X-Git-Url: https://git.netwichtig.de/gitweb/?a=blobdiff_plain;f=src%2Fmodules%2Fextra%2Fm_ssl_openssl.cpp;h=0ce36ed803ac19bb870dd988d45b632ea81d1d1f;hb=3323226c38c959392e61f406ec62f9d5f24fce15;hp=962350e1c38cf6adfdbc7b40f76c9276f070df74;hpb=99f79a4e5c3abbe91a03216824e7659051872054;p=user%2Fhenk%2Fcode%2Finspircd.git diff --git a/src/modules/extra/m_ssl_openssl.cpp b/src/modules/extra/m_ssl_openssl.cpp index 962350e1c..0ce36ed80 100644 --- a/src/modules/extra/m_ssl_openssl.cpp +++ b/src/modules/extra/m_ssl_openssl.cpp @@ -44,8 +44,6 @@ # pragma comment(lib, "libgcc.lib") # pragma comment(lib, "libmingwex.lib") # pragma comment(lib, "gdi32.lib") -# undef MAX_DESCRIPTORS -# define MAX_DESCRIPTORS 10000 #endif /* $CompileFlags: pkgconfversion("openssl","0.9.7") pkgconfincludes("openssl","/openssl/ssl.h","") -Wno-pedantic */ @@ -109,6 +107,9 @@ namespace OpenSSL { SSL_CTX_set_mode(ctx, SSL_MODE_ENABLE_PARTIAL_WRITE | SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER); SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER | SSL_VERIFY_CLIENT_ONCE, OnVerify); + + const unsigned char session_id[] = "inspircd"; + SSL_CTX_set_session_id_context(ctx, session_id, sizeof(session_id) - 1); } ~Context() @@ -273,13 +274,13 @@ class OpenSSLIOHook : public SSLIOHook if (err == SSL_ERROR_WANT_READ) { - ServerInstance->SE->ChangeEventMask(user, FD_WANT_POLL_READ | FD_WANT_NO_WRITE); + SocketEngine::ChangeEventMask(user, FD_WANT_POLL_READ | FD_WANT_NO_WRITE); this->status = ISSL_HANDSHAKING; return true; } else if (err == SSL_ERROR_WANT_WRITE) { - ServerInstance->SE->ChangeEventMask(user, FD_WANT_NO_READ | FD_WANT_SINGLE_WRITE); + SocketEngine::ChangeEventMask(user, FD_WANT_NO_READ | FD_WANT_SINGLE_WRITE); this->status = ISSL_HANDSHAKING; return true; } @@ -297,7 +298,7 @@ class OpenSSLIOHook : public SSLIOHook status = ISSL_OPEN; - ServerInstance->SE->ChangeEventMask(user, FD_WANT_POLL_READ | FD_WANT_NO_WRITE | FD_ADD_TRIAL_WRITE); + SocketEngine::ChangeEventMask(user, FD_WANT_POLL_READ | FD_WANT_NO_WRITE | FD_ADD_TRIAL_WRITE); return true; } @@ -352,8 +353,11 @@ class OpenSSLIOHook : public SSLIOHook certinfo->trusted = false; } - certinfo->dn = X509_NAME_oneline(X509_get_subject_name(cert),0,0); - certinfo->issuer = X509_NAME_oneline(X509_get_issuer_name(cert),0,0); + char buf[512]; + X509_NAME_oneline(X509_get_subject_name(cert), buf, sizeof(buf)); + certinfo->dn = buf; + X509_NAME_oneline(X509_get_issuer_name(cert), buf, sizeof(buf)); + certinfo->issuer = buf; if (!X509_digest(cert, profile->GetDigest(), md, &n)) { @@ -427,7 +431,7 @@ class OpenSSLIOHook : public SSLIOHook { recvq.append(buffer, ret); if (data_to_write) - ServerInstance->SE->ChangeEventMask(user, FD_WANT_POLL_READ | FD_WANT_SINGLE_WRITE); + SocketEngine::ChangeEventMask(user, FD_WANT_POLL_READ | FD_WANT_SINGLE_WRITE); return 1; } else if (ret == 0) @@ -443,12 +447,12 @@ class OpenSSLIOHook : public SSLIOHook if (err == SSL_ERROR_WANT_READ) { - ServerInstance->SE->ChangeEventMask(user, FD_WANT_POLL_READ); + SocketEngine::ChangeEventMask(user, FD_WANT_POLL_READ); return 