summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--src/modules/extra/m_ssl_gnutls.cpp58
-rw-r--r--src/modules/extra/m_ssl_openssl.cpp22
-rw-r--r--src/modules/m_ssl_data.cpp22
-rw-r--r--src/modules/transport.h84
4 files changed, 47 insertions, 139 deletions
diff --git a/src/modules/extra/m_ssl_gnutls.cpp b/src/modules/extra/m_ssl_gnutls.cpp
index 8b865c559..4ff5a9062 100644
--- a/src/modules/extra/m_ssl_gnutls.cpp
+++ b/src/modules/extra/m_ssl_gnutls.cpp
@@ -749,42 +749,14 @@ class ModuleSSLGnuTLS : public Module
if (ret < 0)
{
- certinfo->data.insert(std::make_pair("error",std::string(gnutls_strerror(ret))));
+ certinfo->error = std::string(gnutls_strerror(ret));
return;
}
- if (status & GNUTLS_CERT_INVALID)
- {
- certinfo->data.insert(std::make_pair("invalid",ConvToStr(1)));
- }
- else
- {
- certinfo->data.insert(std::make_pair("invalid",ConvToStr(0)));
- }
- if (status & GNUTLS_CERT_SIGNER_NOT_FOUND)
- {
- certinfo->data.insert(std::make_pair("unknownsigner",ConvToStr(1)));
- }
- else
- {
- certinfo->data.insert(std::make_pair("unknownsigner",ConvToStr(0)));
- }
- if (status & GNUTLS_CERT_REVOKED)
- {
- certinfo->data.insert(std::make_pair("revoked",ConvToStr(1)));
- }
- else
- {
- certinfo->data.insert(std::make_pair("revoked",ConvToStr(0)));
- }
- if (status & GNUTLS_CERT_SIGNER_NOT_CA)
- {
- certinfo->data.insert(std::make_pair("trusted",ConvToStr(0)));
- }
- else
- {
- certinfo->data.insert(std::make_pair("trusted",ConvToStr(1)));
- }
+ certinfo->invalid = (status & GNUTLS_CERT_INVALID);
+ certinfo->unknownsigner = (status & GNUTLS_CERT_SIGNER_NOT_FOUND);
+ certinfo->revoked = (status & GNUTLS_CERT_REVOKED);
+ certinfo->trusted = !(status & GNUTLS_CERT_SIGNER_NOT_CA);
/* Up to here the process is the same for X.509 certificates and
* OpenPGP keys. From now on X.509 certificates are assumed. This can
@@ -792,14 +764,14 @@ class ModuleSSLGnuTLS : public Module
*/
if (gnutls_certificate_type_get(session->sess) != GNUTLS_CRT_X509)
{
- certinfo->data.insert(std::make_pair("error","No X509 keys sent"));
+ certinfo->error = "No X509 keys sent";
return;
}
ret = gnutls_x509_crt_init(&cert);
if (ret < 0)
{
- certinfo->data.insert(std::make_pair("error",gnutls_strerror(ret)));
+ certinfo->error = gnutls_strerror(ret);
return;
}
@@ -807,7 +779,7 @@ class ModuleSSLGnuTLS : public Module
cert_list = gnutls_certificate_get_peers(session->sess, &cert_list_size);
if (cert_list == NULL)
{
- certinfo->data.insert(std::make_pair("error","No certificate was found"));
+ certinfo->error = "No certificate was found";
return;
}
@@ -818,32 +790,30 @@ class ModuleSSLGnuTLS : public Module
ret = gnutls_x509_crt_import(cert, &cert_list[0], GNUTLS_X509_FMT_DER);
if (ret < 0)
{
- certinfo->data.insert(std::make_pair("error",gnutls_strerror(ret)));
+ certinfo->error = gnutls_strerror(ret);
return;
}
gnutls_x509_crt_get_dn(cert, name, &name_size);
-
- certinfo->data.insert(std::make_pair("dn",name));
+ certinfo->dn = name;
gnutls_x509_crt_get_issuer_dn(cert, name, &name_size);
-
- certinfo->data.insert(std::make_pair("issuer",name));
+ certinfo->issuer = name;
if ((ret = gnutls_x509_crt_get_fingerprint(cert, GNUTLS_DIG_MD5, digest, &digest_size)) < 0)
{
- certinfo->data.insert(std::make_pair("error",gnutls_strerror(ret)));
+ certinfo->error = gnutls_strerror(ret);
}
else
{
- certinfo->data.insert(std::make_pair("fingerprint",irc::hex(digest, digest_size)));
+ certinfo->fingerprint = irc::hex(digest, digest_size);
}
/* Beware here we do not check for errors.
