/*
* InspIRCd -- Internet Relay Chat Daemon
*
- * Copyright (C) 2017-2019 Sadie Powell <sadie@witchery.services>
+ * Copyright (C) 2020 Matt Schatz <genius3000@g3k.solutions>
+ * Copyright (C) 2017-2021 Sadie Powell <sadie@witchery.services>
*
* This file is part of InspIRCd. InspIRCd is free software: you can
* redistribute it and/or modify it under the terms of the GNU General Public
private:
STSCap cap;
- // The IRCv3 STS specification requires that the server is listening using SSL using a valid certificate.
+ // The IRCv3 STS specification requires that the server is listening using TLS (SSL) using a valid certificate.
bool HasValidSSLPort(unsigned int port)
{
for (std::vector<ListenSocket*>::const_iterator iter = ServerInstance->ports.begin(); iter != ServerInstance->ports.end(); ++iter)
if (saport != port)
continue;
- // Is this listener using SSL?
- if (ls->bind_tag->getString("ssl").empty())
+ // Is this listener using TLS (SSL)?
+ if (ls->bind_tag->getString("sslprofile", ls->bind_tag->getString("ssl")).empty())
continue;
// TODO: Add a way to check if a listener's TLS cert is CA-verified.
if (!HasValidSSLPort(port))
throw ModuleException("<sts:port> must be a TLS port, at " + tag->getTagLocation());
- unsigned long duration = tag->getDuration("duration", 60*60*24*30*2);
+ unsigned long duration = tag->getDuration("duration", 5*60, 60);
bool preload = tag->getBool("preload");
cap.SetPolicy(host, duration, port, preload);
Version GetVersion() CXX11_OVERRIDE
{
- return Version("Provides IRCv3 Strict Transport Security policy advertisement", VF_OPTCOMMON|VF_VENDOR);
+ return Version("Adds support for the IRCv3 Strict Transport Security specification.", VF_OPTCOMMON|VF_VENDOR);
}
};
projects / user / henk / code / inspircd.git / blobdiff