From 890da482ef9e8b043c83d6afc0aa1ce3899babce Mon Sep 17 00:00:00 2001 From: David Schultz Date: Mon, 20 Sep 2021 18:10:36 -0500 Subject: Add the channels/ignore-repeat priv to exempt opers from +E. --- docs/conf/opers.conf.example | 1 + src/modules/m_repeat.cpp | 3 +++ 2 files changed, 4 insertions(+) diff --git a/docs/conf/opers.conf.example b/docs/conf/opers.conf.example index 330a366c2..bed4169b9 100644 --- a/docs/conf/opers.conf.example +++ b/docs/conf/opers.conf.example @@ -29,6 +29,7 @@ # PERMISSIONS: # - channels/ignore-noctcp: allows opers with this priv to send a CTCP to a +C channel. # - channels/ignore-nonicks: allows opers with this priv to change their nick when on a +N channel. + # - channels/ignore-repeat: allows opers with this priv to be immune to repeat punishment on a +E channel. # - channels/restricted-create: allows opers with this priv to create channels if the restrictchans module is loaded. # - users/flood/increased-buffers: allows opers with this priv to send and receive data without worrying about being disconnected for exceeding limits (*NOTE). # - users/flood/no-fakelag: prevents opers from being penalized with fake lag for flooding (*NOTE). diff --git a/src/modules/m_repeat.cpp b/src/modules/m_repeat.cpp index 33ca5b057..bda5dd4c4 100644 --- a/src/modules/m_repeat.cpp +++ b/src/modules/m_repeat.cpp @@ -396,6 +396,9 @@ class RepeatModule : public Module if (res == MOD_RES_ALLOW) return MOD_RES_PASSTHRU; + if (user->HasPrivPermission("channels/ignore-repeat")) + return MOD_RES_PASSTHRU; + if (rm.MatchLine(memb, settings, details.text)) { if (settings->Action == ChannelSettings::ACT_BLOCK) -- cgit v1.3.1-10-gc9f91 From 5bd0a93976f6818187e70a4446257d90a41c7ff1 Mon Sep 17 00:00:00 2001 From: Sadie Powell Date: Tue, 17 Aug 2021 12:06:22 +0100 Subject: Add an API for checking if I/O hooks are ready or not. --- include/iohook.h | 3 +++ include/modules/ssl.h | 19 +++++++++++++++++++ src/modules/extra/m_ssl_gnutls.cpp | 21 ++++++++------------- src/modules/extra/m_ssl_mbedtls.cpp | 29 ++++++++++------------------- src/modules/extra/m_ssl_openssl.cpp | 31 +++++++++++++------------------ src/modules/m_haproxy.cpp | 5 +++++ src/modules/m_websocket.cpp | 5 +++++ 7 files changed, 63 insertions(+), 50 deletions(-) diff --git a/include/iohook.h b/include/iohook.h index 1985ea891..b2d3c06a0 100644 --- a/include/iohook.h +++ b/include/iohook.h @@ -78,6 +78,9 @@ class IOHook : public classbase IOHook(IOHookProvider* provider) : prov(provider) { } + /** Determines whether this I/O hook is ready to send and receive data. */ + virtual bool IsHookReady() const { return true; } + /** * Called when the hooked socket has data to write, or when the socket engine returns it as writable * @param sock Hooked socket diff --git a/include/modules/ssl.h b/include/modules/ssl.h index 8081adb36..9e8f7ebe0 100644 --- a/include/modules/ssl.h +++ b/include/modules/ssl.h @@ -164,10 +164,26 @@ public: class SSLIOHook : public IOHook { protected: + /** An enumeration of possible TLS (SSL) socket states. */ + enum Status + { + /** The SSL socket has just been opened or has been closed. */ + STATUS_NONE, + + /** The SSL socket is currently handshaking. */ + STATUS_HANDSHAKING, + + /** The SSL handshake has completed and data can be sent. */ + STATUS_OPEN + }; + /** Peer TLS (SSL) certificate, set by the TLS (SSL) module */ reference certificate; + /** The status of the TLS (SSL) connection. */ + Status status; + /** Reduce elements in a send queue by appending later elements to the first element until there are no more * elements to append or a desired length is reached * @param sendq SendQ to work on @@ -242,6 +258,9 @@ class SSLIOHook : public IOHook * returns True if the server name was retrieved; otherwise, false. */ virtual bool