module).
s:server Matches users on a matching server (requires serverban
module).
- z:fingerprint Matches users with a matching ssl fingerprint (requires
- sslmodes module)
+ z:fingerprint Matches users with a matching SSL certificate fingerprint
+ (requires sslmodes module)
O:opertype Matches IRCops of a matching type, mostly useful as an
an invite exception (requires operchans module).
R:account Matches users logged into a matching account (requires
ssl="gnutls"
# fingerprint: If defined, this option will force servers to be
- # authenticated using SSL Fingerprints. See http://wiki.inspircd.org/SSL
- # for more information. This will require an SSL link for both inbound
- # and outbound connections.
+ # authenticated using SSL certificate fingerprints. See
+ # http://wiki.inspircd.org/SSL for more information. This will
+ # require an SSL link for both inbound and outbound connections.
#fingerprint=""
# bind: Local IP address to bind to.
# scripts to validate users. For this to work, one of m_ssl_gnutls.so
# or m_ssl_openssl.so must be loaded. This module also adds the
# "* <user> is using a secure connection" whois line, the ability for
-# opers to use SSL fingerprints to verify their identity and the
+# opers to use SSL cert fingerprints to verify their identity and the
# ability to force opers to use SSL connections in order to oper up.
# It is highly recommended to load this module if you use SSL on your
# network.
# scripts to validate users. For this to work, one of m_ssl_gnutls.so
# or m_ssl_openssl.so must be loaded. This module also adds the
# "* <user> is using a secure connection" whois line, the ability for
-# opers to use SSL fingerprints to verify their identity and the ability
-# to force opers to use SSL connections in order to oper up.
+# opers to use SSL cert fingerprints to verify their identity and the
+# ability to force opers to use SSL connections in order to oper up.
# It is highly recommended to load this module especially if
# you use SSL on your network.
# For how to use the oper features, please see the first example <oper> tag
# If m_sslinfo isn't loaded, this option will be ignored.
#fingerprint="67cb9dc013248a829bb2171ed11becd4"
- # autologin: If an SSL fingerprint for this oper is specified, you can
- # have the oper block automatically log in. This moves all security of the
- # oper block to the protection of the client certificate, so be sure that
- # the private key is well-protected! Requires m_sslinfo.
+ # autologin: If an SSL certificate fingerprint for this oper is specified,
+ # you can have the oper block automatically log in. This moves all security
+ # of the oper block to the protection of the client certificate, so be sure
+ # that the private key is well-protected! Requires m_sslinfo.
#autologin="on"
# sslonly: If on, this oper can only oper up if they're using a SSL connection.
text.append(UnknownIfNULL(gnutls_mac_get_name(gnutls_mac_get(sess)))).append("'");
if (!certificate->fingerprint.empty())
- text += " and your SSL fingerprint is " + certificate->fingerprint;
+ text += " and your SSL certificate fingerprint is " + certificate->fingerprint;
user->WriteNotice(text);
}
std::string text = "*** You are connected using SSL cipher '" + std::string(SSL_get_cipher(sess)) + "'";
const std::string& fingerprint = certificate->fingerprint;
if (!fingerprint.empty())
- text += " and your SSL fingerprint is " + fingerprint;
+ text += " and your SSL certificate fingerprint is " + fingerprint;
user->WriteNotice(text);
}
/* Require fingerprint to exist and match */
if (link.Fingerprint != fp)
{
- ServerInstance->SNO->WriteToSnoMask('l',"Invalid SSL fingerprint on link %s: need \"%s\" got \"%s\"",
+ ServerInstance->SNO->WriteToSnoMask('l',"Invalid SSL certificate fingerprint on link %s: need \"%s\" got \"%s\"",
link.Name.c_str(), link.Fingerprint.c_str(), fp.c_str());
- SendError("Provided invalid SSL fingerprint " + fp + " - expected " + link.Fingerprint);
+ SendError("Invalid SSL certificate fingerprint " + fp + " - expected " + link.Fingerprint);
return false;
}
}
// this time
if ((!capab->auth_fingerprint) && (!fp.empty()))
{
- ServerInstance->SNO->WriteToSnoMask('l', "SSL fingerprint for link %s is \"%s\". "
+ ServerInstance->SNO->WriteToSnoMask('l', "SSL certificate fingerprint for link %s is \"%s\". "
"You can improve security by specifying this in <link:fingerprint>.", link.Name.c_str(), fp.c_str());
}
{
ServerInstance->SNO->WriteToSnoMask('l',"Bursting to \2%s\2 (Authentication: %s%s).",
s->GetName().c_str(),
- capab->auth_fingerprint ? "SSL Fingerprint and " : "",
+ capab->auth_fingerprint ? "SSL certificate fingerprint and " : "",
capab->auth_challenge ? "challenge-response" : "plaintext password");
this->CleanNegotiationInfo();
this->WriteLine(CmdBuilder("BURST").push_int(ServerInstance->Time()));
std::string ourchallenge; /* Challenge sent for challenge/response */
std::string theirchallenge; /* Challenge recv for challenge/response */
int capab_phase; /* Have sent CAPAB already */
- bool auth_fingerprint; /* Did we auth using SSL fingerprint */
+ bool auth_fingerprint; /* Did we auth using SSL certificate fingerprint */
bool auth_challenge; /* Did we auth using challenge/response */
// Data saved from incoming SERVER command, for later use when our credentials have been accepted by the other party
std::string fingerprint;
if (ifo->oper_block->readString("fingerprint", fingerprint) && (!cert || cert->GetFingerprint() != fingerprint))
{
- user->WriteNumeric(491, ":This oper login requires a matching SSL fingerprint.");
+ user->WriteNumeric(491, ":This oper login requires a matching SSL certificate fingerprint.");
user->CommandFloodPenalty += 10000;
return MOD_RES_DENY;
}