diff options
author | Attila Molnar <attilamolnar@hush.com> | 2015-07-06 18:38:44 +0200 |
---|---|---|
committer | Attila Molnar <attilamolnar@hush.com> | 2015-07-06 18:38:44 +0200 |
commit | 3462d802dd6d3a6cfd964bd35977fb72ad7ceb55 (patch) | |
tree | 55d59b8ed440b3468a80aaf20c8f9b6c57165b3b | |
parent | 70542e525b343c3341fb1b8ef7ffe886916f73cd (diff) |
m_ssl_openssl Unconditionally compile code for detecting renegotiation and disallow it by default
-rw-r--r-- | src/modules/extra/m_ssl_openssl.cpp | 10 |
1 files changed, 1 insertions, 9 deletions
diff --git a/src/modules/extra/m_ssl_openssl.cpp b/src/modules/extra/m_ssl_openssl.cpp index e313ca7b5..6e40f97f0 100644 --- a/src/modules/extra/m_ssl_openssl.cpp +++ b/src/modules/extra/m_ssl_openssl.cpp @@ -281,7 +281,7 @@ namespace OpenSSL , dh(ServerInstance->Config->Paths.PrependConfig(tag->getString("dhfile", "dh.pem"))) , ctx(SSL_CTX_new(SSLv23_server_method())) , clictx(SSL_CTX_new(SSLv23_client_method())) - , allowrenego(tag->getBool("renegotiation", true)) + , allowrenego(tag->getBool("renegotiation")) // Disallow by default , outrecsize(tag->getInt("outrecsize", 2048, 512, 16384)) { if ((!ctx.SetDH(dh)) || (!clictx.SetDH(dh))) @@ -483,7 +483,6 @@ class OpenSSLIOHook : public SSLIOHook X509_free(cert); } -#ifdef INSPIRCD_OPENSSL_ENABLE_RENEGO_DETECTION void SSLInfoCallback(int where, int rc) { if ((where & SSL_CB_HANDSHAKE_START) && (status == ISSL_OPEN)) @@ -508,7 +507,6 @@ class OpenSSLIOHook : public SSLIOHook sock->SetError("Renegotiation is not allowed"); return false; } -#endif // Returns 1 if application I/O should proceed, 0 if it must wait for the underlying protocol to progress, -1 on fatal error int PrepareIO(StreamSocket* sock) @@ -565,10 +563,8 @@ class OpenSSLIOHook : public SSLIOHook size_t bufsiz = ServerInstance->Config->NetBufferSize; int ret = SSL_read(sess, buffer, bufsiz); -#ifdef INSPIRCD_OPENSSL_ENABLE_RENEGO_DETECTION if (!CheckRenego(user)) return -1; -#endif if (ret > 0) { @@ -625,10 +621,8 @@ class OpenSSLIOHook : public SSLIOHook const StreamSocket::SendQueue::Element& buffer = sendq.front(); int ret = SSL_write(sess, buffer.data(), buffer.size()); -#ifdef INSPIRCD_OPENSSL_ENABLE_RENEGO_DETECTION if (!CheckRenego(user)) return -1; -#endif if (ret == (int)buffer.length()) { @@ -699,10 +693,8 @@ class OpenSSLIOHook : public SSLIOHook static void StaticSSLInfoCallback(const SSL* ssl, int where, int rc) { -#ifdef INSPIRCD_OPENSSL_ENABLE_RENEGO_DETECTION OpenSSLIOHook* hook = static_cast<OpenSSLIOHook*>(SSL_get_ex_data(ssl, exdataindex)); hook->SSLInfoCallback(where, rc); -#endif } class OpenSSLIOHookProvider : public refcountbase, public IOHookProvider |