X-Git-Url: https://git.netwichtig.de/gitweb/?a=blobdiff_plain;f=src%2Fmodules%2Fextra%2Fm_ssl_gnutls.cpp;h=910ff4a2126df35760639b706a7b99efbcc04056;hb=b950e46bfeef5643ff68c8c78530c1eff25d024e;hp=fb50c0f096c3016fdf7fb59e7690105dcbf61766;hpb=68b3561749552e5e73d1d684b723b3ea6abe5186;p=user%2Fhenk%2Fcode%2Finspircd.git diff --git a/src/modules/extra/m_ssl_gnutls.cpp b/src/modules/extra/m_ssl_gnutls.cpp index fb50c0f09..910ff4a21 100644 --- a/src/modules/extra/m_ssl_gnutls.cpp +++ b/src/modules/extra/m_ssl_gnutls.cpp @@ -118,6 +118,7 @@ class ModuleSSLGnuTLS : public Module int dh_bits; int clientactive; + bool cred_alloc; CommandStartTLS* starttls; @@ -135,13 +136,7 @@ class ModuleSSLGnuTLS : public Module gnutls_global_init(); // This must be called once in the program - if(gnutls_certificate_allocate_credentials(&x509_cred) != 0) - ServerInstance->Logs->Log("m_ssl_gnutls",DEFAULT, "m_ssl_gnutls.so: Failed to allocate certificate credentials"); - - // Guessing return meaning - if(gnutls_dh_params_init(&dh_params) < 0) - ServerInstance->Logs->Log("m_ssl_gnutls",DEFAULT, "m_ssl_gnutls.so: Failed to initialise DH parameters"); - + cred_alloc = false; // Needs the flag as it ignores a plain /rehash OnRehash(NULL,"ssl"); @@ -246,7 +241,22 @@ class ModuleSSLGnuTLS : public Module keyfile = confdir + keyfile; int ret; - + + if (cred_alloc) + { + // Deallocate the old credentials + gnutls_dh_params_deinit(dh_params); + gnutls_certificate_free_credentials(x509_cred); + } + else + cred_alloc = true; + + if((ret = gnutls_certificate_allocate_credentials(&x509_cred)) < 0) + ServerInstance->Logs->Log("m_ssl_gnutls",DEFAULT, "m_ssl_gnutls.so: Failed to allocate certificate credentials: %s", gnutls_strerror(ret)); + + if((ret = gnutls_dh_params_init(&dh_params)) < 0) + ServerInstance->Logs->Log("m_ssl_gnutls",DEFAULT, "m_ssl_gnutls.so: Failed to initialise DH parameters: %s", gnutls_strerror(ret)); + if((ret =gnutls_certificate_set_x509_trust_file(x509_cred, cafile.c_str(), GNUTLS_X509_FMT_PEM)) < 0) ServerInstance->Logs->Log("m_ssl_gnutls",DEFAULT, "m_ssl_gnutls.so: Failed to set X.509 trust file '%s': %s", cafile.c_str(), gnutls_strerror(ret)); @@ -293,11 +303,12 @@ class ModuleSSLGnuTLS : public Module { User* user = (User*)item; - if(user->io) + if (user->io == this) { // User is using SSL, they're a local user, and they're using one of *our* SSL ports. // Potentially there could be multiple SSL modules loaded at once on different ports. ServerInstance->Users->QuitUser(user, "SSL module unloading"); + user->io = NULL; } if (user->GetExt("ssl_cert", dummy)) { @@ -306,8 +317,6 @@ class ModuleSSLGnuTLS : public Module delete tofree; user->Shrink("ssl_cert"); } - - user->io = NULL; } } @@ -326,7 +335,7 @@ class ModuleSSLGnuTLS : public Module virtual Version GetVersion() { - return Version(1, 2, 0, 0, VF_VENDOR, API_VERSION); + return Version("$Id$", VF_VENDOR, API_VERSION); } @@ -911,6 +920,20 @@ class ModuleSSLGnuTLS : public Module void OnEvent(Event* ev) { GenericCapHandler(ev, "tls", "tls"); + if (ev->GetEventID() == "cap_req") + { + /* GenericCapHandler() Extends("tls") a user if it does + * CAP REQ tls. Check if this was done. + */ + CapData *data = (CapData *) ev->GetData(); + if (data->user->Shrink("tls")) + { + /* Not in our spec?!?! */ + data->user->io = this; + OnRawSocketAccept(data->user->GetFd(), data->user->GetIPString(), + data->user->GetPort()); + } + } } void Prioritize()