diff options
| author | 2022-10-29 16:35:12 +0100 | |
|---|---|---|
| committer | 2022-10-29 16:35:12 +0100 | |
| commit | dac556b55b516ee2e322a2ffba714bc92c2bbcc1 (patch) | |
| tree | 4788086ae4dc3f14c8e324a86eab904207d6c356 /src/modules/m_ircv3_sts.cpp | |
| parent | Rename session registration to connection to avoid a semantic conflict. (diff) | |
| parent | Add a workaround for a conflict between libmysqlclient and pcre. (diff) | |
Merge branch 'insp3' into master.
Diffstat (limited to 'src/modules/m_ircv3_sts.cpp')
| -rw-r--r-- | src/modules/m_ircv3_sts.cpp | 14 |
1 files changed, 13 insertions, 1 deletions
diff --git a/src/modules/m_ircv3_sts.cpp b/src/modules/m_ircv3_sts.cpp index 2f5287248..e199b7f34 100644 --- a/src/modules/m_ircv3_sts.cpp +++ b/src/modules/m_ircv3_sts.cpp @@ -29,6 +29,7 @@ private: std::string host; std::string plaintextpolicy; std::string securepolicy; + mutable UserCertificateAPI sslapi; bool OnList(LocalUser* user) override { @@ -65,12 +66,19 @@ private: const std::string* GetValue(LocalUser* user) const override { - return SSLIOHook::IsSSL(&user->eh) ? &securepolicy : &plaintextpolicy; + if (SSLIOHook::IsSSL(&user->eh)) + return &securepolicy; // Normal SSL connection. + + if (sslapi && sslapi->GetCertificate(user)) + return &securepolicy; // Proxied SSL connection. + + return &plaintextpolicy; // Plain text connection. } public: STSCap(Module* mod) : Cap::Capability(mod, "sts") + , sslapi(mod) { DisableAutoRegister(); } @@ -136,6 +144,10 @@ private: { for (const auto& ls : ServerInstance->ports) { + // Is this listener marked as providing SSL over HAProxy? + if (!ls->bind_tag->getString("hook").empty() && ls->bind_tag->getBool("sslhook")) + return true; + // Is this listener on the right port? unsigned int saport = ls->bind_sa.port(); if (saport != port) |
