Merge branch 'master+sslconnmsg'

5 files changed, 37 insertions, 48 deletions

diff --git a/src/modules/extra/m_ssl_gnutls.cpp b/src/modules/extra/m_ssl_gnutls.cpp
index 6a653dded..a1c989163 100644
--- a/src/modules/extra/m_ssl_gnutls.cpp
+++ b/src/modules/extra/m_ssl_gnutls.cpp
@@ -1150,22 +1150,10 @@ info_done_dealloc:
 		return 1;
 	}
 
-	void TellCiphersAndFingerprint(LocalUser* user)
-	{
-		if (sess)
-		{
-			std::string text = "*** You are connected using SSL cipher '";
-			GetCiphersuite(text);
-			text += '\'';
-			if (!certificate->fingerprint.empty())
-				text += " and your SSL certificate fingerprint is " + certificate->fingerprint;
-
-			user->WriteNotice(text);
-		}
-	}
-
-	void GetCiphersuite(std::string& out) const
+	void GetCiphersuite(std::string& out) const CXX11_OVERRIDE
 	{
+		if (!IsHandshakeDone())
+			return;
 		out.append(UnknownIfNULL(gnutls_protocol_get_name(gnutls_protocol_get_version(sess)))).push_back('-');
 		out.append(UnknownIfNULL(gnutls_kx_get_name(gnutls_kx_get(sess)))).push_back('-');
 		out.append(UnknownIfNULL(gnutls_cipher_get_name(gnutls_cipher_get(sess)))).push_back('-');
@@ -1344,13 +1332,6 @@ class ModuleSSLGnuTLS : public Module
 		return Version("Provides SSL support for clients", VF_VENDOR);
 	}
 
-	void OnUserConnect(LocalUser* user) CXX11_OVERRIDE
-	{
-		IOHook* hook = user->eh.GetIOHook();
-		if (hook && hook->prov->creator == this)
-			static_cast<GnuTLSIOHook*>(hook)->TellCiphersAndFingerprint(user);
-	}
-
 	ModResult OnCheckReady(LocalUser* user) CXX11_OVERRIDE
 	{
 		if ((user->eh.GetIOHook()) && (user->eh.GetIOHook()->prov->creator == this))
diff --git a/src/modules/extra/m_ssl_openssl.cpp b/src/modules/extra/m_ssl_openssl.cpp
index c9ae14e11..80c9d9395 100644
--- a/src/modules/extra/m_ssl_openssl.cpp
+++ b/src/modules/extra/m_ssl_openssl.cpp
@@ -720,23 +720,10 @@ class OpenSSLIOHook : public SSLIOHook
 		return 1;
 	}
 
-	void TellCiphersAndFingerprint(LocalUser* user)
-	{
-		if (sess)
-		{
-			std::string text = "*** You are connected using SSL cipher '";
-			GetCiphersuite(text);
-			text += '\'';
-			const std::string& fingerprint = certificate->fingerprint;
-			if (!fingerprint.empty())
-				text += " and your SSL certificate fingerprint is " + fingerprint;
-
-			user->WriteNotice(text);
-		}
-	}
-
-	void GetCiphersuite(std::string& out) const
+	void GetCiphersuite(std::string& out) const CXX11_OVERRIDE
 	{
+		if (!IsHandshakeDone())
+			return;
 		out.append(SSL_get_version(sess)).push_back('-');
 		out.append(SSL_get_cipher(sess));
 	}
@@ -917,13 +904,6 @@ class ModuleSSLOpenSSL : public Module
 		}
 	}
 
-	void OnUserConnect(LocalUser* user) CXX11_OVERRIDE
-	{
-		IOHook* hook = user->eh.GetIOHook();
-		if (hook && hook->prov->creator == this)
-			static_cast<OpenSSLIOHook*>(hook)->TellCiphersAndFingerprint(user);
-	}
-
 	void OnCleanup(int target_type, void* item) CXX11_OVERRIDE
 	{
 		if (target_type == TYPE_USER)
diff --git a/src/modules/m_jumpserver.cpp b/src/modules/m_jumpserver.cpp
index 33b9bcd35..f59ef045d 100644
--- a/src/modules/m_jumpserver.cpp
+++ b/src/modules/m_jumpserver.cpp
@@ -140,7 +140,7 @@ class CommandJumpserver : public Command
 
 	int GetPort(LocalUser* user)
 	{
-		int p = (SSLClientCert::GetCertificate(&user->eh) ? sslport : port);
+		int p = (SSLIOHook::IsSSL(&user->eh) ? sslport : port);
 		if (p == 0)
 			p = user->GetServerPort();
 		return p;
diff --git a/src/modules/m_spanningtree/server.cpp b/src/modules/m_spanningtree/server.cpp
index bc43841c1..3000dd391 100644
--- a/src/modules/m_spanningtree/server.cpp
+++ b/src/modules/m_spanningtree/server.cpp
@@ -19,6 +19,7 @@
 
 
 #include "inspircd.h"
+#include "modules/ssl.h"
 
 #include "main.h"
 #include "utils.h"
@@ -127,6 +128,15 @@ Link* TreeSocket::AuthRemote(const parameterlist& params)
 			return NULL;
 
 		ServerInstance->SNO->WriteToSnoMask('l',"Verified server connection " + linkID + " ("+description+")");
+
+		const SSLIOHook* const ssliohook = SSLIOHook::IsSSL(this);
+		if (ssliohook)
+		{
+			std::string ciphersuite;
+			ssliohook->GetCiphersuite(ciphersuite);
+			ServerInstance->SNO->WriteToSnoMask('l', "Negotiated ciphersuite %s on link %s", ciphersuite.c_str(), x->Name.c_str());
+		}
+
 		return x;
 	}
 
diff --git a/src/modules/m_sslinfo.cpp b/src/modules/m_sslinfo.cpp
index 6a29d3bde..9682e92cf 100644
--- a/src/modules/m_sslinfo.cpp
+++ b/src/modules/m_sslinfo.cpp
@@ -209,8 +209,26 @@ class ModuleSSLInfo : public Module, public Whois::EventListener
 
 	void OnPostConnect(User* user) CXX11_OVERRIDE
 	{
-		ssl_cert *cert = cmd.CertExt.get(user);
-		if (!cert || cert->fingerprint.empty())
+		LocalUser* const localuser = IS_LOCAL(user);
+		if (!localuser)
+			return;
+
+		const SSLIOHook* const ssliohook = SSLIOHook::IsSSL(&localuser->eh);
+		if (!ssliohook)
+			return;
+
+		ssl_cert* const cert = ssliohook->GetCertificate();
+
+		{
+			std::string text = "*** You are connected using SSL cipher '";
+			ssliohook->GetCiphersuite(text);
+			text.push_back('\'');
+			if ((cert) && (!cert->GetFingerprint().empty()))
+				text.append(" and your SSL certificate fingerprint is ").append(cert->GetFingerprint());
+			user->WriteNotice(text);
+		}
+
+		if (!cert)
 			return;
 		// find an auto-oper block for this user
 		for (ServerConfig::OperIndex::const_iterator i = ServerInstance->Config->oper_blocks.begin(); i != ServerInstance->Config->oper_blocks.end(); ++i)