem"));
+ filename = ServerInstance->Config->Paths.PrependConfig(tag->getString("keyfile", "key.pem", 1));
if ((!ctx.SetPrivateKey(filename)) || (!clictx.SetPrivateKey(filename)))
{
ERR_print_errors_cb(error_callback, this);
}
// Load the CAs we trust
- filename = ServerInstance->Config->Paths.PrependConfig(tag->getString("cafile", "ca.pem"));
+ filename = ServerInstance->Config->Paths.PrependConfig(tag->getString("cafile", "ca.pem", 1));
if ((!ctx.SetCA(filename)) || (!clictx.SetCA(filename)))
{
ERR_print_errors_cb(error_callback, this);
}
// Load the CRLs.
- std::string crlfile = tag->getString("crlfile");
- std::string crlpath = tag->getString("crlpath");
- std::string crlmode = tag->getString("crlmode", "chain");
+ const std::string crlfile = tag->getString("crlfile");
+ const std::string crlpath = tag->getString("crlpath");
+ const std::string crlmode = tag->getString("crlmode", "chain", 1);
ctx.SetCRL(crlfile, crlpath, crlmode);
clictx.SetVerifyCert();
}
catch (OpenSSL::Exception& ex)
{
- throw ModuleException("Error while initializing the default SSL profile - " + ex.GetReason());
+ throw ModuleException("Error while initializing the default TLS (SSL) profile - " + ex.GetReason());
}
}
}
catch (CoreException& ex)
{
- throw ModuleException("Error while initializing SSL profile \"" + name + "\" at " + tag->getTagLocation() + " - " + ex.GetReason());
+ throw ModuleException("Error while initializing TLS (SSL) profile \"" + name + "\" at " + tag->getTagLocation() + " - " + ex.GetReason());
}
newprofiles.push_back(prov);
void OnModuleRehash(User* user, const std::string ¶m) CXX11_OVERRIDE
{
- if (param != "ssl")
+ if (!irc::equals(param, "ssl"))
return;
try
{
ReadProfiles();
+ ServerInstance->SNO->WriteToSnoMask('a', "TLS (SSL) module OpenSSL rehashed.");
}
catch (ModuleException& ex)
{
if ((user) && (user->eh.GetModHook(this)))
{
- // User is using SSL, they're a local user, and they're using one of *our* SSL ports.
- // Potentially there could be multiple SSL modules loaded at once on different ports.
- ServerInstance->Users->QuitUser(user, "SSL module unloading");
+ // User is using TLS (SSL), they're a local user, and they're using one of *our* TLS (SSL) ports.
+ // Potentially there could be multiple TLS (SSL) modules loaded at once on different ports.
+ ServerInstance->Users->QuitUser(user, "OpenSSL module unloading");
}
}
}
Version GetVersion() CXX11_OVERRIDE
{
- return Version("Provides SSL support via OpenSSL", VF_VENDOR);
+ return Version("Allows TLS (SSL) encrypted connections using the OpenSSL library.", VF_VENDOR);
}
};