From ccebfe6e637b420bef05e8e0faf29bb19f1883d9 Mon Sep 17 00:00:00 2001 From: Matt Schatz Date: Sun, 12 Apr 2020 22:56:10 -0600 Subject: Update user-facing text and comments of SSL to TLS. --- src/modules/extra/m_ssl_gnutls.cpp | 16 ++++++++-------- src/modules/extra/m_ssl_mbedtls.cpp | 16 ++++++++-------- src/modules/extra/m_ssl_openssl.cpp | 14 +++++++------- src/modules/extra/m_sslrehashsignal.cpp | 2 +- src/modules/m_haproxy.cpp | 6 +++--- src/modules/m_ircv3_sts.cpp | 4 ++-- src/modules/m_sslinfo.cpp | 16 +++++++++------- src/modules/m_sslmodes.cpp | 10 +++++----- src/modules/m_starttls.cpp | 2 +- 9 files changed, 44 insertions(+), 42 deletions(-) (limited to 'src/modules') diff --git a/src/modules/extra/m_ssl_gnutls.cpp b/src/modules/extra/m_ssl_gnutls.cpp index 4d9216123..6cafcae22 100644 --- a/src/modules/extra/m_ssl_gnutls.cpp +++ b/src/modules/extra/m_ssl_gnutls.cpp @@ -907,7 +907,7 @@ info_done_dealloc: } CloseSession(); - sock->SetError("No SSL session"); + sock->SetError("No TLS (SSL) session"); return -1; } @@ -1291,7 +1291,7 @@ class ModuleSSLGnuTLS : public Module { // First, store all profiles in a new, temporary container. If no problems occur, swap the two // containers; this way if something goes wrong we can go back and continue using the current profiles, - // avoiding unpleasant situations where no new SSL connections are possible. + // avoiding unpleasant situations where no new TLS (SSL) connections are possible. ProfileList newprofiles; ConfigTagList tags = ServerInstance->Config->ConfTags("sslprofile"); @@ -1309,7 +1309,7 @@ class ModuleSSLGnuTLS : public Module } catch (CoreException& ex) { - throw ModuleException("Error while initializing the default SSL profile - " + ex.GetReason()); + throw ModuleException("Error while initializing the default TLS (SSL) profile - " + ex.GetReason()); } } @@ -1334,7 +1334,7 @@ class ModuleSSLGnuTLS : public Module } catch (CoreException& ex) { - throw ModuleException("Error while initializing SSL profile \"" + name + "\" at " + tag->getTagLocation() + " - " + ex.GetReason()); + throw ModuleException("Error while initializing TLS (SSL) profile \"" + name + "\" at " + tag->getTagLocation() + " - " + ex.GetReason()); } newprofiles.push_back(prov); @@ -1375,7 +1375,7 @@ class ModuleSSLGnuTLS : public Module try { ReadProfiles(); - ServerInstance->SNO->WriteToSnoMask('a', "SSL module %s rehashed.", MODNAME); + ServerInstance->SNO->WriteToSnoMask('a', "TLS (SSL) module GnuTLS rehashed."); } catch (ModuleException& ex) { @@ -1396,9 +1396,9 @@ class ModuleSSLGnuTLS : public Module if ((user) && (user->eh.GetModHook(this))) { - // User is using SSL, they're a local user, and they're using one of *our* SSL ports. - // Potentially there could be multiple SSL modules loaded at once on different ports. - ServerInstance->Users->QuitUser(user, "SSL module unloading"); + // User is using TLS (SSL), they're a local user, and they're using one of *our* TLS (SSL) ports. + // Potentially there could be multiple TLS (SSL) modules loaded at once on different ports. + ServerInstance->Users->QuitUser(user, "GnuTLS module unloading"); } } } diff --git a/src/modules/extra/m_ssl_mbedtls.cpp b/src/modules/extra/m_ssl_mbedtls.cpp index dded7e171..628230d29 100644 --- a/src/modules/extra/m_ssl_mbedtls.cpp +++ b/src/modules/extra/m_ssl_mbedtls.cpp @@ -586,7 +586,7 @@ class mbedTLSIOHook : public SSLIOHook } CloseSession(); - sock->SetError("No SSL session"); + sock->SetError("No TLS (SSL) session"); return -1; } @@ -865,7 +865,7 @@ class ModuleSSLmbedTLS : public Module { // First, store all profiles in a new, temporary container. If no problems occur, swap the two // containers; this way if something goes wrong we can go back and continue using the current profiles, - // avoiding unpleasant situations where no new SSL connections are possible. + // avoiding unpleasant situations where no new TLS (SSL) connections are possible. ProfileList newprofiles; ConfigTagList tags = ServerInstance->Config->ConfTags("sslprofile"); @@ -883,7 +883,7 @@ class ModuleSSLmbedTLS : public Module } catch (CoreException& ex) { - throw ModuleException("Error while initializing the default SSL profile - " + ex.GetReason()); + throw ModuleException("Error while initializing the default TLS (SSL) profile - " + ex.GetReason()); } } @@ -908,7 +908,7 @@ class ModuleSSLmbedTLS : public Module } catch (CoreException& ex) { - throw ModuleException("Error while initializing SSL profile \"" + name + "\" at " + tag->getTagLocation() + " - " + ex.GetReason()); + throw ModuleException("Error while initializing TLS (SSL) profile \"" + name + "\" at " + tag->getTagLocation() + " - " + ex.GetReason()); } newprofiles.push_back(prov); @@ -945,7 +945,7 @@ class ModuleSSLmbedTLS : public Module try { ReadProfiles(); - ServerInstance->SNO->WriteToSnoMask('a', "SSL module %s rehashed.", MODNAME); + ServerInstance->SNO->WriteToSnoMask('a', "TLS (SSL) module mbedTLS rehashed."); } catch (ModuleException& ex) { @@ -961,9 +961,9 @@ class ModuleSSLmbedTLS : public Module LocalUser* user = IS_LOCAL(static_cast(item)); if ((user) && (user->eh.GetModHook(this))) { - // User is using SSL, they're a local user, and they're using our IOHook. - // Potentially there could be multiple SSL modules loaded at once on different ports. - ServerInstance->Users.QuitUser(user, "SSL module unloading"); + // User is using TLS (SSL), they're a local user, and they're using our IOHook. + // Potentially there could be multiple TLS (SSL) modules loaded at once on different ports. + ServerInstance->Users.QuitUser(user, "mbedTLS module unloading"); } } diff --git a/src/modules/extra/m_ssl_openssl.cpp b/src/modules/extra/m_ssl_openssl.cpp index 330055e4a..30cabdf27 100644 --- a/src/modules/extra/m_ssl_openssl.cpp +++ b/src/modules/extra/m_ssl_openssl.cpp @@ -251,7 +251,7 @@ namespace OpenSSL X509_STORE* store = SSL_CTX_get_cert_store(ctx); if (!store) { - throw ModuleException("Unable to get X509_STORE from SSL context; this should never happen"); + throw ModuleException("Unable to get X509_STORE from TLS (SSL) context; this should never happen"); } ERR_clear_error(); if (!X509_STORE_load_locations(store, @@ -987,7 +987,7 @@ class ModuleSSLOpenSSL : public Module } catch (OpenSSL::Exception& ex) { - throw ModuleException("Error while initializing the default SSL profile - " + ex.GetReason()); + throw ModuleException("Error while initializing the default TLS (SSL) profile - " + ex.GetReason()); } } @@ -1011,7 +1011,7 @@ class ModuleSSLOpenSSL : public Module } catch (CoreException& ex) { - throw ModuleException("Error while initializing SSL profile \"" + name + "\" at " + tag->getTagLocation() + " - " + ex.GetReason()); + throw ModuleException("Error while initializing TLS (SSL) profile \"" + name + "\" at " + tag->getTagLocation() + " - " + ex.GetReason()); } newprofiles.push_back(prov); @@ -1062,7 +1062,7 @@ class ModuleSSLOpenSSL : public Module try { ReadProfiles(); - ServerInstance->SNO->WriteToSnoMask('a', "SSL module %s rehashed.", MODNAME); + ServerInstance->SNO->WriteToSnoMask('a', "TLS (SSL) module OpenSSL rehashed."); } catch (ModuleException& ex) { @@ -1078,9 +1078,9 @@ class ModuleSSLOpenSSL : public Module if ((user) && (user->eh.GetModHook(this))) { - // User is using SSL, they're a local user, and they're using one of *our* SSL ports. - // Potentially there could be multiple SSL modules loaded at once on different ports. - ServerInstance->Users->QuitUser(user, "SSL module unloading"); + // User is using TLS (SSL), they're a local user, and they're using one of *our* TLS (SSL) ports. + // Potentially there could be multiple TLS (SSL) modules loaded at once on different ports. + ServerInstance->Users->QuitUser(user, "OpenSSL module unloading"); } } } diff --git a/src/modules/extra/m_sslrehashsignal.cpp b/src/modules/extra/m_sslrehashsignal.cpp index c0cf8fada..b70deedfa 100644 --- a/src/modules/extra/m_sslrehashsignal.cpp +++ b/src/modules/extra/m_sslrehashsignal.cpp @@ -45,7 +45,7 @@ class ModuleSSLRehashSignal : public Module if (!signaled) return; - const std::string feedbackmsg = "Got SIGUSR1, reloading SSL credentials"; + const std::string feedbackmsg = "Got SIGUSR1, reloading TLS (SSL) credentials"; ServerInstance->SNO->WriteGlobalSno('a', feedbackmsg); ServerInstance->Logs->Log(MODNAME, LOG_DEFAULT, feedbackmsg); diff --git a/src/modules/m_haproxy.cpp b/src/modules/m_haproxy.cpp index f18738779..1a6583e6f 100644 --- a/src/modules/m_haproxy.cpp +++ b/src/modules/m_haproxy.cpp @@ -200,16 +200,16 @@ class HAProxyHook : public IOHookMiddle if (!sslapi) return true; - // If the client is not connecting via SSL the rest of this TLV is irrelevant. + // If the client is not connecting via TLS (SSL) the rest of this TLV is irrelevant. std::string& recvq = GetRecvQ(); if ((recvq[start_index] & PP2_CLIENT_SSL) == 0) return true; // Create a fake ssl_cert for the user. Ideally we should use the user's - // SSL client certificate here but as of 2018-10-16 this is not forwarded + // TLS (SSL) client certificate here but as of 2018-10-16 this is not forwarded // by HAProxy. ssl_cert* cert = new ssl_cert; - cert->error = "HAProxy does not forward client SSL certificates"; + cert->error = "HAProxy does not forward client TLS (SSL) certificates"; cert->invalid = true; cert->revoked = true; cert->trusted = false; diff --git a/src/modules/m_ircv3_sts.cpp b/src/modules/m_ircv3_sts.cpp index 6d616f74e..bca378f24 100644 --- a/src/modules/m_ircv3_sts.cpp +++ b/src/modules/m_ircv3_sts.cpp @@ -128,7 +128,7 @@ class ModuleIRCv3STS : public Module private: STSCap cap; - // The IRCv3 STS specification requires that the server is listening using SSL using a valid certificate. + // The IRCv3 STS specification requires that the server is listening using TLS (SSL) using a valid certificate. bool HasValidSSLPort(unsigned int port) { for (std::vector::const_iterator iter = ServerInstance->ports.begin(); iter != ServerInstance->ports.end(); ++iter) @@ -140,7 +140,7 @@ class ModuleIRCv3STS : public Module if (saport != port) continue; - // Is this listener using SSL? + // Is this listener using TLS (SSL)? if (ls->bind_tag->getString("ssl").empty()) continue; diff --git a/src/modules/m_sslinfo.cpp b/src/modules/m_sslinfo.cpp index 4f784c87c..885ae6f74 100644 --- a/src/modules/m_sslinfo.cpp +++ b/src/modules/m_sslinfo.cpp @@ -138,7 +138,7 @@ class UserCertificateAPIImpl : public UserCertificateAPIBase void SetCertificate(User* user, ssl_cert* cert) CXX11_OVERRIDE { - ServerInstance->Logs->Log(MODNAME, LOG_DEBUG, "Setting SSL certificate for %s: %s", + ServerInstance->Logs->Log(MODNAME, LOG_DEBUG, "Setting TLS (SSL) client certificate for %s: %s", user->GetFullHost().c_str(), cert->GetMetaLine().c_str()); sslext.set(user, cert); } @@ -165,20 +165,22 @@ class CommandSSLInfo : public Command user->WriteNumeric(Numerics::NoSuchNick(parameters[0])); return CMD_FAILURE; } + bool operonlyfp = ServerInstance->Config->ConfValue("sslinfo")->getBool("operonly"); if (operonlyfp && !user->IsOper() && target != user) { - user->WriteNotice("*** You cannot view SSL certificate information for other users"); + user->WriteNotice("*** You cannot view TLS (SSL) client certificate information for other users"); return CMD_FAILURE; } + ssl_cert* cert = sslapi.GetCertificate(target); if (!cert) { - user->WriteNotice("*** No SSL certificate for this user"); + user->WriteNotice("*** No TLS (SSL) client certificate for this user"); } else if (cert->GetError().length()) { - user->WriteNotice("*** No SSL certificate information for this user (" + cert->GetError() + ")."); + user->WriteNotice("*** No TLS (SSL) client certificate information for this user (" + cert->GetError() + ")."); } else { @@ -226,7 +228,7 @@ class ModuleSSLInfo whois.SendLine(RPL_WHOISSECURE, "is using a secure connection"); bool operonlyfp = ServerInstance->Config->ConfValue("sslinfo")->getBool("operonly"); if ((!operonlyfp || whois.IsSelfWhois() || whois.GetSource()->IsOper()) && !cert->fingerprint.empty()) - whois.SendLine(RPL_WHOISCERTFP, InspIRCd::Format("has client certificate fingerprint %s", cert->fingerprint.c_str())); + whois.SendLine(RPL_WHOISCERTFP, InspIRCd::Format("has TLS (SSL) client certificate fingerprint %s", cert->fingerprint.c_str())); } } @@ -320,12 +322,12 @@ class ModuleSSLInfo if (stdalgo::string::equalsci(requiressl, "trusted")) { ok = (cert && cert->IsCAVerified()); - ServerInstance->Logs->Log("CONNECTCLASS", LOG_DEBUG, "Class requires a trusted SSL cert. Client %s one.", (ok ? "has" : "does not have")); + ServerInstance->Logs->Log("CONNECTCLASS", LOG_DEBUG, "Class requires a trusted TLS (SSL) client certificate. Client %s one.", (ok ? "has" : "does not have")); } else if (myclass->config->getBool("requiressl")) { ok = (cert != NULL); - ServerInstance->Logs->Log("CONNECTCLASS", LOG_DEBUG, "Class requires SSL. Client %s using SSL.", (ok ? "is" : "is not")); + ServerInstance->Logs->Log("CONNECTCLASS", LOG_DEBUG, "Class requires a secure connection. Client %s on a secure connection.", (ok ? "is" : "is not")); } if (!ok) diff --git a/src/modules/m_sslmodes.cpp b/src/modules/m_sslmodes.cpp index 27f7a4af1..5c7f1fca1 100644 --- a/src/modules/m_sslmodes.cpp +++ b/src/modules/m_sslmodes.cpp @@ -60,7 +60,7 @@ class SSLMode : public ModeHandler { if (!API) { - source->WriteNumeric(ERR_ALLMUSTSSL, channel->name, "Unable to determine whether all members of the channel are connected via SSL"); + source->WriteNumeric(ERR_ALLMUSTSSL, channel->name, "Unable to determine whether all members of the channel are connected via TLS (SSL)"); return MODEACTION_DENY; } @@ -75,7 +75,7 @@ class SSLMode : public ModeHandler if (nonssl) { - source->WriteNumeric(ERR_ALLMUSTSSL, channel->name, InspIRCd::Format("All members of the channel must be connected via SSL (%lu/%lu are non-SSL)", + source->WriteNumeric(ERR_ALLMUSTSSL, channel->name, InspIRCd::Format("All members of the channel must be connected via TLS (SSL) (%lu/%lu are non-TLS (SSL))", nonssl, static_cast(userlist.size()))); return MODEACTION_DENY; } @@ -167,13 +167,13 @@ class ModuleSSLModes { if (!api) { - user->WriteNumeric(ERR_SECUREONLYCHAN, cname, "Cannot join channel; unable to determine if you are an SSL user (+z is set)"); + user->WriteNumeric(ERR_SECUREONLYCHAN, cname, "Cannot join channel; unable to determine if you are a TLS (SSL) user (+z is set)"); return MOD_RES_DENY; } if (!api->GetCertificate(user)) { - user->WriteNumeric(ERR_SECUREONLYCHAN, cname, "Cannot join channel; SSL users only (+z is set)"); + user->WriteNumeric(ERR_SECUREONLYCHAN, cname, "Cannot join channel; TLS (SSL) users only (+z is set)"); return MOD_RES_DENY; } } @@ -243,7 +243,7 @@ class ModuleSSLModes Version GetVersion() CXX11_OVERRIDE { - return Version("Adds channel mode z (sslonly) which prevents users who are not connecting using TLS (SSL) from joining the channel and user mode z (sslqueries) to prevent messages from non-SSL users.", VF_VENDOR); + return Version("Adds channel mode z (sslonly) which prevents users who are not connecting using TLS (SSL) from joining the channel and user mode z (sslqueries) to prevent messages from non-TLS (SSL) users.", VF_VENDOR); } }; diff --git a/src/modules/m_starttls.cpp b/src/modules/m_starttls.cpp index 5280146cc..35e9985e9 100644 --- a/src/modules/m_starttls.cpp +++ b/src/modules/m_starttls.cpp @@ -65,7 +65,7 @@ class CommandStartTLS : public SplitCommand user->WriteNumeric(RPL_STARTTLS, "STARTTLS successful, go ahead with TLS handshake"); /* We need to flush the write buffer prior to adding the IOHook, - * otherwise we'll be sending this line inside the SSL session - which + * otherwise we'll be sending this line inside the TLS (SSL) session - which * won't start its handshake until the client gets this line. Currently, * we assume the write will not block here; this is usually safe, as * STARTTLS is sent very early on in the registration phase, where the -- cgit v1.2.3