if (Conf->getBool("showports", true))
{
+ sslports = Conf->getString("advertisedports");
+ if (!sslports.empty())
+ return;
+
for (size_t i = 0; i < ServerInstance->ports.size(); i++)
{
ListenSocket* port = ServerInstance->ports[i];
if (port->bind_tag->getString("ssl") != "openssl")
continue;
- std::string portid = port->bind_desc;
+ const std::string& portid = port->bind_desc;
ServerInstance->Logs->Log("m_ssl_openssl", DEFAULT, "m_ssl_openssl.so: Enabling SSL for port %s", portid.c_str());
+
if (port->bind_tag->getString("type", "clients") == "clients" && port->bind_addr != "127.0.0.1")
- sslports.append(portid).append(";");
+ {
+ /*
+ * Found an SSL port for clients that is not bound to 127.0.0.1 and handled by us, display
+ * the IP:port in ISUPPORT.
+ *
+ * We used to advertise all ports seperated by a ';' char that matched the above criteria,
+ * but this resulted in too long ISUPPORT lines if there were lots of ports to be displayed.
+ * To solve this by default we now only display the first IP:port found and let the user
+ * configure the exact value for the 005 token, if necessary.
+ */
+ sslports = portid;
+ break;
+ }
}
-
- if (!sslports.empty())
- sslports.erase(sslports.end() - 1);
}
}
throw ModuleException("Unknown hash type " + hash);
use_sha = (hash == "sha1");
+ std::string ciphers = conf->getString("ciphers", "");
+
+ if (!ciphers.empty())
+ {
+ if ((!SSL_CTX_set_cipher_list(ctx, ciphers.c_str())) || (!SSL_CTX_set_cipher_list(clictx, ciphers.c_str())))
+ {
+ ServerInstance->Logs->Log("m_ssl_openssl",DEFAULT, "m_ssl_openssl.so: Can't set cipher list to %s.", ciphers.c_str());
+ ERR_print_errors_cb(error_callback, this);
+ }
+ }
/* Load our keys and certificates
* NOTE: OpenSSL's error logging API sucks, don't blame us for this clusterfuck.
if (sessions[user->eh.GetFd()].sess)
{
if (!sessions[user->eh.GetFd()].cert->fingerprint.empty())
- user->WriteServ("NOTICE %s :*** You are connected using SSL fingerprint %s",
- user->nick.c_str(), sessions[user->eh.GetFd()].cert->fingerprint.c_str());
+ user->WriteServ("NOTICE %s :*** You are connected using SSL cipher \"%s\""
+ " and your SSL fingerprint is %s", user->nick.c_str(), SSL_get_cipher(sessions[user->eh.GetFd()].sess), sessions[user->eh.GetFd()].cert->fingerprint.c_str());
+ else
+ user->WriteServ("NOTICE %s :*** You are connected using SSL cipher \"%s\"", user->nick.c_str(), SSL_get_cipher(sessions[user->eh.GetFd()].sess));
}
}
}