summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorbrain <brain@e03df62e-2008-0410-955e-edbf42e46eb7>2006-09-03 20:42:16 +0000
committerbrain <brain@e03df62e-2008-0410-955e-edbf42e46eb7>2006-09-03 20:42:16 +0000
commit0000b8172e5346ee793bdee7ef21e024e95db18a (patch)
treecb2703a134c982c923e44f8d15a2175bd77b4b9c /src
parentf0101edab9503cc249c43365c764159d93ba88ee (diff)
All but cert revocation is now supported by both modules
git-svn-id: http://svn.inspircd.org/repository/trunk/inspircd@5128 e03df62e-2008-0410-955e-edbf42e46eb7
Diffstat (limited to 'src')
-rw-r--r--src/modules/extra/m_ssl_openssl.cpp29
1 files changed, 29 insertions, 0 deletions
diff --git a/src/modules/extra/m_ssl_openssl.cpp b/src/modules/extra/m_ssl_openssl.cpp
index f45334e7e..a3f54edb1 100644
--- a/src/modules/extra/m_ssl_openssl.cpp
+++ b/src/modules/extra/m_ssl_openssl.cpp
@@ -25,6 +25,8 @@
enum issl_status { ISSL_NONE, ISSL_HANDSHAKING, ISSL_OPEN };
enum issl_io_status { ISSL_WRITE, ISSL_READ };
+static bool SelfSigned = false;
+
bool isin(int port, const std::vector<int> &portlist)
{
for(unsigned int i = 0; i < portlist.size(); i++)
@@ -66,6 +68,10 @@ static int OnVerify(int preverify_ok, X509_STORE_CTX *ctx)
* we can just return preverify_ok here, and openssl
* will boot off self-signed and invalid peer certs.
*/
+ int ve = X509_STORE_CTX_get_error(ctx);
+
+ SelfSigned = (ve == X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT);
+
return 1;
}
@@ -313,6 +319,16 @@ class ModuleSSLOpenSSL : public Module
{
ServerInstance->Log(DEBUG, "m_ssl_openssl.so: OnRawSocketClose: %d", fd);
CloseSession(&sessions[fd]);
+
+ EventHandler* user = ServerInstance->SE->GetRef(fd);
+
+ if ((user) && (user->GetExt("ssl_cert", dummy)))
+ {
+ ssl_cert* tofree;
+ user->GetExt("ssl_cert", tofree);
+ delete tofree;
+ user->Shrink("ssl_cert");
+ }
}
virtual int OnRawSocketRead(int fd, char* buffer, unsigned int count, int &readresult)
@@ -698,6 +714,19 @@ class ModuleSSLOpenSSL : public Module
return;
}
+ certinfo->data.insert(std::make_pair("invalid", SSL_get_verify_result(session->sess) != X509_V_OK ? ConvToStr(1) : ConvToStr(0)));
+
+ if (SelfSigned)
+ {
+ certinfo->data.insert(std::make_pair("unknownsigner",ConvToStr(0)));
+ certinfo->data.insert(std::make_pair("trusted",ConvToStr(1)));
+ }
+ else
+ {
+ certinfo->data.insert(std::make_pair("unknownsigner",ConvToStr(1)));
+ certinfo->data.insert(std::make_pair("trusted",ConvToStr(0)));
+ }
+
/*if (!X509_verify_cert(cert))
{
certinfo->data.insert(std::make_pair("invalid",ConvToStr(1)));
generated by cgit v1.2.3 (git 2.39.1) at 2024-10-19 14:29:42 +0000