X-Git-Url: https://git.netwichtig.de/gitweb/?a=blobdiff_plain;f=src%2Fmodules%2Fextra%2Fm_ssl_openssl.cpp;h=0957b5912f16c7a444b01f01e455b211b64eac84;hb=c202dea024542b9c6c6b771bb9a3a081d9eacdc5;hp=ddecb8d00870049ca97fa10ddf6016b8eddc52e7;hpb=752cb8b179cc1cbec3f36d7a3084fa98a81f92d8;p=user%2Fhenk%2Fcode%2Finspircd.git

diff --git a/src/modules/extra/m_ssl_openssl.cpp b/src/modules/extra/m_ssl_openssl.cpp
index ddecb8d00..0957b5912 100644
--- a/src/modules/extra/m_ssl_openssl.cpp
+++ b/src/modules/extra/m_ssl_openssl.cpp
@@ -48,12 +48,8 @@
 # define MAX_DESCRIPTORS 10000
 #endif
 
-/* $LinkerFlags: if("USE_FREEBSD_BASE_SSL") -lssl -lcrypto */
-/* $CompileFlags: if(!"USE_FREEBSD_BASE_SSL") pkgconfversion("openssl","0.9.7") pkgconfincludes("openssl","/openssl/ssl.h","") */
-/* $LinkerFlags: if(!"USE_FREEBSD_BASE_SSL") rpath("pkg-config --libs openssl") pkgconflibs("openssl","/libssl.so","-lssl -lcrypto -ldl") */
-
-/* $NoPedantic */
-
+/* $CompileFlags: pkgconfversion("openssl","0.9.7") pkgconfincludes("openssl","/openssl/ssl.h","") -Wno-pedantic */
+/* $LinkerFlags: rpath("pkg-config --libs openssl") pkgconflibs("openssl","/libssl.so","-lssl -lcrypto") */
 
 enum issl_status { ISSL_NONE, ISSL_HANDSHAKING, ISSL_OPEN };
 
@@ -188,7 +184,7 @@ class OpenSSLIOHook : public SSLIOHook
 
 		certinfo->invalid = (SSL_get_verify_result(session->sess) != X509_V_OK);
 
-		if (SelfSigned)
+		if (!SelfSigned)
 		{
 			certinfo->unknownsigner = false;
 			certinfo->trusted = true;
@@ -252,7 +248,7 @@ class OpenSSLIOHook : public SSLIOHook
 
 		if (SSL_set_fd(session->sess, fd) == 0)
 		{
-			ServerInstance->Logs->Log("m_ssl_openssl", LOG_DEBUG, "BUG: Can't set fd with SSL_set_fd: %d", fd);
+			ServerInstance->Logs->Log(MODNAME, LOG_DEBUG, "BUG: Can't set fd with SSL_set_fd: %d", fd);
 			return;
 		}
 
@@ -277,7 +273,7 @@ class OpenSSLIOHook : public SSLIOHook
 
 		if (SSL_set_fd(session->sess, fd) == 0)
 		{
-			ServerInstance->Logs->Log("m_ssl_openssl", LOG_DEBUG, "BUG: Can't set fd with SSL_set_fd: %d", fd);
+			ServerInstance->Logs->Log(MODNAME, LOG_DEBUG, "BUG: Can't set fd with SSL_set_fd: %d", fd);
 			return;
 		}
 
@@ -494,8 +490,6 @@ class ModuleSSLOpenSSL : public Module
 	{
 		// Needs the flag as it ignores a plain /rehash
 		OnModuleRehash(NULL,"ssl");
-		Implementation eventlist[] = { I_On005Numeric, I_OnRehash, I_OnModuleRehash, I_OnHookIO, I_OnUserConnect };
-		ServerInstance->Modules->Attach(eventlist, this, sizeof(eventlist)/sizeof(Implementation));
 		ServerInstance->Modules->AddService(iohook);
 	}
 
@@ -508,7 +502,7 @@ class ModuleSSLOpenSSL : public Module
 		}
 	}
 
-	void OnRehash(User* user) CXX11_OVERRIDE
+	void ReadConfig(ConfigStatus& status) CXX11_OVERRIDE
 	{
 		sslports.clear();
 
@@ -527,7 +521,7 @@ class ModuleSSLOpenSSL : public Module
 					continue;
 
 				const std::string& portid = port->bind_desc;
-				ServerInstance->Logs->Log("m_ssl_openssl", LOG_DEFAULT, "m_ssl_openssl.so: Enabling SSL for port %s", portid.c_str());
+				ServerInstance->Logs->Log(MODNAME, LOG_DEFAULT, "Enabling SSL for port %s", portid.c_str());
 
 				if (port->bind_tag->getString("type", "clients") == "clients" && port->bind_addr != "127.0.0.1")
 				{
@@ -556,14 +550,13 @@ class ModuleSSLOpenSSL : public Module
 		std::string certfile;
 		std::string cafile;
 		std::string dhfile;
-		OnRehash(user);
 
 		ConfigTag* conf = ServerInstance->Config->ConfValue("openssl");
 
