]> git.netwichtig.de Git - user/henk/code/inspircd.git/blobdiff - src/modules/m_spanningtree/hmac.cpp
projects / user / henk / code / inspircd.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Merge remote/local MODULES output
[user/henk/code/inspircd.git] / src / modules / m_spanningtree / hmac.cpp
diff --git a/src/modules/m_spanningtree/hmac.cpp b/src/modules/m_spanningtree/hmac.cpp
index e1d46d0d974da1ce9d33f6d5999f98d88b1fc219..b7cddc47ac750ce23ef349f043a830a051202a0a 100644 (file)
--- a/src/modules/m_spanningtree/hmac.cpp
+++ b/src/modules/m_spanningtree/hmac.cpp
@@ -12,8 +12,6 @@
  */
 
 #include "inspircd.h"
-#include "commands/cmd_whois.h"
-#include "commands/cmd_stats.h"
 #include "socket.h"
 #include "xline.h"
 #include "../transport.h"
@@ -104,7 +102,7 @@ std::string TreeSocket::RandString(unsigned int ilength)
 
        if (f >= 0)
        {
-               if (read(f, randombuf, ilength) < ilength)
+               if (read(f, randombuf, ilength) < (int)ilength)
                        ServerInstance->Logs->Log("m_spanningtree", DEFAULT, "Entropy source has gone predictable (did not return enough data)");
                close(f);
        }
@@ -130,18 +128,27 @@ bool TreeSocket::ComparePass(const Link& link, const std::string &theirs)
        this->auth_fingerprint = !link.Fingerprint.empty();
        this->auth_challenge = !ourchallenge.empty() && !theirchallenge.empty();
 
-       const char* fp = NULL;
-       if (GetHook())
-               fp = BufferedSocketFingerprintRequest(this, Utils->Creator, GetHook()).Send();
-
-       if (fp)
-               ServerInstance->Logs->Log("m_spanningtree", DEFAULT, std::string("Server SSL fingerprint ") + fp);
+       std::string fp;
+       if (GetIOHook())
+       {
+               BufferedSocketCertificateRequest req(this, Utils->Creator, GetIOHook());
+               req.Send();
+               if (req.cert)
+               {
+                       fp = req.cert->GetFingerprint();
+                       ServerInstance->Logs->Log("m_spanningtree", DEFAULT, std::string("Server SSL fingerprint ") + fp);
+               }
+       }
 
        if (auth_fingerprint)
        {
                /* Require fingerprint to exist and match */
-               if (!fp || link.Fingerprint != std::string(fp))
+               if (link.Fingerprint != fp)
+               {
+                       ServerInstance->SNO->WriteToSnoMask('l',"Invalid SSL fingerprint on link %s: need '%s' got '%s'", 
+                               link.Name.c_str(), link.Fingerprint.c_str(), fp.c_str());
                        return false;
+               }
        }
 
        if (auth_challenge)