summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAttila Molnar <attilamolnar@hush.com>2015-07-06 18:38:44 +0200
committerAttila Molnar <attilamolnar@hush.com>2015-07-06 18:38:44 +0200
commit3462d802dd6d3a6cfd964bd35977fb72ad7ceb55 (patch)
tree55d59b8ed440b3468a80aaf20c8f9b6c57165b3b
parent70542e525b343c3341fb1b8ef7ffe886916f73cd (diff)
m_ssl_openssl Unconditionally compile code for detecting renegotiation and disallow it by default
-rw-r--r--src/modules/extra/m_ssl_openssl.cpp10
1 files changed, 1 insertions, 9 deletions
diff --git a/src/modules/extra/m_ssl_openssl.cpp b/src/modules/extra/m_ssl_openssl.cpp
index e313ca7b5..6e40f97f0 100644
--- a/src/modules/extra/m_ssl_openssl.cpp
+++ b/src/modules/extra/m_ssl_openssl.cpp
@@ -281,7 +281,7 @@ namespace OpenSSL
, dh(ServerInstance->Config->Paths.PrependConfig(tag->getString("dhfile", "dh.pem")))
, ctx(SSL_CTX_new(SSLv23_server_method()))
, clictx(SSL_CTX_new(SSLv23_client_method()))
- , allowrenego(tag->getBool("renegotiation", true))
+ , allowrenego(tag->getBool("renegotiation")) // Disallow by default
, outrecsize(tag->getInt("outrecsize", 2048, 512, 16384))
{
if ((!ctx.SetDH(dh)) || (!clictx.SetDH(dh)))
@@ -483,7 +483,6 @@ class OpenSSLIOHook : public SSLIOHook
X509_free(cert);
}
-#ifdef INSPIRCD_OPENSSL_ENABLE_RENEGO_DETECTION
void SSLInfoCallback(int where, int rc)
{
if ((where & SSL_CB_HANDSHAKE_START) && (status == ISSL_OPEN))
@@ -508,7 +507,6 @@ class OpenSSLIOHook : public SSLIOHook
sock->SetError("Renegotiation is not allowed");
return false;
}
-#endif
// Returns 1 if application I/O should proceed, 0 if it must wait for the underlying protocol to progress, -1 on fatal error
int PrepareIO(StreamSocket* sock)
@@ -565,10 +563,8 @@ class OpenSSLIOHook : public SSLIOHook
size_t bufsiz = ServerInstance->Config->NetBufferSize;
int ret = SSL_read(sess, buffer, bufsiz);
-#ifdef INSPIRCD_OPENSSL_ENABLE_RENEGO_DETECTION
if (!CheckRenego(user))
return -1;
-#endif
if (ret > 0)
{
@@ -625,10 +621,8 @@ class OpenSSLIOHook : public SSLIOHook
const StreamSocket::SendQueue::Element& buffer = sendq.front();
int ret = SSL_write(sess, buffer.data(), buffer.size());
-#ifdef INSPIRCD_OPENSSL_ENABLE_RENEGO_DETECTION
if (!CheckRenego(user))
return -1;
-#endif
if (ret == (int)buffer.length())
{
@@ -699,10 +693,8 @@ class OpenSSLIOHook : public SSLIOHook
static void StaticSSLInfoCallback(const SSL* ssl, int where, int rc)
{
-#ifdef INSPIRCD_OPENSSL_ENABLE_RENEGO_DETECTION
OpenSSLIOHook* hook = static_cast<OpenSSLIOHook*>(SSL_get_ex_data(ssl, exdataindex));
hook->SSLInfoCallback(where, rc);
-#endif
}
class OpenSSLIOHookProvider : public refcountbase, public IOHookProvider