-		cafile	 = conf->getString("cafile", CONFIG_PATH "/ca.pem");
-		certfile = conf->getString("certfile", CONFIG_PATH "/cert.pem");
-		keyfile	 = conf->getString("keyfile", CONFIG_PATH "/key.pem");
-		dhfile	 = conf->getString("dhfile", CONFIG_PATH "/dhparams.pem");
+		cafile	 = ServerInstance->Config->Paths.PrependConfig(conf->getString("cafile", "ca.pem"));
+		certfile = ServerInstance->Config->Paths.PrependConfig(conf->getString("certfile", "cert.pem"));
+		keyfile	 = ServerInstance->Config->Paths.PrependConfig(conf->getString("keyfile", "key.pem"));
+		dhfile	 = ServerInstance->Config->Paths.PrependConfig(conf->getString("dhfile", "dhparams.pem"));
 		std::string hash = conf->getString("hash", "md5");
 
 		iohook.digest = EVP_get_digestbyname(hash.c_str());
@@ -579,7 +572,7 @@ class ModuleSSLOpenSSL : public Module
 		{
 			if ((!SSL_CTX_set_cipher_list(ctx, ciphers.c_str())) || (!SSL_CTX_set_cipher_list(clictx, ciphers.c_str())))
 			{
-				ServerInstance->Logs->Log("m_ssl_openssl", LOG_DEFAULT, "m_ssl_openssl.so: Can't set cipher list to %s.", ciphers.c_str());
+				ServerInstance->Logs->Log(MODNAME, LOG_DEFAULT, "Can't set cipher list to %s.", ciphers.c_str());
 				ERR_print_errors_cb(error_callback, this);
 			}
 		}
@@ -589,20 +582,20 @@ class ModuleSSLOpenSSL : public Module
 		 */
 		if ((!SSL_CTX_use_certificate_chain_file(ctx, certfile.c_str())) || (!SSL_CTX_use_certificate_chain_file(clictx, certfile.c_str())))
 		{
-			ServerInstance->Logs->Log("m_ssl_openssl", LOG_DEFAULT, "m_ssl_openssl.so: Can't read certificate file %s. %s", certfile.c_str(), strerror(errno));
+			ServerInstance->Logs->Log(MODNAME, LOG_DEFAULT, "Can't read certificate file %s. %s", certfile.c_str(), strerror(errno));
 			ERR_print_errors_cb(error_callback, this);
 		}
 
 		if (((!SSL_CTX_use_PrivateKey_file(ctx, keyfile.c_str(), SSL_FILETYPE_PEM))) || (!SSL_CTX_use_PrivateKey_file(clictx, keyfile.c_str(), SSL_FILETYPE_PEM)))
 		{
-			ServerInstance->Logs->Log("m_ssl_openssl", LOG_DEFAULT, "m_ssl_openssl.so: Can't read key file %s. %s", keyfile.c_str(), strerror(errno));
+			ServerInstance->Logs->Log(MODNAME, LOG_DEFAULT, "Can't read key file %s. %s", keyfile.c_str(), strerror(errno));
 			ERR_print_errors_cb(error_callback, this);
 		}
 
 		/* Load the CAs we trust*/
 		if (((!SSL_CTX_load_verify_locations(ctx, cafile.c_str(), 0))) || (!SSL_CTX_load_verify_locations(clictx, cafile.c_str(), 0)))
 		{
-			ServerInstance->Logs->Log("m_ssl_openssl",LOG_DEFAULT, "m_ssl_openssl.so: Can't read CA list from %s. This is only a problem if you want to verify client certificates, otherwise it's safe to ignore this message. Error: %s", cafile.c_str(), strerror(errno));
+			ServerInstance->Logs->Log(MODNAME, LOG_DEFAULT, "Can't read CA list from %s. This is only a problem if you want to verify client certificates, otherwise it's safe to ignore this message. Error: %s", cafile.c_str(), strerror(errno));
 			ERR_print_errors_cb(error_callback, this);
 		}
 
@@ -611,7 +604,7 @@ class ModuleSSLOpenSSL : public Module
 
 		if (dhpfile == NULL)
 		{
-			ServerInstance->Logs->Log("m_ssl_openssl", LOG_DEFAULT, "m_ssl_openssl.so Couldn't open DH file %s: %s", dhfile.c_str(), strerror(errno));
+			ServerInstance->Logs->Log(MODNAME, LOG_DEFAULT, "Couldn't open DH file %s: %s", dhfile.c_str(), strerror(errno));
 			throw ModuleException("Couldn't open DH file " + dhfile + ": " + strerror(errno));
 		}
 		else
@@ -619,7 +612,7 @@ class ModuleSSLOpenSSL : public Module
 			ret = PEM_read_DHparams(dhpfile, NULL, NULL, NULL);
 			if ((SSL_CTX_set_tmp_dh(ctx, ret) < 0) || (SSL_CTX_set_tmp_dh(clictx, ret) < 0))
 			{
-				ServerInstance->Logs->Log("m_ssl_openssl", LOG_DEFAULT, "m_ssl_openssl.so: Couldn't set DH parameters %s. SSL errors follow:", dhfile.c_str());
+				ServerInstance->Logs->Log(MODNAME, LOG_DEFAULT, "Couldn't set DH parameters %s. SSL errors follow:", dhfile.c_str());
 				ERR_print_errors_cb(error_callback, this);
 			}
 		}
@@ -662,7 +655,7 @@ class ModuleSSLOpenSSL : public Module
 
 static int error_callback(const char *str, size_t len, void *u)
 {
-	ServerInstance->Logs->Log("m_ssl_openssl", LOG_DEFAULT, "SSL error: " + std::string(str, len - 1));
+	ServerInstance->Logs->Log(MODNAME, LOG_DEFAULT, "SSL error: " + std::string(str, len - 1));
 
 	//
 	// XXX: Remove this line, it causes valgrind warnings...