X-Git-Url: https://git.netwichtig.de/gitweb/?a=blobdiff_plain;f=include%2Fmodules%2Fssl.h;h=ac2e367fd00eb04e92320d1c7241c53140015e37;hb=b191657921845a26128e910bfff0f21251e98ee4;hp=930cb6dc605a73373bc2ea52561e5a953671c4f3;hpb=124c17e14134a4999afc1a5e981ab7c75b3694b9;p=user%2Fhenk%2Fcode%2Finspircd.git

diff --git a/include/modules/ssl.h b/include/modules/ssl.h
index 930cb6dc6..ac2e367fd 100644
--- a/include/modules/ssl.h
+++ b/include/modules/ssl.h
@@ -1,8 +1,16 @@
 /*
  * InspIRCd -- Internet Relay Chat Daemon
  *
- *   Copyright (C) 2009 Daniel De Graaf <danieldg@inspircd.org>
- *   Copyright (C) 2006 Craig Edwards <craigedwards@brainbox.cc>
+ *   Copyright (C) 2020 Matt Schatz <genius3000@g3k.solutions>
+ *   Copyright (C) 2019 B00mX0r <b00mx0r@aureus.pw>
+ *   Copyright (C) 2018 Dylan Frank <b00mx0r@aureus.pw>
+ *   Copyright (C) 2013, 2017-2019 Sadie Powell <sadie@witchery.services>
+ *   Copyright (C) 2013, 2015-2016 Attila Molnar <attilamolnar@hush.com>
+ *   Copyright (C) 2012 Robby <robby@chatbelgie.be>
+ *   Copyright (C) 2012 ChrisTX <xpipe@hotmail.de>
+ *   Copyright (C) 2009-2010 Daniel De Graaf <danieldg@inspircd.org>
+ *   Copyright (C) 2007 Dennis Friis <peavey@inspircd.org>
+ *   Copyright (C) 2006 Craig Edwards <brain@inspircd.org>
  *
  * This file is part of InspIRCd.  InspIRCd is free software: you can
  * redistribute it and/or modify it under the terms of the GNU General Public
@@ -23,7 +31,7 @@
 #include <string>
 #include "iohook.h"
 
-/** ssl_cert is a class which abstracts SSL certificate
+/** ssl_cert is a class which abstracts TLS (SSL) certificate
  * and key information.
  *
  * Because gnutls and openssl represent key information in
@@ -58,7 +66,7 @@ class ssl_cert : public refcountbase
 		return issuer;
 	}
 
-	/** Get error string if an error has occured
+	/** Get error string if an error has occurred
 	 * @return The error associated with this users certificate,
 	 * or an empty string if there is no error.
 	 */
@@ -146,7 +154,7 @@ class ssl_cert : public refcountbase
 class SSLIOHook : public IOHook
 {
  protected:
-	/** Peer SSL certificate, set by the SSL module
+	/** Peer TLS (SSL) certificate, set by the TLS (SSL) module
 	 */
 	reference<ssl_cert> certificate;
 
@@ -160,7 +168,7 @@ class SSLIOHook : public IOHook
 		if ((sendq.size() <= 1) || (sendq.front().length() >= targetsize))
 			return;
 
-		// Avoid multiple repeated SSL encryption invocations
+		// Avoid multiple repeated TLS (SSL) encryption invocations
 		// This adds a single copy of the queue, but avoids
 		// much more overhead in terms of system calls invoked
 		// by an IOHook.
@@ -178,9 +186,10 @@ class SSLIOHook : public IOHook
  public:
 	static SSLIOHook* IsSSL(StreamSocket* sock)
 	{
-		IOHook* const iohook = sock->GetIOHook();
-		if ((iohook) && ((iohook->prov->type == IOHookProvider::IOH_SSL)))
-			return static_cast<SSLIOHook*>(iohook);
+		IOHook* const lasthook = sock->GetLastHook();
+		if (lasthook && (lasthook->prov->type == IOHookProvider::IOH_SSL))
+			return static_cast<SSLIOHook*>(lasthook);
+
 		return NULL;
 	}
 
@@ -191,24 +200,22 @@ class SSLIOHook : public IOHook
 
 	/**
 	 * Get the certificate sent by this peer
-	 * @return The SSL certificate sent by the peer, NULL if no cert was sent
+	 * @return The TLS (SSL) certificate sent by the peer, NULL if no cert was sent
 	 */
-	ssl_cert* GetCertificate() const
+	virtual ssl_cert* GetCertificate() const
 	{
-		if (certificate && certificate->IsUsable())
-			return certificate;
-		return NULL;
+		return certificate;
 	}
 