*/
if ((gnutls_x509_crt_get_expiration_time(cert) < ServerInstance->Time()) || (gnutls_x509_crt_get_activation_time(cert) > ServerInstance->Time()))
{
- certinfo->data.insert(std::make_pair("error","Not activated, or expired certificate"));
+ certinfo->error = "Not activated, or expired certificate";
}
gnutls_x509_crt_deinit(cert);
diff --git a/src/modules/extra/m_ssl_openssl.cpp b/src/modules/extra/m_ssl_openssl.cpp
index f2f2801b4..6aaf8ab1f 100644
--- a/src/modules/extra/m_ssl_openssl.cpp
+++ b/src/modules/extra/m_ssl_openssl.cpp
@@ -839,38 +839,38 @@ class ModuleSSLOpenSSL : public Module
if (!cert)
{
- certinfo->data.insert(std::make_pair("error","Could not get peer certificate: "+std::string(get_error())));
+ certinfo->error = "Could not get peer certificate: "+std::string(get_error());
return;
}
- certinfo->data.insert(std::make_pair("invalid", SSL_get_verify_result(session->sess) != X509_V_OK ? ConvToStr(1) : ConvToStr(0)));
+ certinfo->invalid = (SSL_get_verify_result(session->sess) != X509_V_OK);
if (SelfSigned)
{
- certinfo->data.insert(std::make_pair("unknownsigner",ConvToStr(0)));
- certinfo->data.insert(std::make_pair("trusted",ConvToStr(1)));
+ certinfo->unknownsigner = false;
+ certinfo->trusted = true;
}
else
{
- certinfo->data.insert(std::make_pair("unknownsigner",ConvToStr(1)));
- certinfo->data.insert(std::make_pair("trusted",ConvToStr(0)));
+ certinfo->unknownsigner = true;
+ certinfo->trusted = false;
}
- certinfo->data.insert(std::make_pair("dn",std::string(X509_NAME_oneline(X509_get_subject_name(cert),0,0))));
- certinfo->data.insert(std::make_pair("issuer",std::string(X509_NAME_oneline(X509_get_issuer_name(cert),0,0))));
+ certinfo->dn = X509_NAME_oneline(X509_get_subject_name(cert),0,0);
+ certinfo->issuer = X509_NAME_oneline(X509_get_issuer_name(cert),0,0);
if (!X509_digest(cert, digest, md, &n))
{
- certinfo->data.insert(std::make_pair("error","Out of memory generating fingerprint"));
+ certinfo->error = "Out of memory generating fingerprint";
}
else
{
- certinfo->data.insert(std::make_pair("fingerprint",irc::hex(md, n)));
+ certinfo->fingerprint = irc::hex(md, n);
}
if ((ASN1_UTCTIME_cmp_time_t(X509_get_notAfter(cert), ServerInstance->Time()) == -1) || (ASN1_UTCTIME_cmp_time_t(X509_get_notBefore(cert), ServerInstance->Time()) == 0))
{
- certinfo->data.insert(std::make_pair("error","Not activated, or expired certificate"));
+ certinfo->error = "Not activated, or expired certificate";
}
X509_free(cert);
diff --git a/src/modules/m_ssl_data.cpp b/src/modules/m_ssl_data.cpp
index 0ce760971..2cc712c65 100644
--- a/src/modules/m_ssl_data.cpp
+++ b/src/modules/m_ssl_data.cpp
@@ -96,25 +96,19 @@ class ModuleSSLData : public Module
std::string v;
getline(s,v,' ');
- cert->data.insert(std::make_pair("invalid", ConvToStr(v.find('v') != std::string::npos)));
- cert->data.insert(std::make_pair("trusted", ConvToStr(v.find('T') != std::string::npos)));
- cert->data.insert(std::make_pair("revoked", ConvToStr(v.find('R') != std::string::npos)));
- cert->data.insert(std::make_pair("unknownsigner", ConvToStr(v.find('s') != std::string::npos)));
+ cert->invalid = (v.find('v') != std::string::npos);
+ cert->trusted = (v.find('T') != std::string::npos);
+ cert->revoked = (v.find('R') != std::string::npos);
+ cert->unknownsigner = (v.find('s') != std::string::npos);
if (v.find('E') != std::string::npos)
{
- getline(s,v,'\n');
- cert->data.insert(std::make_pair("error", v));
+ getline(s,cert->error,'\n');
}
else
{
- getline(s,v,' ');
- cert->data.insert(std::make_pair("fingerprint", v));
-
- getline(s,v,' ');
- cert->data.insert(std::make_pair("dn", v));
-
- getline(s,v,'\n');
- cert->data.insert(std::make_pair("issuer", v));
+ getline(s,cert->fingerprint,' ');
+ getline(s,cert->dn,' ');
+ getline(s,cert->issuer,'\n');
}
}
}
diff --git a/src/modules/transport.h b/src/modules/transport.h
index db2897508..f4cf3f4a5 100644
--- a/src/modules/transport.h
+++ b/src/modules/transport.h
@@ -17,14 +17,6 @@
#include <map>
#include <string>
-/** A generic container for certificate data
- */
-typedef std::map<std::string,std::string> ssl_data;
-
-/** A shorthand way of representing an iterator into ssl_data
- */
-typedef ssl_data::iterator ssl_data_iter;
-
/** ssl_cert is a class which abstracts SSL certificate
* and key information.
