X-Git-Url: https://git.netwichtig.de/gitweb/?a=blobdiff_plain;f=src%2Fmodules%2Fm_sslinfo.cpp;h=0054e3ed7d46ec4e91aff47a311adad2dcf65de8;hb=3151d60c1ecc9462e4c335282ee6c31672f45111;hp=3c3a217f1bdb08321d03671f07f511c644133b08;hpb=96e3b3c9bc377f7f73e7bf7c49a692951c3246fb;p=user%2Fhenk%2Fcode%2Finspircd.git diff --git a/src/modules/m_sslinfo.cpp b/src/modules/m_sslinfo.cpp index 3c3a217f1..0054e3ed7 100644 --- a/src/modules/m_sslinfo.cpp +++ b/src/modules/m_sslinfo.cpp @@ -1,9 +1,9 @@ /* * InspIRCd -- Internet Relay Chat Daemon * + * Copyright (C) 2020 Matt Schatz * Copyright (C) 2019 linuxdaemon - * Copyright (C) 2013, 2017-2019 Sadie Powell - * Copyright (C) 2013 Christopher 'm4z' Holm + * Copyright (C) 2013, 2017-2020 Sadie Powell * Copyright (C) 2012-2016 Attila Molnar * Copyright (C) 2012 Robby * Copyright (C) 2010 Adam @@ -318,21 +318,25 @@ class ModuleSSLInfo ModResult OnSetConnectClass(LocalUser* user, ConnectClass* myclass) CXX11_OVERRIDE { ssl_cert* cert = cmd.sslapi.GetCertificate(user); - bool ok = true; + const char* error = NULL; const std::string requiressl = myclass->config->getString("requiressl"); if (stdalgo::string::equalsci(requiressl, "trusted")) { - ok = (cert && cert->IsCAVerified()); - ServerInstance->Logs->Log("CONNECTCLASS", LOG_DEBUG, "Class requires a trusted TLS (SSL) client certificate. Client %s one.", (ok ? "has" : "does not have")); + if (!cert || !cert->IsCAVerified()) + error = "a trusted TLS (SSL) client certificate"; } else if (myclass->config->getBool("requiressl")) { - ok = (cert != NULL); - ServerInstance->Logs->Log("CONNECTCLASS", LOG_DEBUG, "Class requires a secure connection. Client %s on a secure connection.", (ok ? "is" : "is not")); + if (!cert) + error = "a TLS (SSL) connection"; } - if (!ok) + if (error) + { + ServerInstance->Logs->Log("CONNECTCLASS", LOG_DEBUG, "The %s connect class is not suitable as it requires %s", + myclass->GetName().c_str(), error); return MOD_RES_DENY; + } return MOD_RES_PASSTHRU; }