X-Git-Url: https://git.netwichtig.de/gitweb/?a=blobdiff_plain;f=src%2Fmodules%2Fextra%2Fm_ssl_mbedtls.cpp;h=c3d040ad03b394714e1b3b1403dec5720b70eec1;hb=b4a174ee9c32d62ea6bf010e837e8c5b1c3d36a3;hp=628230d295ff88dd9e21780efd572edbce46153f;hpb=ccebfe6e637b420bef05e8e0faf29bb19f1883d9;p=user%2Fhenk%2Fcode%2Finspircd.git

diff --git a/src/modules/extra/m_ssl_mbedtls.cpp b/src/modules/extra/m_ssl_mbedtls.cpp
index 628230d29..c3d040ad0 100644
--- a/src/modules/extra/m_ssl_mbedtls.cpp
+++ b/src/modules/extra/m_ssl_mbedtls.cpp
@@ -1,8 +1,8 @@
 /*
  * InspIRCd -- Internet Relay Chat Daemon
  *
- *   Copyright (C) 2019 Matt Schatz <genius3000@g3k.solutions>
- *   Copyright (C) 2016-2020 Sadie Powell <sadie@witchery.services>
+ *   Copyright (C) 2020 Matt Schatz <genius3000@g3k.solutions>
+ *   Copyright (C) 2016-2021 Sadie Powell <sadie@witchery.services>
  *   Copyright (C) 2016-2017 Attila Molnar <attilamolnar@hush.com>
  *
  * This file is part of InspIRCd.  InspIRCd is free software: you can
@@ -817,13 +817,13 @@ class mbedTLSIOHook : public SSLIOHook
 	bool IsHandshakeDone() const { return (status == ISSL_HANDSHAKEN); }
 };
 
-class mbedTLSIOHookProvider : public IOHookProvider
+class mbedTLSIOHookProvider : public SSLIOHookProvider
 {
 	mbedTLS::Profile profile;
 
  public:
- 	mbedTLSIOHookProvider(Module* mod, mbedTLS::Profile::Config& config)
-		: IOHookProvider(mod, "ssl/" + config.name, IOHookProvider::IOH_SSL)
+	mbedTLSIOHookProvider(Module* mod, mbedTLS::Profile::Config& config)
+		: SSLIOHookProvider(mod, config.name)
 		, profile(config)
 	{
 		ServerInstance->Modules->AddService(*this);
@@ -874,7 +874,7 @@ class ModuleSSLmbedTLS : public Module
 			// No <sslprofile> tags found, create a profile named "mbedtls" from settings in the <mbedtls> block
 			const std::string defname = "mbedtls";
 			ConfigTag* tag = ServerInstance->Config->ConfValue(defname);
-			ServerInstance->Logs->Log(MODNAME, LOG_DEFAULT, "No <sslprofile> tags found; using settings from the <mbedtls> tag");
+			ServerInstance->Logs->Log(MODNAME, LOG_DEFAULT, "No <sslprofile> tags found; using settings from the deprecated <mbedtls> tag");
 
 			try
 			{
@@ -886,32 +886,38 @@ class ModuleSSLmbedTLS : public Module
 				throw ModuleException("Error while initializing the default TLS (SSL) profile - " + ex.GetReason());
 			}
 		}
-
-		for (ConfigIter i = tags.first; i != tags.second; ++i)
+		else
 		{
-			ConfigTag* tag = i->second;
-			if (!stdalgo::string::equalsci(tag->getString("provider"), "mbedtls"))
-				continue;
-
-			std::string name = tag->getString("name");
-			if (name.empty())
+			ServerInstance->Logs->Log(MODNAME, LOG_DEFAULT, "You have defined an <sslprofile> tag; you should use this in place of \"mbedtls\" when configuring TLS (SSL) connections in <bind:sslprofile> or <link:sslprofile>");
+			for (ConfigIter i = tags.first; i != tags.second; ++i)
 			{
-				ServerInstance->Logs->Log(MODNAME, LOG_DEFAULT, "Ignoring <sslprofile> tag without name at " + tag->getTagLocation());
-				continue;
-			}
+				ConfigTag* tag = i->second;
+				if (!stdalgo::string::equalsci(tag->getString("provider"), "mbedtls"))
+				{
+					ServerInstance->Logs->Log(MODNAME, LOG_DEFAULT, "Ignoring non-mbedTLS <sslprofile> tag at " + tag->getTagLocation());
+					continue;
+				}
 
-			reference<mbedTLSIOHookProvider> prov;
-			try
-			{
-				mbedTLS::Profile::Config profileconfig(name, tag, ctr_drbg);
-				prov = new mbedTLSIOHookProvider(this, profileconfig);
-			}
-			catch (CoreException& ex)
-			{
-				throw ModuleException("Error while initializing TLS (SSL) profile \"" + name + "\" at " + tag->getTagLocation() + " - " + ex.GetReason());
-			}
+				std::string name = tag->getString("name");
+				if (name.empty())
+				{
+					ServerInstance->Logs->Log(MODNAME, LOG_DEFAULT, "Ignoring <sslprofile> tag without name at " + tag->getTagLocation());
+					continue;
+				}
+
+				reference<mbedTLSIOHookProvider> prov;
+				try
+				{
+					mbedTLS::Profile::Config profileconfig(name, tag, ctr_drbg);
+					prov = new mbedTLSIOHookProvider(this, profileconfig);
+				}
+				catch (CoreException& ex)
+				{
+					throw ModuleException("Error while initializing TLS (SSL) profile \"" + name + "\" at " + tag->getTagLocation() + " - " + ex.GetReason());
+				}
 
-			newprofiles.push_back(prov);
+				newprofiles.push_back(prov);
+			}
 		}
 
 		// New profiles are ok, begin using them
@@ -939,13 +945,13 @@ class ModuleSSLmbedTLS : public Module
 
 	void OnModuleRehash(User* user, const std::string &param) CXX11_OVERRIDE
 	{
-		if (!irc::equals(param, "ssl"))
+		if (!irc::equals(param, "tls") && !irc::equals(param, "ssl"))
 			return;
 
 		try
 		{
 			ReadProfiles();
-			ServerInstance->SNO->WriteToSnoMask('a', "TLS (SSL) module mbedTLS rehashed.");
+			ServerInstance->SNO->WriteToSnoMask('a', "mbedTLS TLS (SSL) profiles have been reloaded.");
 		}
 		catch (ModuleException& ex)
 		{