*
@@ -34,34 +26,21 @@ typedef ssl_data::iterator ssl_data_iter;
* connected local users using Extensible::Extend() and the
* key 'ssl_cert'.
*/
-class ssl_cert : public Extensible
+class ssl_cert
{
- /** Always contains an empty string
- */
- const std::string empty;
-
public:
- /** The data for this certificate
- */
- ssl_data data;
-
- /** Default constructor, initializes 'empty'
- */
- ssl_cert() : empty("")
- {
- }
+ std::string dn;
+ std::string issuer;
+ std::string error;
+ std::string fingerprint;
+ bool trusted, invalid, unknownsigner, revoked;
/** Get certificate distinguished name
* @return Certificate DN
*/
const std::string& GetDN()
{
- ssl_data_iter ssldi = data.find("dn");
-
- if (ssldi != data.end())
- return ssldi->second;
- else
- return empty;
+ return dn;
}
/** Get Certificate issuer
@@ -69,12 +48,7 @@ class ssl_cert : public Extensible
*/
const std::string& GetIssuer()
{
- ssl_data_iter ssldi = data.find("issuer");
-
- if (ssldi != data.end())
- return ssldi->second;
- else
- return empty;
+ return issuer;
}
/** Get error string if an error has occured
@@ -83,12 +57,7 @@ class ssl_cert : public Extensible
*/
const std::string& GetError()
{
- ssl_data_iter ssldi = data.find("error");
-
- if (ssldi != data.end())
- return ssldi->second;
- else
- return empty;
+ return error;
}
/** Get key fingerprint.
@@ -96,12 +65,7 @@ class ssl_cert : public Extensible
*/
const std::string& GetFingerprint()
{
- ssl_data_iter ssldi = data.find("fingerprint");
-
- if (ssldi != data.end())
- return ssldi->second;
- else
- return empty;
+ return fingerprint;
}
/** Get trust status
@@ -110,12 +74,7 @@ class ssl_cert : public Extensible
*/
bool IsTrusted()
{
- ssl_data_iter ssldi = data.find("trusted");
-
- if (ssldi != data.end())
- return (ssldi->second == "1");
- else
- return false;
+ return trusted;
}
/** Get validity status
@@ -124,12 +83,7 @@ class ssl_cert : public Extensible
*/
bool IsInvalid()
{
- ssl_data_iter ssldi = data.find("invalid");
-
- if (ssldi != data.end())
- return (ssldi->second == "1");
- else
- return false;
+ return invalid;
}
/** Get signer status
@@ -138,12 +92,7 @@ class ssl_cert : public Extensible
*/
bool IsUnknownSigner()
{
- ssl_data_iter ssldi = data.find("unknownsigner");
-
- if (ssldi != data.end())
- return (ssldi->second == "1");
- else
- return false;
+ return unknownsigner;
}
/** Get revokation status.
@@ -153,12 +102,7 @@ class ssl_cert : public Extensible
*/
bool IsRevoked()
{
- ssl_data_iter ssldi = data.find("revoked");
-
- if (ssldi != data.end())
- return (ssldi->second == "1");
- else
- return false;
+ return revoked;
}
};