summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--src/modules/m_spanningtree/hmac.cpp30
1 files changed, 15 insertions, 15 deletions
diff --git a/src/modules/m_spanningtree/hmac.cpp b/src/modules/m_spanningtree/hmac.cpp
index 895323a02..15cfbc37a 100644
--- a/src/modules/m_spanningtree/hmac.cpp
+++ b/src/modules/m_spanningtree/hmac.cpp
@@ -69,21 +69,6 @@ bool TreeSocket::ComparePass(const Link& link, const std::string &theirs)
capab->auth_fingerprint = !link.Fingerprint.empty();
capab->auth_challenge = !capab->ourchallenge.empty() && !capab->theirchallenge.empty();
- if (capab->auth_challenge)
- {
- std::string our_hmac = MakePass(link.RecvPass, capab->ourchallenge);
-
- /* Straight string compare of hashes */
- if (our_hmac != theirs)
- return false;
- }
- else
- {
- /* Straight string compare of plaintext */
- if (link.RecvPass != theirs)
- return false;
- }
-
std::string fp = SSLClientCert::GetFingerprint(this);
if (capab->auth_fingerprint)
{
@@ -101,5 +86,20 @@ bool TreeSocket::ComparePass(const Link& link, const std::string &theirs)
ServerInstance->SNO->WriteToSnoMask('l', "SSL fingerprint for link %s is \"%s\". "
"You can improve security by specifying this in <link:fingerprint>.", link.Name.c_str(), fp.c_str());
}
+
+ if (capab->auth_challenge)
+ {
+ std::string our_hmac = MakePass(link.RecvPass, capab->ourchallenge);
+
+ /* Straight string compare of hashes */
+ if (our_hmac != theirs)
+ return false;
+ }
+ else
+ {
+ /* Straight string compare of plaintext */
+ if (link.RecvPass != theirs)
+ return false;
+ }
return true;
}