aboutsummaryrefslogtreecommitdiff
path: root/src/modules/m_sslinfo.cpp
diff options
context:
space:
mode:
Diffstat (limited to 'src/modules/m_sslinfo.cpp')
-rw-r--r--src/modules/m_sslinfo.cpp18
1 files changed, 17 insertions, 1 deletions
diff --git a/src/modules/m_sslinfo.cpp b/src/modules/m_sslinfo.cpp
index 5341f5c96..2531c5201 100644
--- a/src/modules/m_sslinfo.cpp
+++ b/src/modules/m_sslinfo.cpp
@@ -136,6 +136,7 @@ class UserCertificateAPIImpl final
public:
BoolExtItem nosslext;
SSLCertExt sslext;
+ bool localsecure;
UserCertificateAPIImpl(Module* mod)
: UserCertificateAPIBase(mod)
@@ -162,6 +163,18 @@ public:
return cert;
}
+ bool IsSecure(User* user) override
+ {
+ auto* cert = GetCertificate(user);
+ if (cert)
+ return !!cert;
+
+ if (localsecure)
+ return user->client_sa.is_local();
+
+ return false;
+ }
+
void SetCertificate(User* user, ssl_cert* cert) override
{
ServerInstance->Logs.Debug(MODNAME, "Setting TLS client certificate for {}: {}",
@@ -307,15 +320,18 @@ public:
{
const auto& tag = ServerInstance->Config->ConfValue("sslinfo");
cmd.operonlyfp = tag->getBool("operonly");
+ cmd.sslapi.localsecure = tag->getBool("localsecure", true);
hash = tag->getString("hash");
}
void OnWhois(Whois::Context& whois) override
{
+ if (cmd.sslapi.IsSecure(whois.GetTarget()))
+ whois.SendLine(RPL_WHOISSECURE, "is using a secure connection");
+
ssl_cert* cert = cmd.sslapi.GetCertificate(whois.GetTarget());
if (cert)
{
- whois.SendLine(RPL_WHOISSECURE, "is using a secure connection");
if ((!cmd.operonlyfp || whois.IsSelfWhois() || whois.GetSource()->IsOper()) && !cert->fingerprint.empty())
whois.SendLine(RPL_WHOISCERTFP, INSP_FORMAT("has TLS client certificate fingerprint {}", cert->fingerprint));
}