From: Attila Molnar <attilamolnar@hush.com>
Date: Sat, 19 Jul 2014 12:39:04 +0000 (+0200)
Subject: Say "SSL certificate fingerprint" instead of "SSL fingerprint" everywhere
X-Git-Url: https://git.netwichtig.de/gitweb/?a=commitdiff_plain;h=3d0fa60ba524ce1af8056f86a126aa506f97261b;p=user%2Fhenk%2Fcode%2Finspircd.git

Say "SSL certificate fingerprint" instead of "SSL fingerprint" everywhere
---

diff --git a/docs/conf/helpop-full.conf.example b/docs/conf/helpop-full.conf.example
index bd959f0d2..bd907cf69 100644
--- a/docs/conf/helpop-full.conf.example
+++ b/docs/conf/helpop-full.conf.example
@@ -1027,8 +1027,8 @@ Matching extbans:
                module).
  s:server      Matches users on a matching server (requires serverban
                module).
- z:fingerprint Matches users with a matching ssl fingerprint (requires
-               sslmodes module)
+ z:fingerprint Matches users with a matching SSL certificate fingerprint
+               (requires sslmodes module)
  O:opertype    Matches IRCops of a matching type, mostly useful as an
                an invite exception (requires operchans module).
  R:account     Matches users logged into a matching account (requires
diff --git a/docs/conf/links.conf.example b/docs/conf/links.conf.example
index dbb29f1ff..7f27affb9 100644
--- a/docs/conf/links.conf.example
+++ b/docs/conf/links.conf.example
@@ -46,9 +46,9 @@
       ssl="gnutls"
 
       # fingerprint: If defined, this option will force servers to be
-      # authenticated using SSL Fingerprints. See http://wiki.inspircd.org/SSL
-      # for more information. This will require an SSL link for both inbound
-      # and outbound connections.
+      # authenticated using SSL certificate fingerprints. See
+      # http://wiki.inspircd.org/SSL for more information. This will
+      # require an SSL link for both inbound and outbound connections.
       #fingerprint=""
 
       # bind: Local IP address to bind to.
diff --git a/docs/conf/modules.conf.example b/docs/conf/modules.conf.example
index b96405d4c..d36c0beaa 100644
--- a/docs/conf/modules.conf.example
+++ b/docs/conf/modules.conf.example
@@ -1754,7 +1754,7 @@
 # scripts to validate users. For this to work, one of m_ssl_gnutls.so
 # or m_ssl_openssl.so must be loaded. This module also adds the
 # "* <user> is using a secure connection" whois line, the ability for
-# opers to use SSL fingerprints to verify their identity and the
+# opers to use SSL cert fingerprints to verify their identity and the
 # ability to force opers to use SSL connections in order to oper up.
 # It is highly recommended to load this module if you use SSL on your
 # network.
diff --git a/docs/conf/modules/charybdis.conf.example b/docs/conf/modules/charybdis.conf.example
index bd99f7dc2..35f55e074 100644
--- a/docs/conf/modules/charybdis.conf.example
+++ b/docs/conf/modules/charybdis.conf.example
@@ -270,8 +270,8 @@
 # scripts to validate users. For this to work, one of m_ssl_gnutls.so
 # or m_ssl_openssl.so must be loaded. This module also adds the 
 # "* <user> is using a secure connection" whois line, the ability for
-# opers to use SSL fingerprints to verify their identity and the ability
-# to force opers to use SSL connections in order to oper up.
+# opers to use SSL cert fingerprints to verify their identity and the
+# ability to force opers to use SSL connections in order to oper up.
 # It is highly recommended to load this module especially if
 # you use SSL on your network.
 # For how to use the oper features, please see the first example <oper> tag
diff --git a/docs/conf/opers.conf.example b/docs/conf/opers.conf.example
index eef8039cb..996fded6d 100644
--- a/docs/conf/opers.conf.example
+++ b/docs/conf/opers.conf.example
@@ -106,10 +106,10 @@
       # If m_sslinfo isn't loaded, this option will be ignored.
       #fingerprint="67cb9dc013248a829bb2171ed11becd4"
 
-      # autologin: If an SSL fingerprint for this oper is specified, you can
-      # have the oper block automatically log in. This moves all security of the
-      # oper block to the protection of the client certificate, so be sure that
-      # the private key is well-protected! Requires m_sslinfo.
+      # autologin: If an SSL certificate fingerprint for this oper is specified,
+      # you can have the oper block automatically log in. This moves all security
+      # of the oper block to the protection of the client certificate, so be sure
+      # that the private key is well-protected! Requires m_sslinfo.
       #autologin="on"
 
