From 0337b92c158fa662f04056343affd59315da78db Mon Sep 17 00:00:00 2001
From: Peter Powell <petpow@saberuk.com>
Date: Wed, 11 Oct 2017 12:15:05 +0100
Subject: Include connection security with the SASL host information.

See atheme/atheme@b41753f740 for more details.
---
 src/modules/m_sasl.cpp | 9 +++++++++
 1 file changed, 9 insertions(+)

(limited to 'src/modules/m_sasl.cpp')

diff --git a/src/modules/m_sasl.cpp b/src/modules/m_sasl.cpp
index 5afab9502..0ef93ec5a 100644
--- a/src/modules/m_sasl.cpp
+++ b/src/modules/m_sasl.cpp
@@ -99,6 +99,15 @@ class SaslAuthenticator
 		params.push_back(host);
 		params.push_back(ip);
 
+		LocalUser* lu = IS_LOCAL(user);
+		if (lu)
+		{
+			// NOTE: SaslAuthenticator instances are only created for local
+			// users so this parameter will always be appended.
+			SocketCertificateRequest req(&lu->eh, ServerInstance->Modules->Find("m_sasl.so"));
+			params.push_back(req.cert ? "S" : "P");
+		}
+
 		SendSASL(params);
 	}
 
-- 
cgit v1.2.3