diff options
| author | 2021-11-10 13:10:40 +0000 | |
|---|---|---|
| committer | 2021-11-10 13:10:40 +0000 | |
| commit | fddef325ba633158875a88c72de2eb3b999d71de (patch) | |
| tree | ebb4ea71c247ac709c9d140e87560b656726e6bd /src/modules/m_sslinfo.cpp | |
| parent | Update Windows dependencies. (diff) | |
Implement support for WebIRC gateways sending client fingerprints.
Diffstat (limited to 'src/modules/m_sslinfo.cpp')
| -rw-r--r-- | src/modules/m_sslinfo.cpp | 30 |
1 files changed, 25 insertions, 5 deletions
diff --git a/src/modules/m_sslinfo.cpp b/src/modules/m_sslinfo.cpp index 8e3399e85..0fae5d821 100644 --- a/src/modules/m_sslinfo.cpp +++ b/src/modules/m_sslinfo.cpp @@ -252,6 +252,7 @@ class ModuleSSLInfo { private: CommandSSLInfo cmd; + std::string hash; bool MatchFP(ssl_cert* const cert, const std::string& fp) const { @@ -271,6 +272,7 @@ class ModuleSSLInfo { ConfigTag* tag = ServerInstance->Config->ConfValue("sslinfo"); cmd.operonlyfp = tag->getBool("operonly"); + hash = tag->getString("hash"); } Version GetVersion() CXX11_OVERRIDE @@ -436,11 +438,29 @@ class ModuleSSLInfo // Create a fake ssl_cert for the user. ssl_cert* cert = new ssl_cert; - cert->error = "WebIRC users can not specify valid certs yet"; - cert->invalid = true; - cert->revoked = true; - cert->trusted = false; - cert->unknownsigner = true; + if (!hash.empty()) + { + iter = flags->find("certfp-" + hash); + if (iter != flags->end() && !iter->second.empty()) + { + // If the gateway specifies this flag we put all trust onto them + // for having validated the client certificate. This is probably + // ill-advised but there's not much else we can do. + cert->fingerprint = iter->second; + cert->dn = "(unknown)"; + cert->invalid = false; + cert->issuer = "(unknown)"; + cert->trusted = true; + cert->unknownsigner = false; + } + } + + if (cert->fingerprint.empty()) + { + cert->error = "WebIRC gateway did not send a client fingerprint"; + cert->revoked = true; + } + cmd.sslapi.SetCertificate(user, cert); } }; |
