diff options
-rw-r--r-- | src/modules/m_spanningtree/hmac.cpp | 30 |
1 files changed, 15 insertions, 15 deletions
diff --git a/src/modules/m_spanningtree/hmac.cpp b/src/modules/m_spanningtree/hmac.cpp index 895323a02..15cfbc37a 100644 --- a/src/modules/m_spanningtree/hmac.cpp +++ b/src/modules/m_spanningtree/hmac.cpp @@ -69,21 +69,6 @@ bool TreeSocket::ComparePass(const Link& link, const std::string &theirs) capab->auth_fingerprint = !link.Fingerprint.empty(); capab->auth_challenge = !capab->ourchallenge.empty() && !capab->theirchallenge.empty(); - if (capab->auth_challenge) - { - std::string our_hmac = MakePass(link.RecvPass, capab->ourchallenge); - - /* Straight string compare of hashes */ - if (our_hmac != theirs) - return false; - } - else - { - /* Straight string compare of plaintext */ - if (link.RecvPass != theirs) - return false; - } - std::string fp = SSLClientCert::GetFingerprint(this); if (capab->auth_fingerprint) { @@ -101,5 +86,20 @@ bool TreeSocket::ComparePass(const Link& link, const std::string &theirs) ServerInstance->SNO->WriteToSnoMask('l', "SSL fingerprint for link %s is \"%s\". " "You can improve security by specifying this in <link:fingerprint>.", link.Name.c_str(), fp.c_str()); } + + if (capab->auth_challenge) + { + std::string our_hmac = MakePass(link.RecvPass, capab->ourchallenge); + + /* Straight string compare of hashes */ + if (our_hmac != theirs) + return false; + } + else + { + /* Straight string compare of plaintext */ + if (link.RecvPass != theirs) + return false; + } return true; } |