X-Git-Url: https://git.netwichtig.de/gitweb/?a=blobdiff_plain;ds=sidebyside;f=include%2Fmodules%2Fssl.h;h=edea45a1092e73e787d7b9bcc376de023a26f3c9;hb=79892a727e323dcc4bce7e9c0cf3c99c5fe61706;hp=d3372c5094f79b2b2563dd9fe0654c0d909bc1d9;hpb=d23c030c9a8fd58807438245a004e4aa5b7288ba;p=user%2Fhenk%2Fcode%2Finspircd.git

diff --git a/include/modules/ssl.h b/include/modules/ssl.h
index d3372c509..edea45a10 100644
--- a/include/modules/ssl.h
+++ b/include/modules/ssl.h
@@ -112,9 +112,21 @@ class ssl_cert : public refcountbase
 		return revoked;
 	}
 
+	/** Get certificate usability
+	* @return True if the certificate is not expired nor revoked
+	*/
+	bool IsUsable()
+	{
+		return !invalid && !revoked && error.empty();
+	}
+
+	/** Get CA trust status
+	* @return True if the certificate is issued by a CA
+	* and valid.
+	*/
 	bool IsCAVerified()
 	{
-		return trusted && !invalid && !revoked && !unknownsigner && error.empty();
+		return IsUsable() && trusted && !unknownsigner;
 	}
 
 	std::string GetMetaLine()
@@ -183,7 +195,9 @@ class SSLIOHook : public IOHook
 	 */
 	ssl_cert* GetCertificate() const
 	{
-		return certificate;
+		if (certificate && certificate->IsUsable())
+			return certificate;
+		return NULL;
 	}
 
 	/**
@@ -263,6 +277,12 @@ class UserCertificateAPIBase : public DataProvider
 	 */
 	virtual ssl_cert* GetCertificate(User* user) = 0;
 
+	/** Set the SSL certificate of a user.
+	 * @param user The user whose certificate to set.
+	 * @param cert The SSL certificate to set for the user.
+	 */
+	virtual void SetCertificate(User* user, ssl_cert* cert) = 0;
+
 	/** Get the key fingerprint from a user's certificate
 	 * @param user The user whose key fingerprint to get, user may be remote
 	 * @return The key fingerprint from the user's SSL certificate or an empty string