0; } else if (err == SSL_ERROR_WANT_WRITE) { - ServerInstance->SE->ChangeEventMask(user, FD_WANT_NO_READ | FD_WANT_SINGLE_WRITE); + SocketEngine::ChangeEventMask(user, FD_WANT_NO_READ | FD_WANT_SINGLE_WRITE); return 0; } else @@ -489,13 +493,13 @@ class OpenSSLIOHook : public SSLIOHook if (ret == (int)buffer.length()) { data_to_write = false; - ServerInstance->SE->ChangeEventMask(user, FD_WANT_POLL_READ | FD_WANT_NO_WRITE); + SocketEngine::ChangeEventMask(user, FD_WANT_POLL_READ | FD_WANT_NO_WRITE); return 1; } else if (ret > 0) { buffer = buffer.substr(ret); - ServerInstance->SE->ChangeEventMask(user, FD_WANT_SINGLE_WRITE); + SocketEngine::ChangeEventMask(user, FD_WANT_SINGLE_WRITE); return 0; } else if (ret == 0) @@ -509,12 +513,12 @@ class OpenSSLIOHook : public SSLIOHook if (err == SSL_ERROR_WANT_WRITE) { - ServerInstance->SE->ChangeEventMask(user, FD_WANT_SINGLE_WRITE); + SocketEngine::ChangeEventMask(user, FD_WANT_SINGLE_WRITE); return 0; } else if (err == SSL_ERROR_WANT_READ) { - ServerInstance->SE->ChangeEventMask(user, FD_WANT_POLL_READ); + SocketEngine::ChangeEventMask(user, FD_WANT_POLL_READ); return 0; } else @@ -573,7 +577,6 @@ class ModuleSSLOpenSSL : public Module { typedef std::vector > ProfileList; - std::string sslports; ProfileList profiles; void ReadProfiles() @@ -640,45 +643,6 @@ class ModuleSSLOpenSSL : public Module ReadProfiles(); } - void ReadConfig(ConfigStatus& status) CXX11_OVERRIDE - { - sslports.clear(); - - ConfigTag* Conf = ServerInstance->Config->ConfValue("openssl"); - - if (Conf->getBool("showports", true)) - { - sslports = Conf->getString("advertisedports"); - if (!sslports.empty()) - return; - - for (size_t i = 0; i < ServerInstance->ports.size(); i++) - { - ListenSocket* port = ServerInstance->ports[i]; - if (port->bind_tag->getString("ssl") != "openssl") - continue; - - const std::string& portid = port->bind_desc; - ServerInstance->Logs->Log(MODNAME, LOG_DEFAULT, "Enabling SSL for port %s", portid.c_str()); - - if (port->bind_tag->getString("type", "clients") == "clients" && port->bind_addr != "127.0.0.1") - { - /* - * Found an SSL port for clients that is not bound to 127.0.0.1 and handled by us, display - * the IP:port in ISUPPORT. - * - * We used to advertise all ports seperated by a ';' char that matched the above criteria, - * but this resulted in too long ISUPPORT lines if there were lots of ports to be displayed. - * To solve this by default we now only display the first IP:port found and let the user - * configure the exact value for the 005 token, if necessary. - */ - sslports = portid; - break; - } - } - } - } - void OnModuleRehash(User* user, const std::string ¶m) CXX11_OVERRIDE { if (param != "ssl") @@ -694,12 +658,6 @@ class ModuleSSLOpenSSL : public Module } } - void On005Numeric(std::map& tokens) CXX11_OVERRIDE - { - if (!sslports.empty()) - tokens["SSL"] = sslports; - } - void OnUserConnect(LocalUser* user) CXX11_OVERRIDE { IOHook* hook = user->eh.GetIOHook();