summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to 'src')
-rw-r--r--src/modules/extra/m_ssl_gnutls.cpp23
-rw-r--r--src/modules/extra/m_ssl_openssl.cpp23
-rw-r--r--src/modules/m_sasl.cpp6
-rw-r--r--src/modules/m_spanningtree/hmac.cpp11
-rw-r--r--src/modules/m_sslinfo.cpp13
5 files changed, 28 insertions, 48 deletions
diff --git a/src/modules/extra/m_ssl_gnutls.cpp b/src/modules/extra/m_ssl_gnutls.cpp
index e051b34e7..3c82a5beb 100644
--- a/src/modules/extra/m_ssl_gnutls.cpp
+++ b/src/modules/extra/m_ssl_gnutls.cpp
@@ -100,7 +100,7 @@ public:
issl_session() : socket(NULL), sess(NULL) {}
};
-class GnuTLSIOHook : public IOHook
+class GnuTLSIOHook : public SSLIOHook
{
private:
void InitSession(StreamSocket* user, bool me_server)
@@ -359,7 +359,7 @@ info_done_dealloc:
int dh_bits;
GnuTLSIOHook(Module* parent)
- : IOHook(parent, "ssl/gnutls")
+ : SSLIOHook(parent, "ssl/gnutls")
{
sessions = new issl_session[ServerInstance->SE->GetMaxFds()];
}
@@ -501,6 +501,13 @@ info_done_dealloc:
return 0;
}
+ ssl_cert* GetCertificate(StreamSocket* sock) CXX11_OVERRIDE
+ {
+ int fd = sock->GetFd();
+ issl_session* session = &sessions[fd];
+ return session->cert;
+ }
+
void TellCiphersAndFingerprint(LocalUser* user)
{
const gnutls_session_t& sess = sessions[user->eh.GetFd()].sess;
@@ -895,18 +902,6 @@ class ModuleSSLGnuTLS : public Module
}
}
- void OnRequest(Request& request) CXX11_OVERRIDE
- {
- if (strcmp("GET_SSL_CERT", request.id) == 0)
- {
- SocketCertificateRequest& req = static_cast<SocketCertificateRequest&>(request);
- int fd = req.sock->GetFd();
- issl_session* session = &iohook.sessions[fd];
-
- req.cert = session->cert;
- }
- }
-
void OnUserConnect(LocalUser* user) CXX11_OVERRIDE
{
if (user->eh.GetIOHook() == &iohook)
diff --git a/src/modules/extra/m_ssl_openssl.cpp b/src/modules/extra/m_ssl_openssl.cpp
index 0c7362e6e..53c0ab875 100644
--- a/src/modules/extra/m_ssl_openssl.cpp
+++ b/src/modules/extra/m_ssl_openssl.cpp
@@ -101,7 +101,7 @@ static int OnVerify(int preverify_ok, X509_STORE_CTX *ctx)
return 1;
}
-class OpenSSLIOHook : public IOHook
+class OpenSSLIOHook : public SSLIOHook
{
private:
bool Handshake(StreamSocket* user, issl_session* session)
@@ -229,7 +229,7 @@ class OpenSSLIOHook : public IOHook
bool use_sha;
OpenSSLIOHook(Module* mod)
- : IOHook(mod, "ssl/openssl")
+ : SSLIOHook(mod, "ssl/openssl")
{
sessions = new issl_session[ServerInstance->SE->GetMaxFds()];
}
@@ -440,6 +440,13 @@ class OpenSSLIOHook : public IOHook
return 0;
}
+ ssl_cert* GetCertificate(StreamSocket* sock) CXX11_OVERRIDE
+ {
+ int fd = sock->GetFd();
+ issl_session* session = &sessions[fd];
+ return session->cert;
+ }
+
void TellCiphersAndFingerprint(LocalUser* user)
{
issl_session& s = sessions[user->eh.GetFd()];
@@ -653,18 +660,6 @@ class ModuleSSLOpenSSL : public Module
{
return Version("Provides SSL support for clients", VF_VENDOR);
}
-
- void OnRequest(Request& request) CXX11_OVERRIDE
- {
