From 3d0fa60ba524ce1af8056f86a126aa506f97261b Mon Sep 17 00:00:00 2001 From: Attila Molnar Date: Sat, 19 Jul 2014 14:39:04 +0200 Subject: Say "SSL certificate fingerprint" instead of "SSL fingerprint" everywhere --- docs/conf/helpop-full.conf.example | 4 ++-- docs/conf/links.conf.example | 6 +++--- docs/conf/modules.conf.example | 2 +- docs/conf/modules/charybdis.conf.example | 4 ++-- docs/conf/opers.conf.example | 8 ++++---- src/modules/extra/m_ssl_gnutls.cpp | 2 +- src/modules/extra/m_ssl_openssl.cpp | 2 +- src/modules/m_spanningtree/hmac.cpp | 6 +++--- src/modules/m_spanningtree/netburst.cpp | 2 +- src/modules/m_spanningtree/treesocket.h | 2 +- src/modules/m_sslinfo.cpp | 2 +- 11 files changed, 20 insertions(+), 20 deletions(-) diff --git a/docs/conf/helpop-full.conf.example b/docs/conf/helpop-full.conf.example index bd959f0d2..bd907cf69 100644 --- a/docs/conf/helpop-full.conf.example +++ b/docs/conf/helpop-full.conf.example @@ -1027,8 +1027,8 @@ Matching extbans: module). s:server Matches users on a matching server (requires serverban module). - z:fingerprint Matches users with a matching ssl fingerprint (requires - sslmodes module) + z:fingerprint Matches users with a matching SSL certificate fingerprint + (requires sslmodes module) O:opertype Matches IRCops of a matching type, mostly useful as an an invite exception (requires operchans module). R:account Matches users logged into a matching account (requires diff --git a/docs/conf/links.conf.example b/docs/conf/links.conf.example index dbb29f1ff..7f27affb9 100644 --- a/docs/conf/links.conf.example +++ b/docs/conf/links.conf.example @@ -46,9 +46,9 @@ ssl="gnutls" # fingerprint: If defined, this option will force servers to be - # authenticated using SSL Fingerprints. See http://wiki.inspircd.org/SSL - # for more information. This will require an SSL link for both inbound - # and outbound connections. + # authenticated using SSL certificate fingerprints. See + # http://wiki.inspircd.org/SSL for more information. This will + # require an SSL link for both inbound and outbound connections. #fingerprint="" # bind: Local IP address to bind to. diff --git a/docs/conf/modules.conf.example b/docs/conf/modules.conf.example index b96405d4c..d36c0beaa 100644 --- a/docs/conf/modules.conf.example +++ b/docs/conf/modules.conf.example @@ -1754,7 +1754,7 @@ # scripts to validate users. For this to work, one of m_ssl_gnutls.so # or m_ssl_openssl.so must be loaded. This module also adds the # "* is using a secure connection" whois line, the ability for -# opers to use SSL fingerprints to verify their identity and the +# opers to use SSL cert fingerprints to verify their identity and the # ability to force opers to use SSL connections in order to oper up. # It is highly recommended to load this module if you use SSL on your # network. diff --git a/docs/conf/modules/charybdis.conf.example b/docs/conf/modules/charybdis.conf.example index bd99f7dc2..35f55e074 100644 --- a/docs/conf/modules/charybdis.conf.example +++ b/docs/conf/modules/charybdis.conf.example @@ -270,8 +270,8 @@ # scripts to validate users. For this to work, one of m_ssl_gnutls.so # or m_ssl_openssl.so must be loaded. This module also adds the # "* is using a secure connection" whois line, the ability for -# opers to use SSL fingerprints to verify their identity and the ability -# to force opers to use SSL connections in order to oper up. +# opers to use SSL cert fingerprints to verify their identity and the +# ability to force opers to use SSL connections in order to oper up. # It is highly recommended to load this module especially if # you use SSL on your network. # For how to use the oper features, please see the first example tag diff --git a/docs/conf/opers.conf.example b/docs/conf/opers.conf.example index eef8039cb..996fded6d 100644 --- a/docs/conf/opers.conf.example +++ b/docs/conf/opers.conf.example @@ -106,10 +106,10 @@ # If m_sslinfo isn't loaded, this option will be ignored. #fingerprint="67cb9dc013248a829bb2171ed11becd4" - # autologin: If an SSL fingerprint for this oper is specified, you can - # have the oper block automatically log in. This moves all security of the - # oper block to the protection of the client certificate, so be sure that - # the private key is well-protected! Requires m_sslinfo. + # autologin: If an SSL certificate fingerprint for this oper is specified, + # you can have the oper block automatically log in. This moves all security + # of the oper block to the protection of the client certificate, so be sure + # that the private key is well-protected! Requires