From 0c9a94ea9285d1094c031d0c4ed06326b99cf890 Mon Sep 17 00:00:00 2001 From: Attila Molnar Date: Sat, 28 Jun 2014 18:15:59 +0200 Subject: m_spanningtree Send the cert fingerprint message to opers only after successful auth --- src/modules/m_spanningtree/hmac.cpp | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) (limited to 'src/modules/m_spanningtree') diff --git a/src/modules/m_spanningtree/hmac.cpp b/src/modules/m_spanningtree/hmac.cpp index 15cfbc37a..9b368d60b 100644 --- a/src/modules/m_spanningtree/hmac.cpp +++ b/src/modules/m_spanningtree/hmac.cpp @@ -81,11 +81,6 @@ bool TreeSocket::ComparePass(const Link& link, const std::string &theirs) return false; } } - else if (!fp.empty()) - { - ServerInstance->SNO->WriteToSnoMask('l', "SSL fingerprint for link %s is \"%s\". " - "You can improve security by specifying this in .", link.Name.c_str(), fp.c_str()); - } if (capab->auth_challenge) { @@ -101,5 +96,14 @@ bool TreeSocket::ComparePass(const Link& link, const std::string &theirs) if (link.RecvPass != theirs) return false; } + + // Tell opers to set up fingerprint verification if it's not already set up and the SSL mod gave us a fingerprint + // this time + if ((!capab->auth_fingerprint) && (!fp.empty())) + { + ServerInstance->SNO->WriteToSnoMask('l', "SSL fingerprint for link %s is \"%s\". " + "You can improve security by specifying this in .", link.Name.c_str(), fp.c_str()); + } + return true; } -- cgit v1.2.3