X-Git-Url: https://git.netwichtig.de/gitweb/?a=blobdiff_plain;f=src%2Fmodules%2Fextra%2Fm_ssl_openssl.cpp;h=649b425c2335a8eb22e90ac30a5b69c3c71823dd;hb=73a4a37376fdf42c70c73ae5d8f8e933c3f28a61;hp=a0302fa9cb64207ba44467016c34c20f9e859e50;hpb=e0de3da4100eb3f2bccc6ac27a46733b5b2be3dc;p=user%2Fhenk%2Fcode%2Finspircd.git

diff --git a/src/modules/extra/m_ssl_openssl.cpp b/src/modules/extra/m_ssl_openssl.cpp
index a0302fa9c..649b425c2 100644
--- a/src/modules/extra/m_ssl_openssl.cpp
+++ b/src/modules/extra/m_ssl_openssl.cpp
@@ -1,26 +1,42 @@
-/*       +------------------------------------+
- *       | Inspire Internet Relay Chat Daemon |
- *       +------------------------------------+
+/*
+ * InspIRCd -- Internet Relay Chat Daemon
  *
- *  InspIRCd: (C) 2002-2010 InspIRCd Development Team
- * See: http://wiki.inspircd.org/Credits
+ *   Copyright (C) 2009-2010 Daniel De Graaf <danieldg@inspircd.org>
+ *   Copyright (C) 2008 Pippijn van Steenhoven <pip88nl@gmail.com>
+ *   Copyright (C) 2006-2008 Craig Edwards <craigedwards@brainbox.cc>
+ *   Copyright (C) 2008 Thomas Stagner <aquanight@inspircd.org>
+ *   Copyright (C) 2007 Dennis Friis <peavey@inspircd.org>
+ *   Copyright (C) 2006 Oliver Lupton <oliverlupton@gmail.com>
  *
- * This program is free but copyrighted software; see
- *            the file COPYING for details.
+ * This file is part of InspIRCd.  InspIRCd is free software: you can
+ * redistribute it and/or modify it under the terms of the GNU General Public
+ * License as published by the Free Software Foundation, version 2.
  *
- * ---------------------------------------------------
+ * This program is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+ * FOR A PARTICULAR PURPOSE.  See the GNU General Public License for more
+ * details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
  */
 
+
 #include "inspircd.h"
 #include <openssl/ssl.h>
 #include <openssl/err.h>
 #include "ssl.h"
 
 #ifdef WINDOWS
-#pragma comment(lib, "libeay32MTd")
-#pragma comment(lib, "ssleay32MTd")
-#undef MAX_DESCRIPTORS
-#define MAX_DESCRIPTORS 10000
+# pragma comment(lib, "libcrypto.lib")
+# pragma comment(lib, "libssl.lib")
+# pragma comment(lib, "user32.lib")
+# pragma comment(lib, "advapi32.lib")
+# pragma comment(lib, "libgcc.lib")
+# pragma comment(lib, "libmingwex.lib")
+# pragma comment(lib, "gdi32.lib")
+# undef MAX_DESCRIPTORS
+# define MAX_DESCRIPTORS 10000
 #endif
 
 /* $ModDesc: Provides SSL support for clients */
@@ -182,6 +198,16 @@ class ModuleSSLOpenSSL : public Module
 			throw ModuleException("Unknown hash type " + hash);
 		use_sha = (hash == "sha1");
 
+		std::string ciphers = conf->getString("ciphers", "");
+
+		if (!ciphers.empty())
+		{
+			if ((!SSL_CTX_set_cipher_list(ctx, ciphers.c_str())) || (!SSL_CTX_set_cipher_list(clictx, ciphers.c_str())))
+			{
+				ServerInstance->Logs->Log("m_ssl_openssl",DEFAULT, "m_ssl_openssl.so: Can't set cipher list to %s.", ciphers.c_str());
+				ERR_print_errors_cb(error_callback, this);
+			}
+		}
 
 		/* Load our keys and certificates
 		 * NOTE: OpenSSL's error logging API sucks, don't blame us for this clusterfuck.
@@ -246,8 +272,10 @@ class ModuleSSLOpenSSL : public Module
 			if (sessions[user->eh.GetFd()].sess)
 			{
 				if (!sessions[user->eh.GetFd()].cert->fingerprint.empty())
-					user->WriteServ("NOTICE %s :*** You are connected using SSL fingerprint %s",
-						user->nick.c_str(), sessions[user->eh.GetFd()].cert->fingerprint.c_str());
+					user->WriteServ("NOTICE %s :*** You are connected using SSL cipher \"%s\""
+						" and your SSL fingerprint is %s", user->nick.c_str(), SSL_get_cipher(sessions[user->eh.GetFd()].sess), sessions[user->eh.GetFd()].cert->fingerprint.c_str());
+				else
+					user->WriteServ("NOTICE %s :*** You are connected using SSL cipher \"%s\"", user->nick.c_str(), SSL_get_cipher(sessions[user->eh.GetFd()].sess));
 			}
 		}
 	}
@@ -294,6 +322,7 @@ class ModuleSSLOpenSSL : public Module
 		session->sess = SSL_new(ctx);
 		session->status = ISSL_NONE;
 		session->outbound = false;
+		session->cert = NULL;
 
 		if (session->sess == NULL)
 			return;
@@ -381,6 +410,8 @@ class ModuleSSLOpenSSL : public Module
 			if (ret > 0)
 			{
 				recvq.append(buffer, ret);
+				if (session->data_to_write)
+					ServerInstance->SE->ChangeEventMask(user, FD_WANT_POLL_READ | FD_WANT_SINGLE_WRITE);
 				return 1;
 			}
 			else if (ret == 0)
@@ -470,7 +501,7 @@ class ModuleSSLOpenSSL : public Module
 				}
 				else if (err == SSL_ERROR_WANT_READ)
 				{
-					ServerInstance->SE->ChangeEventMask(user, FD_WANT_POLL_READ | FD_WANT_NO_WRITE);
+					ServerInstance->SE->ChangeEventMask(user, FD_WANT_POLL_READ);
 					return 0;
 				}
 				else
@@ -550,7 +581,7 @@ class ModuleSSLOpenSSL : public Module
 
 	void VerifyCertificate(issl_session* session, StreamSocket* user)
 	{
-		if (!session->sess || !user || session->cert)
+		if (!session->sess || !user)
 			return;
 
 		X509* cert;