 	/**
 	 * Get the fingerprint of the peer's certificate
-	 * @return The fingerprint of the SSL client certificate sent by the peer,
+	 * @return The fingerprint of the TLS (SSL) client certificate sent by the peer,
 	 * empty if no cert was sent
 	 */
-	std::string GetFingerprint() const
+	virtual std::string GetFingerprint() const
 	{
 		ssl_cert* cert = GetCertificate();
-		if (cert)
+		if (cert && cert->IsUsable())
 			return cert->GetFingerprint();
 		return "";
 	}
@@ -220,14 +227,14 @@ class SSLIOHook : public IOHook
 	virtual void GetCiphersuite(std::string& out) const = 0;
 
 
-	/** Retrieves the name of the SSL connection which is sent via SNI.
+	/** Retrieves the name of the TLS (SSL) connection which is sent via SNI.
 	 * @param out String that the server name will be appended to.
 	 * returns True if the server name was retrieved; otherwise, false.
 	 */
 	virtual bool GetServerName(std::string& out) const = 0;
 };
 
-/** Helper functions for obtaining SSL client certificates and key fingerprints
+/** Helper functions for obtaining TLS (SSL) client certificates and key fingerprints
  * from StreamSockets
  */
 class SSLClientCert
@@ -235,8 +242,8 @@ class SSLClientCert
  public:
  	/**
 	 * Get the client certificate from a socket
-	 * @param sock The socket to get the certificate from, the socket does not have to use SSL
-	 * @return The SSL client certificate information, NULL if the peer is not using SSL
+	 * @param sock The socket to get the certificate from, the socket does not have to use TLS (SSL)
+	 * @return The TLS (SSL) client certificate information, NULL if the peer is not using TLS (SSL)
 	 */
 	static ssl_cert* GetCertificate(StreamSocket* sock)
 	{
@@ -250,9 +257,9 @@ class SSLClientCert
 	/**
 	 * Get the fingerprint of a client certificate from a socket
 	 * @param sock The socket to get the certificate fingerprint from, the
-	 * socket does not have to use SSL
-	 * @return The key fingerprint from the SSL certificate sent by the peer,
-	 * empty if no cert was sent or the peer is not using SSL
+	 * socket does not have to use TLS (SSL)
+	 * @return The key fingerprint from the TLS (SSL) certificate sent by the peer,
+	 * empty if no cert was sent or the peer is not using TLS (SSL)
 	 */
 	static std::string GetFingerprint(StreamSocket* sock)
 	{
@@ -271,16 +278,22 @@ class UserCertificateAPIBase : public DataProvider
 	{
 	}
 
-	/** Get the SSL certificate of a user
+	/** Get the TLS (SSL) certificate of a user
 	 * @param user The user whose certificate to get, user may be remote
-	 * @return The SSL certificate of the user or NULL if the user is not using SSL
+	 * @return The TLS (SSL) certificate of the user or NULL if the user is not using TLS (SSL)
 	 */
 	virtual ssl_cert* GetCertificate(User* user) = 0;
 
+	/** Set the TLS (SSL) certificate of a user.
+	 * @param user The user whose certificate to set.
+	 * @param cert The TLS (SSL) certificate to set for the user.
+	 */
+	virtual void SetCertificate(User* user, ssl_cert* cert) = 0;
+
 	/** Get the key fingerprint from a user's certificate
 	 * @param user The user whose key fingerprint to get, user may be remote
-	 * @return The key fingerprint from the user's SSL certificate or an empty string
-	 * if the user is not using SSL or did not provide a client certificate
+	 * @return The key fingerprint from the user's TLS (SSL) certificate or an empty string
+	 * if the user is not using TLS (SSL) or did not provide a client certificate
 	 */
 	std::string GetFingerprint(User* user)
 	{
@@ -291,9 +304,9 @@ class UserCertificateAPIBase : public DataProvider
 	}
 };
 
-/** API implemented by m_sslinfo that allows modules to retrive the SSL certificate
+/** API implemented by m_sslinfo that allows modules to retrieve the TLS (SSL) certificate
  * information of local and remote users. It can also be used to find out whether a
- * user is using SSL or not.
+ * user is using TLS (SSL) or not.
  */
 class UserCertificateAPI : public dynamic_reference<UserCertificateAPIBase>
 {