diff options
| author | 2023-02-11 09:27:46 +0000 | |
|---|---|---|
| committer | 2023-02-11 09:30:22 +0000 | |
| commit | 416661d17d6797c439d80afb0681e75a3573ff80 (patch) | |
| tree | 569201242d1875e9ff14995ed319fbb94ce86b77 /src/modules/m_sslinfo.cpp | |
| parent | Add more action types to the repeat module. (diff) | |
Add an option so local non-SSL users can be seen as securely connected.
Diffstat (limited to 'src/modules/m_sslinfo.cpp')
| -rw-r--r-- | src/modules/m_sslinfo.cpp | 18 |
1 files changed, 17 insertions, 1 deletions
diff --git a/src/modules/m_sslinfo.cpp b/src/modules/m_sslinfo.cpp index 5341f5c96..2531c5201 100644 --- a/src/modules/m_sslinfo.cpp +++ b/src/modules/m_sslinfo.cpp @@ -136,6 +136,7 @@ class UserCertificateAPIImpl final public: BoolExtItem nosslext; SSLCertExt sslext; + bool localsecure; UserCertificateAPIImpl(Module* mod) : UserCertificateAPIBase(mod) @@ -162,6 +163,18 @@ public: return cert; } + bool IsSecure(User* user) override + { + auto* cert = GetCertificate(user); + if (cert) + return !!cert; + + if (localsecure) + return user->client_sa.is_local(); + + return false; + } + void SetCertificate(User* user, ssl_cert* cert) override { ServerInstance->Logs.Debug(MODNAME, "Setting TLS client certificate for {}: {}", @@ -307,15 +320,18 @@ public: { const auto& tag = ServerInstance->Config->ConfValue("sslinfo"); cmd.operonlyfp = tag->getBool("operonly"); + cmd.sslapi.localsecure = tag->getBool("localsecure", true); hash = tag->getString("hash"); } void OnWhois(Whois::Context& whois) override { + if (cmd.sslapi.IsSecure(whois.GetTarget())) + whois.SendLine(RPL_WHOISSECURE, "is using a secure connection"); + ssl_cert* cert = cmd.sslapi.GetCertificate(whois.GetTarget()); if (cert) { - whois.SendLine(RPL_WHOISSECURE, "is using a secure connection"); if ((!cmd.operonlyfp || whois.IsSelfWhois() || whois.GetSource()->IsOper()) && !cert->fingerprint.empty()) whois.SendLine(RPL_WHOISCERTFP, INSP_FORMAT("has TLS client certificate fingerprint {}", cert->fingerprint)); } |
