X-Git-Url: https://git.netwichtig.de/gitweb/?a=blobdiff_plain;f=include%2Fmodules%2Fssl.h;h=edea45a1092e73e787d7b9bcc376de023a26f3c9;hb=79892a727e323dcc4bce7e9c0cf3c99c5fe61706;hp=9cc504128daae20a0daee6b4ea0c2880d8ccaa67;hpb=fb66fb5ce3410d7e32813aed85e8ad3050584740;p=user%2Fhenk%2Fcode%2Finspircd.git diff --git a/include/modules/ssl.h b/include/modules/ssl.h index 9cc504128..edea45a10 100644 --- a/include/modules/ssl.h +++ b/include/modules/ssl.h @@ -112,9 +112,21 @@ class ssl_cert : public refcountbase return revoked; } + /** Get certificate usability + * @return True if the certificate is not expired nor revoked + */ + bool IsUsable() + { + return !invalid && !revoked && error.empty(); + } + + /** Get CA trust status + * @return True if the certificate is issued by a CA + * and valid. + */ bool IsCAVerified() { - return trusted && !invalid && !revoked && !unknownsigner && error.empty(); + return IsUsable() && trusted && !unknownsigner; } std::string GetMetaLine() @@ -183,7 +195,9 @@ class SSLIOHook : public IOHook */ ssl_cert* GetCertificate() const { - return certificate; + if (certificate && certificate->IsUsable()) + return certificate; + return NULL; } /** @@ -204,6 +218,13 @@ class SSLIOHook : public IOHook * @param out String where the ciphersuite string will be appended to */ virtual void GetCiphersuite(std::string& out) const = 0; + + + /** Retrieves the name of the SSL connection which is sent via SNI. + * @param out String that the server name will be appended to. + * returns True if the server name was retrieved; otherwise, false. + */ + virtual bool GetServerName(std::string& out) const = 0; }; /** Helper functions for obtaining SSL client certificates and key fingerprints @@ -256,6 +277,12 @@ class UserCertificateAPIBase : public DataProvider */ virtual ssl_cert* GetCertificate(User* user) = 0; + /** Set the SSL certificate of a user. + * @param user The user whose certificate to set. + * @param cert The SSL certificate to set for the user. + */ + virtual void SetCertificate(User* user, ssl_cert* cert) = 0; + /** Get the key fingerprint from a user's certificate * @param user The user whose key fingerprint to get, user may be remote * @return The key fingerprint from the user's SSL certificate or an empty string