- if (strcmp("GET_SSL_CERT", request.id) == 0)
- {
- SocketCertificateRequest& req = static_cast<SocketCertificateRequest&>(request);
- int fd = req.sock->GetFd();
- issl_session* session = &iohook.sessions[fd];
-
- req.cert = session->cert;
- }
- }
};
static int error_callback(const char *str, size_t len, void *u)
diff --git a/src/modules/m_sasl.cpp b/src/modules/m_sasl.cpp
index 322a726ce..45915ab4d 100644
--- a/src/modules/m_sasl.cpp
+++ b/src/modules/m_sasl.cpp
@@ -63,10 +63,10 @@ class SaslAuthenticator
params.push_back("S");
params.push_back(method);
- if (method == "EXTERNAL" && IS_LOCAL(user_))
+ LocalUser* localuser = IS_LOCAL(user);
+ if (method == "EXTERNAL" && localuser)
{
- SocketCertificateRequest req(&((LocalUser*)user_)->eh, ServerInstance->Modules->Find("m_sasl.so"));
- std::string fp = req.GetFingerprint();
+ std::string fp = SSLClientCert::GetFingerprint(&localuser->eh);
if (fp.size())
params.push_back(fp);
diff --git a/src/modules/m_spanningtree/hmac.cpp b/src/modules/m_spanningtree/hmac.cpp
index ad632dbc7..0b96f9b26 100644
--- a/src/modules/m_spanningtree/hmac.cpp
+++ b/src/modules/m_spanningtree/hmac.cpp
@@ -69,16 +69,6 @@ bool TreeSocket::ComparePass(const Link& link, const std::string &theirs)
capab->auth_fingerprint = !link.Fingerprint.empty();
capab->auth_challenge = !capab->ourchallenge.empty() && !capab->theirchallenge.empty();
- std::string fp;
- if (GetIOHook())
- {
- SocketCertificateRequest req(this, Utils->Creator);
- if (req.cert)
- {
- fp = req.cert->GetFingerprint();
- }
- }
-
if (capab->auth_challenge)
{
std::string our_hmac = MakePass(link.RecvPass, capab->ourchallenge);
@@ -94,6 +84,7 @@ bool TreeSocket::ComparePass(const Link& link, const std::string &theirs)
return false;
}
+ std::string fp = SSLClientCert::GetFingerprint(this);
if (capab->auth_fingerprint)
{
/* Require fingerprint to exist and match */
diff --git a/src/modules/m_sslinfo.cpp b/src/modules/m_sslinfo.cpp
index 8cdaa1cde..5516af7ef 100644
--- a/src/modules/m_sslinfo.cpp
+++ b/src/modules/m_sslinfo.cpp
@@ -191,10 +191,9 @@ class ModuleSSLInfo : public Module
void OnUserConnect(LocalUser* user) CXX11_OVERRIDE
{
- SocketCertificateRequest req(&user->eh, this);
- if (!req.cert)
- return;
- cmd.CertExt.set(user, req.cert);
+ ssl_cert* cert = SSLClientCert::GetCertificate(&user->eh);
+ if (cert)
+ cmd.CertExt.set(user, cert);
}
void OnPostConnect(User* user) CXX11_OVERRIDE
@@ -214,15 +213,15 @@ class ModuleSSLInfo : public Module
ModResult OnSetConnectClass(LocalUser* user, ConnectClass* myclass) CXX11_OVERRIDE
{
- SocketCertificateRequest req(&user->eh, this);
+ ssl_cert* cert = SSLClientCert::GetCertificate(&user->eh);
bool ok = true;
if (myclass->config->getString("requiressl") == "trusted")
{
- ok = (req.cert && req.cert->IsCAVerified());
+ ok = (cert && cert->IsCAVerified());
}
else if (myclass->config->getBool("requiressl"))
{
- ok = (req.cert != NULL);
+ ok = (cert != NULL);
}
if (!ok)