Added stricter checking for encryption on connect, if enabled

git-svn-id: http://svn.inspircd.org/repository/trunk/inspircd@2584 e03df62e-2008-0410-955e-edbf42e46eb7

diff --git a/src/modules/m_spanningtree.cpp b/src/modules/m_spanningtree.cpp
index 6e2760e6256846834422919f3f20655885ae264f..e42a7def0f9f1347e0ec36d5d1b4bfd1ba9af822 100644 (file)
--- a/src/modules/m_spanningtree.cpp
+++ b/src/modules/m_spanningtree.cpp
@@ -1620,6 +1620,15 @@ class TreeSocket : public InspSocket
                                        this->WriteLine("ERROR :Server "+servername+" already exists on server "+CheckDupe->GetParent()->GetName()+"!");
                                        return false;
                                }
+                               /* If the config says this link is encrypted, but the remote side
+                                * hasnt bothered to send the AES command before SERVER, then we
+                                * boot them off as we MUST have this connection encrypted.
+                                */
+                               if ((x->EncryptionKey != "") && (!this->ctx))
+                               {
+                                       this->WriteLine("ERROR :This link requires AES encryption to be enabled. Plaintext connection refused.");
+                                       return false;
+                               }
                                Srv->SendOpers("*** Verified incoming server connection from \002"+servername+"\002["+this->GetIP()+"] ("+description+")");
                                this->InboundServerName = servername;
                                this->InboundDescription = description;