       # sslonly: If on, this oper can only oper up if they're using a SSL connection.
diff --git a/src/modules/extra/m_ssl_gnutls.cpp b/src/modules/extra/m_ssl_gnutls.cpp
index 462209e01..718bdd1ea 100644
--- a/src/modules/extra/m_ssl_gnutls.cpp
+++ b/src/modules/extra/m_ssl_gnutls.cpp
@@ -931,7 +931,7 @@ info_done_dealloc:
 			text.append(UnknownIfNULL(gnutls_mac_get_name(gnutls_mac_get(sess)))).append("'");
 
 			if (!certificate->fingerprint.empty())
-				text += " and your SSL fingerprint is " + certificate->fingerprint;
+				text += " and your SSL certificate fingerprint is " + certificate->fingerprint;
 
 			user->WriteNotice(text);
 		}
diff --git a/src/modules/extra/m_ssl_openssl.cpp b/src/modules/extra/m_ssl_openssl.cpp
index d8ea16bdf..9101ecd55 100644
--- a/src/modules/extra/m_ssl_openssl.cpp
+++ b/src/modules/extra/m_ssl_openssl.cpp
@@ -539,7 +539,7 @@ class OpenSSLIOHook : public SSLIOHook
 			std::string text = "*** You are connected using SSL cipher '" + std::string(SSL_get_cipher(sess)) + "'";
 			const std::string& fingerprint = certificate->fingerprint;
 			if (!fingerprint.empty())
-				text += " and your SSL fingerprint is " + fingerprint;
+				text += " and your SSL certificate fingerprint is " + fingerprint;
 
 			user->WriteNotice(text);
 		}
diff --git a/src/modules/m_spanningtree/hmac.cpp b/src/modules/m_spanningtree/hmac.cpp
index 520719c5a..2001d560d 100644
--- a/src/modules/m_spanningtree/hmac.cpp
+++ b/src/modules/m_spanningtree/hmac.cpp
@@ -75,9 +75,9 @@ bool TreeSocket::ComparePass(const Link& link, const std::string &theirs)
 		/* Require fingerprint to exist and match */
 		if (link.Fingerprint != fp)
 		{
-			ServerInstance->SNO->WriteToSnoMask('l',"Invalid SSL fingerprint on link %s: need \"%s\" got \"%s\"",
+			ServerInstance->SNO->WriteToSnoMask('l',"Invalid SSL certificate fingerprint on link %s: need \"%s\" got \"%s\"",
 				link.Name.c_str(), link.Fingerprint.c_str(), fp.c_str());
-			SendError("Provided invalid SSL fingerprint " + fp + " - expected " + link.Fingerprint);
+			SendError("Invalid SSL certificate fingerprint " + fp + " - expected " + link.Fingerprint);
 			return false;
 		}
 	}
@@ -101,7 +101,7 @@ bool TreeSocket::ComparePass(const Link& link, const std::string &theirs)
 	// this time
 	if ((!capab->auth_fingerprint) && (!fp.empty()))
 	{
-		ServerInstance->SNO->WriteToSnoMask('l', "SSL fingerprint for link %s is \"%s\". "
+		ServerInstance->SNO->WriteToSnoMask('l', "SSL certificate fingerprint for link %s is \"%s\". "
 			"You can improve security by specifying this in <link:fingerprint>.", link.Name.c_str(), fp.c_str());
 	}
 
diff --git a/src/modules/m_spanningtree/netburst.cpp b/src/modules/m_spanningtree/netburst.cpp
index 295646148..e42ab5e67 100644
--- a/src/modules/m_spanningtree/netburst.cpp
+++ b/src/modules/m_spanningtree/netburst.cpp
@@ -104,7 +104,7 @@ void TreeSocket::DoBurst(TreeServer* s)
 {
 	ServerInstance->SNO->WriteToSnoMask('l',"Bursting to \2%s\2 (Authentication: %s%s).",
 		s->GetName().c_str(),
-		capab->auth_fingerprint ? "SSL Fingerprint and " : "",
+		capab->auth_fingerprint ? "SSL certificate fingerprint and " : "",
 		capab->auth_challenge ? "challenge-response" : "plaintext password");
 	this->CleanNegotiationInfo();
 	this->WriteLine(CmdBuilder("BURST").push_int(ServerInstance->Time()));
diff --git a/src/modules/m_spanningtree/treesocket.h b/src/modules/m_spanningtree/treesocket.h
index b775905c0..27c8ab275 100644
--- a/src/modules/m_spanningtree/treesocket.h
+++ b/src/modules/m_spanningtree/treesocket.h
@@ -73,7 +73,7 @@ struct CapabData
 	std::string ourchallenge;		/* Challenge sent for challenge/response */
 	std::string theirchallenge;		/* Challenge recv for challenge/response */
 	int capab_phase;			/* Have sent CAPAB already */
-	bool auth_fingerprint;			/* Did we auth using SSL fingerprint */
+	bool auth_fingerprint;			/* Did we auth using SSL certificate fingerprint */
 	bool auth_challenge;			/* Did we auth using challenge/response */
 
 	// Data saved from incoming SERVER command, for later use when our credentials have been accepted by the other party
diff --git a/src/modules/m_sslinfo.cpp b/src/modules/m_sslinfo.cpp
index cac09a412..c354e4e0e 100644
--- a/src/modules/m_sslinfo.cpp
+++ b/src/modules/m_sslinfo.cpp
@@ -184,7 +184,7 @@ class ModuleSSLInfo : public Module
 				std::string fingerprint;
 				if (ifo->oper_block->readString("fingerprint", fingerprint) && (!cert || cert->GetFingerprint() != fingerprint))
 				{
-					user->WriteNumeric(491, ":This oper login requires a matching SSL fingerprint.");
+					user->WriteNumeric(491, ":This oper login requires a matching SSL certificate fingerprint.");
 					user->CommandFloodPenalty += 10000;
 					return MOD_RES_DENY;
 				}