summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--src/modules/extra/m_ssl_openssl.cpp15
1 files changed, 6 insertions, 9 deletions
diff --git a/src/modules/extra/m_ssl_openssl.cpp b/src/modules/extra/m_ssl_openssl.cpp
index 071c1d961..f45334e7e 100644
--- a/src/modules/extra/m_ssl_openssl.cpp
+++ b/src/modules/extra/m_ssl_openssl.cpp
@@ -61,6 +61,11 @@ public:
static int OnVerify(int preverify_ok, X509_STORE_CTX *ctx)
{
+ /* XXX: This will allow self signed certificates.
+ * In the future if we want an option to not allow this,
+ * we can just return preverify_ok here, and openssl
+ * will boot off self-signed and invalid peer certs.
+ */
return 1;
}
@@ -91,8 +96,6 @@ class ModuleSSLOpenSSL : public Module
ModuleSSLOpenSSL(InspIRCd* Me)
: Module::Module(Me)
{
-
-
culllist = new CullList(ServerInstance);
// Not rehashable...because I cba to reduce all the sizes of existing buffers.
@@ -717,16 +720,10 @@ class ModuleSSLOpenSSL : public Module
certinfo->data.insert(std::make_pair("fingerprint",irc::hex(md, n)));
}
- if ((ASN1_UTCTIME_cmp_time_t(X509_get_notAfter(cert), time(NULL)) == -1) || (ASN1_UTCTIME_cmp_time_t(X509_get_notBefore(cert), time(NULL)) == -1))
+ if ((ASN1_UTCTIME_cmp_time_t(X509_get_notAfter(cert), time(NULL)) == -1) || (ASN1_UTCTIME_cmp_time_t(X509_get_notBefore(cert), time(NULL)) == 0))
{
certinfo->data.insert(std::make_pair("error","Not activated, or expired certificate"));
}
-
- /*if (cert->name)
- {
- certinfo->data.insert(std::make_pair("dn",cert->name));
- }*/
-
}
};