From 29a569fa74177f1cf7d9a2597a46f78e88da97fe Mon Sep 17 00:00:00 2001
From: danieldg <danieldg@e03df62e-2008-0410-955e-edbf42e46eb7>
Date: Wed, 3 Feb 2010 21:43:02 +0000
Subject: Fix STARTTLS sending the 670 numeric within the SSL session, not
 prior to it

git-svn-id: http://svn.inspircd.org/repository/trunk/inspircd@12366 e03df62e-2008-0410-955e-edbf42e46eb7
---
 src/modules/extra/m_ssl_gnutls.cpp | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/src/modules/extra/m_ssl_gnutls.cpp b/src/modules/extra/m_ssl_gnutls.cpp
index 374431752..3e72fbd36 100644
--- a/src/modules/extra/m_ssl_gnutls.cpp
+++ b/src/modules/extra/m_ssl_gnutls.cpp
@@ -105,6 +105,15 @@ class CommandStartTLS : public SplitCommand
 			if (!user->eh.GetIOHook())
 			{
 				user->WriteNumeric(670, "%s :STARTTLS successful, go ahead with TLS handshake", user->nick.c_str());
+				/* We need to flush the write buffer prior to adding the IOHook,
+				 * otherwise we'll be sending this line inside the SSL session - which
+				 * won't start its handshake until the client gets this line. Currently,
+				 * we assume the write will not block here; this is usually safe, as
+				 * STARTTLS is sent very early on in the registration phase, where the
+				 * user hasn't built up much sendq. Handling a blocked write here would
+				 * be very annoying.
+				 */
+				user->eh.DoWrite();
 				user->eh.AddIOHook(creator);
 				creator->OnStreamSocketAccept(&user->eh, NULL, NULL);
 			}
-- 
cgit v1.2.3