m_sslinfo. #autologin="on" # sslonly: If on, this oper can only oper up if they're using a SSL connection. diff --git a/src/modules/extra/m_ssl_gnutls.cpp b/src/modules/extra/m_ssl_gnutls.cpp index 462209e01..718bdd1ea 100644 --- a/src/modules/extra/m_ssl_gnutls.cpp +++ b/src/modules/extra/m_ssl_gnutls.cpp @@ -931,7 +931,7 @@ info_done_dealloc: text.append(UnknownIfNULL(gnutls_mac_get_name(gnutls_mac_get(sess)))).append("'"); if (!certificate->fingerprint.empty()) - text += " and your SSL fingerprint is " + certificate->fingerprint; + text += " and your SSL certificate fingerprint is " + certificate->fingerprint; user->WriteNotice(text); } diff --git a/src/modules/extra/m_ssl_openssl.cpp b/src/modules/extra/m_ssl_openssl.cpp index d8ea16bdf..9101ecd55 100644 --- a/src/modules/extra/m_ssl_openssl.cpp +++ b/src/modules/extra/m_ssl_openssl.cpp @@ -539,7 +539,7 @@ class OpenSSLIOHook : public SSLIOHook std::string text = "*** You are connected using SSL cipher '" + std::string(SSL_get_cipher(sess)) + "'"; const std::string& fingerprint = certificate->fingerprint; if (!fingerprint.empty()) - text += " and your SSL fingerprint is " + fingerprint; + text += " and your SSL certificate fingerprint is " + fingerprint; user->WriteNotice(text); } diff --git a/src/modules/m_spanningtree/hmac.cpp b/src/modules/m_spanningtree/hmac.cpp index 520719c5a..2001d560d 100644 --- a/src/modules/m_spanningtree/hmac.cpp +++ b/src/modules/m_spanningtree/hmac.cpp @@ -75,9 +75,9 @@ bool TreeSocket::ComparePass(const Link& link, const std::string &theirs) /* Require fingerprint to exist and match */ if (link.Fingerprint != fp) { - ServerInstance->SNO->WriteToSnoMask('l',"Invalid SSL fingerprint on link %s: need \"%s\" got \"%s\"", + ServerInstance->SNO->WriteToSnoMask('l',"Invalid SSL certificate fingerprint on link %s: need \"%s\" got \"%s\"", link.Name.c_str(), link.Fingerprint.c_str(), fp.c_str()); - SendError("Provided invalid SSL fingerprint " + fp + " - expected " + link.Fingerprint); + SendError("Invalid SSL certificate fingerprint " + fp + " - expected " + link.Fingerprint); return false; } } @@ -101,7 +101,7 @@ bool TreeSocket::ComparePass(const Link& link, const std::string &theirs) // this time if ((!capab->auth_fingerprint) && (!fp.empty())) { - ServerInstance->SNO->WriteToSnoMask('l', "SSL fingerprint for link %s is \"%s\". " + ServerInstance->SNO->WriteToSnoMask('l', "SSL certificate fingerprint for link %s is \"%s\". " "You can improve security by specifying this in .", link.Name.c_str(), fp.c_str()); } diff --git a/src/modules/m_spanningtree/netburst.cpp b/src/modules/m_spanningtree/netburst.cpp index 295646148..e42ab5e67 100644 --- a/src/modules/m_spanningtree/netburst.cpp +++ b/src/modules/m_spanningtree/netburst.cpp @@ -104,7 +104,7 @@ void TreeSocket::DoBurst(TreeServer* s) { ServerInstance->SNO->WriteToSnoMask('l',"Bursting to \2%s\2 (Authentication: %s%s).", s->GetName().c_str(), - capab->auth_fingerprint ? "SSL Fingerprint and " : "", + capab->auth_fingerprint ? "SSL certificate fingerprint and " : "", capab->auth_challenge ? "challenge-response" : "plaintext password"); this->CleanNegotiationInfo(); this->WriteLine(CmdBuilder("BURST").push_int(ServerInstance->Time())); diff --git a/src/modules/m_spanningtree/treesocket.h b/src/modules/m_spanningtree/treesocket.h index b775905c0..27c8ab275 100644 --- a/src/modules/m_spanningtree/treesocket.h +++ b/src/modules/m_spanningtree/treesocket.h @@ -73,7 +73,7 @@ struct CapabData std::string ourchallenge; /* Challenge sent for challenge/response */ std::string theirchallenge; /* Challenge recv for challenge/response */ int capab_phase; /* Have sent CAPAB already */ - bool auth_fingerprint; /* Did we auth using SSL fingerprint */ + bool auth_fingerprint; /* Did we auth using SSL certificate fingerprint */ bool auth_challenge; /* Did we auth using challenge/response */ // Data saved from incoming SERVER command, for later use when our credentials have been accepted by the other party diff --git a/src/modules/m_sslinfo.cpp b/src/modules/m_sslinfo.cpp index cac09a412..c354e4e0e 100644 --- a/src/modules/m_sslinfo.cpp +++ b/src/modules/m_sslinfo.cpp @@ -184,7 +184,7 @@ class ModuleSSLInfo : public Module std::string fingerprint; if (ifo->oper_block->readString("fingerprint", fingerprint) && (!cert || cert->GetFingerprint() != fingerprint)) { - user->WriteNumeric(491, ":This oper login requires a matching SSL fingerprint."); + user->WriteNumeric(491, ":This oper login requires a matching SSL certificate fingerprint."); user->CommandFloodPenalty += 10000; return MOD_RES_DENY; } -- cgit v1.2.3