From 7cf132bc6a8251ad2d7ee73cdf5f019fe18d11a0 Mon Sep 17 00:00:00 2001 From: danieldg Date: Mon, 8 Feb 2010 19:38:54 +0000 Subject: Add to force CA verification for clients on this block git-svn-id: http://svn.inspircd.org/repository/trunk/inspircd@12401 e03df62e-2008-0410-955e-edbf42e46eb7 --- src/modules/m_sslinfo.cpp | 13 ++++++++++++- src/modules/ssl.h | 7 +++++++ 2 files changed, 19 insertions(+), 1 deletion(-) (limited to 'src') diff --git a/src/modules/m_sslinfo.cpp b/src/modules/m_sslinfo.cpp index b67498072..9ad742416 100644 --- a/src/modules/m_sslinfo.cpp +++ b/src/modules/m_sslinfo.cpp @@ -193,7 +193,18 @@ class ModuleSSLInfo : public Module ModResult OnSetConnectClass(LocalUser* user, ConnectClass* myclass) { - if (myclass->config->getBool("requiressl") && !cmd.CertExt.get(user)) + ssl_cert* cert = cmd.CertExt.get(user); + bool ok = true; + if (myclass->config->getBool("requiressl")) + { + ok = (cert != NULL); + } + else if (myclass->config->getString("requiressl") == "trusted") + { + ok = (cert && cert->IsCAVerified()); + } + + if (!ok) return MOD_RES_DENY; return MOD_RES_PASSTHRU; } diff --git a/src/modules/ssl.h b/src/modules/ssl.h index 17fa6b3f6..5b1f03627 100644 --- a/src/modules/ssl.h +++ b/src/modules/ssl.h @@ -34,6 +34,8 @@ class ssl_cert : public refcountbase std::string fingerprint; bool trusted, invalid, unknownsigner, revoked; + ssl_cert() : trusted(false), invalid(true), unknownsigner(true), revoked(false) {} + /** Get certificate distinguished name * @return Certificate DN */ @@ -104,6 +106,11 @@ class ssl_cert : public refcountbase return revoked; } + bool IsCAVerified() + { + return trusted && !invalid && !revoked && !unknownsigner && error.empty(); + } + std::string GetMetaLine() { std::stringstream value; -- cgit v1.2.3