Add interface to SSL modules that allows other modules to obtain the raw SSL session of a socket

3 files changed, 27 insertions, 0 deletions

diff --git a/src/modules/extra/m_ssl_gnutls.cpp b/src/modules/extra/m_ssl_gnutls.cpp
index 4135194c5..cdfe00b9c 100644
--- a/src/modules/extra/m_ssl_gnutls.cpp
+++ b/src/modules/extra/m_ssl_gnutls.cpp
@@ -615,6 +615,12 @@ class ModuleSSLGnuTLS : public Module
 
 			req.cert = session->cert;
 		}
+		else if (!strcmp("GET_RAW_SSL_SESSION", request.id))
+		{
+			SSLRawSessionRequest& req = static_cast<SSLRawSessionRequest&>(request);
+			if ((req.fd >= 0) && (req.fd < ServerInstance->SE->GetMaxFds()))
+				req.data = reinterpret_cast<void*>(sessions[req.fd].sess);
+		}
 	}
 
 	void InitSession(StreamSocket* user, bool me_server)
diff --git a/src/modules/extra/m_ssl_openssl.cpp b/src/modules/extra/m_ssl_openssl.cpp
index 27cd3a2ae..9ca92fe52 100644
--- a/src/modules/extra/m_ssl_openssl.cpp
+++ b/src/modules/extra/m_ssl_openssl.cpp
@@ -392,6 +392,12 @@ class ModuleSSLOpenSSL : public Module
 
 			req.cert = session->cert;
 		}
+		else if (!strcmp("GET_RAW_SSL_SESSION", request.id))
+		{
+			SSLRawSessionRequest& req = static_cast<SSLRawSessionRequest&>(request);
+			if ((req.fd >= 0) && (req.fd < ServerInstance->SE->GetMaxFds()))
+				req.data = reinterpret_cast<void*>(sessions[req.fd].sess);
+		}
 	}
 
 	void OnStreamSocketAccept(StreamSocket* user, irc::sockets::sockaddrs* client, irc::sockets::sockaddrs* server)
diff --git a/src/modules/ssl.h b/src/modules/ssl.h
index 9deafb830..4c877551d 100644
--- a/src/modules/ssl.h
+++ b/src/modules/ssl.h
@@ -172,4 +172,19 @@ struct UserCertificateRequest : public Request
 	}
 };
 
+class SSLRawSessionRequest : public Request
+{
+ public:
+	const int fd;
+	void* data;
+
+	SSLRawSessionRequest(int FD, Module* srcmod, Module* destmod)
+		: Request(srcmod, destmod, "GET_RAW_SSL_SESSION")
+		, fd(FD)
+		, data(NULL)
+	{
+		Send();
+	}
+};
+
 #endif