X-Git-Url: https://git.netwichtig.de/gitweb/?a=blobdiff_plain;ds=sidebyside;f=include%2Fmodules%2Fssl.h;h=930cb6dc605a73373bc2ea52561e5a953671c4f3;hb=35b70631f0532a5828b04a8e0c02092a285f331a;hp=adc78e324fab0bd577cac6e288fcbcbd1ae1cce1;hpb=b96329dc3b775c77e98964c42cb0def7ca65ba0e;p=user%2Fhenk%2Fcode%2Finspircd.git

diff --git a/include/modules/ssl.h b/include/modules/ssl.h
index adc78e324..930cb6dc6 100644
--- a/include/modules/ssl.h
+++ b/include/modules/ssl.h
@@ -112,9 +112,21 @@ class ssl_cert : public refcountbase
 		return revoked;
 	}
 
+	/** Get certificate usability
+	* @return True if the certificate is not expired nor revoked
+	*/
+	bool IsUsable()
+	{
+		return !invalid && !revoked && error.empty();
+	}
+
+	/** Get CA trust status
+	* @return True if the certificate is issued by a CA
+	* and valid.
+	*/
 	bool IsCAVerified()
 	{
-		return trusted && !invalid && !revoked && !unknownsigner && error.empty();
+		return IsUsable() && trusted && !unknownsigner;
 	}
 
 	std::string GetMetaLine()
@@ -183,7 +195,9 @@ class SSLIOHook : public IOHook
 	 */
 	ssl_cert* GetCertificate() const
 	{
-		return certificate;
+		if (certificate && certificate->IsUsable())
+			return certificate;
+		return NULL;
 	}
 
 	/**
@@ -198,6 +212,19 @@ class SSLIOHook : public IOHook
 			return cert->GetFingerprint();
 		return "";
 	}
+
+	/**
+	 * Get the ciphersuite negotiated with the peer
+	 * @param out String where the ciphersuite string will be appended to
+	 */
+	virtual void GetCiphersuite(std::string& out) const = 0;
+
+
+	/** Retrieves the name of the SSL connection which is sent via SNI.
+	 * @param out String that the server name will be appended to.
+	 * returns True if the server name was retrieved; otherwise, false.
+	 */
+	virtual bool GetServerName(std::string& out) const = 0;
 };
 
 /** Helper functions for obtaining SSL client certificates and key fingerprints