From: Peter Powell Date: Sun, 29 Oct 2017 11:15:47 +0000 (+0000) Subject: Add support to IOHook for retrieving the hostname sent via SNI. X-Git-Url: https://git.netwichtig.de/gitweb/?a=commitdiff_plain;h=b047c903da20862783b50af73594cce1592cbbfe;p=user%2Fhenk%2Fcode%2Finspircd.git Add support to IOHook for retrieving the hostname sent via SNI. --- diff --git a/include/modules/ssl.h b/include/modules/ssl.h index 9cc504128..d3372c509 100644 --- a/include/modules/ssl.h +++ b/include/modules/ssl.h @@ -204,6 +204,13 @@ class SSLIOHook : public IOHook * @param out String where the ciphersuite string will be appended to */ virtual void GetCiphersuite(std::string& out) const = 0; + + + /** Retrieves the name of the SSL connection which is sent via SNI. + * @param out String that the server name will be appended to. + * returns True if the server name was retrieved; otherwise, false. + */ + virtual bool GetServerName(std::string& out) const = 0; }; /** Helper functions for obtaining SSL client certificates and key fingerprints diff --git a/src/modules/extra/m_ssl_gnutls.cpp b/src/modules/extra/m_ssl_gnutls.cpp index 08b4be08f..50c847ee4 100644 --- a/src/modules/extra/m_ssl_gnutls.cpp +++ b/src/modules/extra/m_ssl_gnutls.cpp @@ -1182,6 +1182,25 @@ info_done_dealloc: out.append(UnknownIfNULL(gnutls_mac_get_name(gnutls_mac_get(sess)))); } + bool GetServerName(std::string& out) const CXX11_OVERRIDE + { + std::vector nameBuffer; + size_t nameLength = 0; + unsigned int nameType = GNUTLS_NAME_DNS; + + // First, determine the size of the hostname. + if (gnutls_server_name_get(sess, &nameBuffer[0], &nameLength, &nameType, 0) != GNUTLS_E_SHORT_MEMORY_BUFFER) + return false; + + // Then retrieve the hostname. + nameBuffer.resize(nameLength); + if (gnutls_server_name_get(sess, &nameBuffer[0], &nameLength, &nameType, 0) != GNUTLS_E_SUCCESS) + return false; + + out.append(&nameBuffer[0]); + return true; + } + GnuTLS::Profile* GetProfile() { return profile; } bool IsHandshakeDone() const { return (status == ISSL_HANDSHAKEN); } }; diff --git a/src/modules/extra/m_ssl_openssl.cpp b/src/modules/extra/m_ssl_openssl.cpp index 4c246d6f5..45a728106 100644 --- a/src/modules/extra/m_ssl_openssl.cpp +++ b/src/modules/extra/m_ssl_openssl.cpp @@ -779,6 +779,16 @@ class OpenSSLIOHook : public SSLIOHook out.append(SSL_get_cipher(sess)); } + bool GetServerName(std::string& out) const CXX11_OVERRIDE + { + const char* name = SSL_get_servername(sess, TLSEXT_NAMETYPE_host_name); + if (!name) + return false; + + out.append(name); + return true; + } + bool IsHandshakeDone() const { return (status == ISSL_OPEN); } }; diff --git a/src/modules/m_sslinfo.cpp b/src/modules/m_sslinfo.cpp index 9682e92cf..5a5b40319 100644 --- a/src/modules/m_sslinfo.cpp +++ b/src/modules/m_sslinfo.cpp @@ -220,7 +220,10 @@ class ModuleSSLInfo : public Module, public Whois::EventListener ssl_cert* const cert = ssliohook->GetCertificate(); { - std::string text = "*** You are connected using SSL cipher '"; + std::string text = "*** You are connected to "; + if (!ssliohook->GetServerName(text)) + text.append(ServerInstance->Config->ServerName); + text.append(" using SSL cipher '"); ssliohook->GetCiphersuite(text); text.push_back('\''); if ((cert) && (!cert->GetFingerprint().empty()))