aboutsummaryrefslogtreecommitdiff
path: root/src/modules/m_sslinfo.cpp
diff options
context:
space:
mode:
authorGravatar Sadie Powell2021-11-10 13:10:40 +0000
committerGravatar Sadie Powell2021-11-10 13:10:40 +0000
commitfddef325ba633158875a88c72de2eb3b999d71de (patch)
treeebb4ea71c247ac709c9d140e87560b656726e6bd /src/modules/m_sslinfo.cpp
parentUpdate Windows dependencies. (diff)
Implement support for WebIRC gateways sending client fingerprints.
Diffstat (limited to 'src/modules/m_sslinfo.cpp')
-rw-r--r--src/modules/m_sslinfo.cpp30
1 files changed, 25 insertions, 5 deletions
diff --git a/src/modules/m_sslinfo.cpp b/src/modules/m_sslinfo.cpp
index 8e3399e85..0fae5d821 100644
--- a/src/modules/m_sslinfo.cpp
+++ b/src/modules/m_sslinfo.cpp
@@ -252,6 +252,7 @@ class ModuleSSLInfo
{
private:
CommandSSLInfo cmd;
+ std::string hash;
bool MatchFP(ssl_cert* const cert, const std::string& fp) const
{
@@ -271,6 +272,7 @@ class ModuleSSLInfo
{
ConfigTag* tag = ServerInstance->Config->ConfValue("sslinfo");
cmd.operonlyfp = tag->getBool("operonly");
+ hash = tag->getString("hash");
}
Version GetVersion() CXX11_OVERRIDE
@@ -436,11 +438,29 @@ class ModuleSSLInfo
// Create a fake ssl_cert for the user.
ssl_cert* cert = new ssl_cert;
- cert->error = "WebIRC users can not specify valid certs yet";
- cert->invalid = true;
- cert->revoked = true;
- cert->trusted = false;
- cert->unknownsigner = true;
+ if (!hash.empty())
+ {
+ iter = flags->find("certfp-" + hash);
+ if (iter != flags->end() && !iter->second.empty())
+ {
+ // If the gateway specifies this flag we put all trust onto them
+ // for having validated the client certificate. This is probably
+ // ill-advised but there's not much else we can do.
+ cert->fingerprint = iter->second;
+ cert->dn = "(unknown)";
+ cert->invalid = false;
+ cert->issuer = "(unknown)";
+ cert->trusted = true;
+ cert->unknownsigner = false;
+ }
+ }
+
+ if (cert->fingerprint.empty())
+ {
+ cert->error = "WebIRC gateway did not send a client fingerprint";
+ cert->revoked = true;
+ }
+
cmd.sslapi.SetCertificate(user, cert);
}
};