if (f >= 0)
{
- if (read(f, randombuf, ilength) < ilength)
+ if (read(f, randombuf, ilength) < (int)ilength)
ServerInstance->Logs->Log("m_spanningtree", DEFAULT, "Entropy source has gone predictable (did not return enough data)");
close(f);
}
this->auth_fingerprint = !link.Fingerprint.empty();
this->auth_challenge = !ourchallenge.empty() && !theirchallenge.empty();
- const char* fp = NULL;
- if (GetHook())
- fp = BufferedSocketFingerprintRequest(this, Utils->Creator, GetHook()).Send();
-
- if (fp)
- ServerInstance->Logs->Log("m_spanningtree", DEFAULT, std::string("Server SSL fingerprint ") + fp);
+ std::string fp;
+ if (GetIOHook())
+ {
+ BufferedSocketCertificateRequest req(this, Utils->Creator, GetIOHook());
+ req.Send();
+ if (req.cert)
+ {
+ fp = req.cert->GetFingerprint();
+ ServerInstance->Logs->Log("m_spanningtree", DEFAULT, std::string("Server SSL fingerprint ") + fp);
+ }
+ }
if (auth_fingerprint)
{
/* Require fingerprint to exist and match */
- if (!fp || link.Fingerprint != std::string(fp))
+ if (link.Fingerprint != fp)
+ {
+ ServerInstance->SNO->WriteToSnoMask('l',"Invalid SSL fingerprint on link %s: need '%s' got '%s'",
+ link.Name.c_str(), link.Fingerprint.c_str(), fp.c_str());
return false;
+ }
}
if (auth_challenge)