GetServerName(std::string& out) const = 0; + + /** @copydoc IOHook::IsHookReady */ + bool IsHookReady() const override { return status == STATUS_OPEN; } }; /** Helper functions for obtaining TLS (SSL) client certificates and key fingerprints diff --git a/src/modules/extra/m_ssl_gnutls.cpp b/src/modules/extra/m_ssl_gnutls.cpp index 0d8821cd9..43169df1a 100644 --- a/src/modules/extra/m_ssl_gnutls.cpp +++ b/src/modules/extra/m_ssl_gnutls.cpp @@ -99,8 +99,6 @@ #define GNUTLS_NEW_PRIO_API #endif -enum issl_status { ISSL_NONE, ISSL_HANDSHAKING, ISSL_HANDSHAKEN }; - #if INSPIRCD_GNUTLS_HAS_VERSION(2, 12, 0) #define INSPIRCD_GNUTLS_HAS_VECTOR_PUSH #define GNUTLS_NEW_CERT_CALLBACK_API @@ -728,7 +726,6 @@ class GnuTLSIOHook : public SSLIOHook { private: gnutls_session_t sess; - issl_status status; #ifdef INSPIRCD_GNUTLS_HAS_CORK size_t gbuffersize; #endif @@ -742,7 +739,7 @@ class GnuTLSIOHook : public SSLIOHook } sess = NULL; certificate = NULL; - status = ISSL_NONE; + status = STATUS_NONE; } // Returns 1 if handshake succeeded, 0 if it is still in progress, -1 if it failed @@ -755,7 +752,7 @@ class GnuTLSIOHook : public SSLIOHook if(ret == GNUTLS_E_AGAIN || ret == GNUTLS_E_INTERRUPTED) { // Handshake needs resuming later, read() or write() would have blocked. - this->status = ISSL_HANDSHAKING; + this->status = STATUS_HANDSHAKING; if (gnutls_record_get_direction(this->sess) == 0) { @@ -780,7 +777,7 @@ class GnuTLSIOHook : public SSLIOHook else { // Change the session state - this->status = ISSL_HANDSHAKEN; + this->status = STATUS_OPEN; VerifyCertificate(); @@ -882,9 +879,9 @@ info_done_dealloc: // Returns 1 if application I/O should proceed, 0 if it must wait for the underlying protocol to progress, -1 on fatal error int PrepareIO(StreamSocket* sock) { - if (status == ISSL_HANDSHAKEN) + if (status == STATUS_OPEN) return 1; - else if (status == ISSL_HANDSHAKING) + else if (status == STATUS_HANDSHAKING) { // The handshake isn't finished, try to finish it return Handshake(sock); @@ -1050,7 +1047,6 @@ info_done_dealloc: GnuTLSIOHook(IOHookProvider* hookprov, StreamSocket* sock, inspircd_gnutls_session_init_flags_t flags) : SSLIOHook(hookprov) , sess(NULL) - , status(ISSL_NONE) #ifdef INSPIRCD_GNUTLS_HAS_CORK , gbuffersize(0) #endif @@ -1081,7 +1077,7 @@ info_done_dealloc: if (prepret <= 0) return prepret; - // If we resumed the handshake then this->status will be ISSL_HANDSHAKEN. + // If we resumed the handshake then this->status will be STATUS_OPEN. { GnuTLS::DataReader reader(sess); int ret = reader.ret(); @@ -1177,7 +1173,7 @@ info_done_dealloc: void GetCiphersuite(std::string& out) const CXX11_OVERRIDE { - if (!IsHandshakeDone()) + if (!IsHookReady()) return; out.append(UnknownIfNULL(gnutls_protocol_get_name(gnutls_protocol_get_version(sess)))).push_back('-'); out.append(UnknownIfNULL(gnutls_kx_get_name(gnutls_kx_get(sess)))).push_back('-'); @@ -1205,7 +1201,6 @@ info_done_dealloc: } GnuTLS::Profile& GetProfile(); - bool IsHandshakeDone() const { return (status == ISSL_HANDSHAKEN); } }; int GnuTLS::X509Credentials::cert_callback(gnutls_session_t sess, const gnutls_datum_t* req_ca_rdn, int nreqs, const gnutls_pk_algorithm_t* sign_algos, int sign_algos_length, cert_cb_last_param_type* st) @@ -1407,7 +1402,7 @@ class ModuleSSLGnuTLS : public Module ModResult OnCheckReady(LocalUser* user) CXX11_OVERRIDE { const GnuTLSIOHook* const iohook = static_cast(user->eh.GetModHook(this)); - if ((iohook) && (!iohook->IsHandshakeDone())) + if ((iohook) && (!iohook->IsHookReady())) return MOD_RES_DENY; return MOD_RES_PASSTHRU; } diff --git a/src/modules/extra/m_ssl_mbedtls.cpp b/src/modules/extra/m_ssl_mbedtls.cpp index 0df7ca2e5..abda2d1b0 100644 --- a/src/modules/extra/m_ssl_mbedtls.cpp +++ b/src/modules/extra/m_ssl_mbedtls.cpp @@ -535,25 +535,18 @@ namespace mbedTLS class mbedTLSIOHook : public SSLIOHook { - enum Status - { - ISSL_NONE, - ISSL_HANDSHAKING, - ISSL_HANDSHAKEN - }; - + private: mbedtls_ssl_context sess; - Status status; void CloseSession() { - if (status == ISSL_NONE) + if (status == STATUS_NONE) return; mbedtls_ssl_close_notify(&sess); mbedtls_ssl_free(&sess); certificate = NULL; - status = ISSL_NONE; + status = STATUS_NONE; } // Returns 1 if handshake succeeded, 0 if it is still in progress, -1 if it failed @@ -563,7 +556,7 @@ class mbedTLSIOHook : public SSLIOHook if (ret == 0) { // Change the session state - this->status = ISSL_HANDSHAKEN; + this->status = STATUS_OPEN; VerifyCertificate(); @@ -573,7 +566,7 @@ class mbedTLSIOHook : public SSLIOHook return 1; } - this->status = ISSL_HANDSHAKING; + this->status = STATUS_HANDSHAKING; if (ret == MBEDTLS_ERR_SSL_WANT_READ) { SocketEngine::ChangeEventMask(sock, FD_WANT_POLL_READ | FD_WANT_NO_WRITE); @@ -593,9 +586,9 @@ class mbedTLSIOHook : public SSLIOHook // Returns 1 if application I/O should proceed, 0 if it must wait for the underlying protocol to progress, -1 on fatal error int PrepareIO(StreamSocket* sock) { - if (status == ISSL_HANDSHAKEN) + if (status == STATUS_OPEN) return 1; - else if (status == ISSL_HANDSHAKING) + else if (status == STATUS_HANDSHAKING) { // The handshake isn't finished, try to finish it return Handshake(sock); @@ -693,7 +686,6 @@ class mbedTLSIOHook : public SSLIOHook public: mbedTLSIOHook(IOHookProvider* hookprov, StreamSocket* sock, bool isserver) : SSLIOHook(hookprov) - , status(ISSL_NONE) { mbedtls_ssl_init(&sess); if (isserver) @@ -719,7 +711,7 @@ class mbedTLSIOHook : public SSLIOHook if (prepret <= 0) return prepret; - // If we resumed the handshake then this->status will be ISSL_HANDSHAKEN. + // If we resumed the handshake then this->status will be STATUS_OPEN. char* const readbuf = ServerInstance->GetReadBuffer(); const size_t readbufsize = ServerInstance->Config->NetBufferSize; int ret = mbedtls_ssl_read(&sess, reinterpret_cast(readbuf), readbufsize); @@ -810,7 +802,7 @@ class mbedTLSIOHook : public SSLIOHook void GetCiphersuite(std::string& out) const CXX11_OVERRIDE { - if (!IsHandshakeDone()) + if (!IsHookReady()) return; out.append(mbedtls_ssl_get_version(&sess)).push_back('-'); @@ -830,7 +822,6 @@ class mbedTLSIOHook : public SSLIOHook } mbedTLS::Profile& GetProfile(); - bool IsHandshakeDone() const { return (status == ISSL_HANDSHAKEN); } }; class mbedTLSIOHookProvider : public SSLIOHookProvider @@ -998,7 +989,7 @@ class ModuleSSLmbedTLS : public Module ModResult OnCheckReady(LocalUser* user) CXX11_OVERRIDE { const mbedTLSIOHook* const iohook = static_cast(user->eh.GetModHook(this)); - if ((iohook) && (!iohook->IsHandshakeDone())) + if ((iohook) && (!iohook->IsHookReady())) return MOD_RES_DENY; return MOD_RES_PASSTHRU; } diff --git a/src/modules/extra/m_ssl_openssl.cpp b/src/modules/extra/m_ssl_openssl.cpp index d5d29d51c..740861b60 100644 --- a/src/modules/extra/m_ssl_openssl.cpp +++ b/src/modules/extra/m_ssl_openssl.cpp @@ -104,8 +104,6 @@ # define INSPIRCD_OPENSSL_OPAQUE_BIO #endif -enum issl_status { ISSL_NONE, ISSL_HANDSHAKING, ISSL_OPEN }; - static bool SelfSigned = false; static int exdataindex; @@ -576,7 +574,6 @@ class OpenSSLIOHook : public SSLIOHook { private: SSL* sess; - issl_status status; bool data_to_write; // Returns 1 if handshake succeeded, 0 if it is still in progress, -1 if it failed @@ -591,13 +588,13 @@ class OpenSSLIOHook : public SSLIOHook if (err == SSL_ERROR_WANT_READ) { SocketEngine::ChangeEventMask(user, FD_WANT_POLL_READ | FD_WANT_NO_WRITE); - this->status = ISSL_HANDSHAKING; + this->status = STATUS_HANDSHAKING; return 0; } else if (err == SSL_ERROR_WANT_WRITE) { SocketEngine::ChangeEventMask(user, FD_WANT_NO_READ | FD_WANT_SINGLE_WRITE); - this->status = ISSL_HANDSHAKING; + this->status = STATUS_HANDSHAKING; return 0; } else @@ -611,7 +608,7 @@ class OpenSSLIOHook : public SSLIOHook // Handshake complete. VerifyCertificate(); - status = ISSL_OPEN; + status = STATUS_OPEN; SocketEngine::ChangeEventMask(user, FD_WANT_POLL_READ | FD_WANT_NO_WRITE | FD_ADD_TRIAL_WRITE); @@ -633,7 +630,7 @@ class OpenSSLIOHook : public SSLIOHook } sess = NULL; certificate = NULL; - status = ISSL_NONE; + status = STATUS_NONE; } void VerifyCertificate() @@ -696,14 +693,14 @@ class OpenSSLIOHook : public SSLIOHook void SSLInfoCallback(int where, int rc) { - if ((where & SSL_CB_HANDSHAKE_START) && (status == ISSL_OPEN)) + if ((where & SSL_CB_HANDSHAKE_START) && (status == STATUS_OPEN)) { if (GetProfile().AllowRenegotiation()) return; // The other side is trying to renegotiate, kill the connection and change status - // to ISSL_NONE so CheckRenego() closes the session - status = ISSL_NONE; + // to STATUS_NONE so CheckRenego() closes the session + status = STATUS_NONE; BIO* bio = SSL_get_rbio(sess); EventHandler* eh = static_cast(BIO_get_data(bio)); SocketEngine::Shutdown(eh, 2); @@ -712,7 +709,7 @@ class OpenSSLIOHook : public SSLIOHook bool CheckRenego(StreamSocket* sock) { - if (status != ISSL_NONE) + if (status != STATUS_NONE) return true; ServerInstance->Logs->Log(MODNAME, LOG_DEBUG, "Session %p killed, attempted to renegotiate", (void*)sess); @@ -724,9 +721,9 @@ class OpenSSLIOHook : public SSLIOHook // Returns 1 if application I/O should proceed, 0 if it must wait for the underlying protocol to progress, -1 on fatal error int PrepareIO(StreamSocket* sock) { - if (status == ISSL_OPEN) + if (status == STATUS_OPEN) return 1; - else if (status == ISSL_HANDSHAKING) + else if (status == STATUS_HANDSHAKING) { // The handshake isn't finished, try to finish it return Handshake(sock); @@ -743,7 +740,6 @@ class OpenSSLIOHook : public SSLIOHook OpenSSLIOHook(IOHookProvider* hookprov, StreamSocket* sock, SSL* session) : SSLIOHook(hookprov) , sess(session) - , status(ISSL_NONE) , data_to_write(false) { // Create BIO instance and store a pointer to the socket in it which will be used by the read and write functions @@ -772,7 +768,7 @@ class OpenSSLIOHook : public SSLIOHook if (prepret <= 0) return prepret; - // If we resumed the handshake then this->status will be ISSL_OPEN + // If we resumed the handshake then this->status will be STATUS_OPEN { ERR_clear_error(); char* buffer = ServerInstance->GetReadBuffer(); @@ -890,7 +886,7 @@ class OpenSSLIOHook : public SSLIOHook void GetCiphersuite(std::string& out) const CXX11_OVERRIDE { - if (!IsHandshakeDone()) + if (!IsHookReady()) return; out.append(SSL_get_version(sess)).push_back('-'); out.append(SSL_get_cipher(sess)); @@ -906,7 +902,6 @@ class OpenSSLIOHook : public SSLIOHook return true; } - bool IsHandshakeDone() const { return (status == ISSL_OPEN); } OpenSSL::Profile& GetProfile(); }; @@ -1133,7 +1128,7 @@ class ModuleSSLOpenSSL : public Module ModResult OnCheckReady(LocalUser* user) CXX11_OVERRIDE { const OpenSSLIOHook* const iohook = static_cast(user->eh.GetModHook(this)); - if ((iohook) && (!iohook->IsHandshakeDone())) + if ((iohook) && (!iohook->IsHookReady())) return MOD_RES_DENY; return MOD_RES_PASSTHRU; } diff --git a/src/modules/m_haproxy.cpp b/src/modules/m_haproxy.cpp index f7ef52213..ab3251031 100644 --- a/src/modules/m_haproxy.cpp +++ b/src/modules/m_haproxy.cpp @@ -384,6 +384,11 @@ class HAProxyHook : public IOHookMiddle sock->AddIOHook(this); } + bool IsHookReady() const override + { + return state == HPS_CONNECTED; + } + int OnStreamSocketWrite(StreamSocket* sock, StreamSocket::SendQueue& uppersendq) CXX11_OVERRIDE { // We don't need to implement this. diff --git a/src/modules/m_websocket.cpp b/src/modules/m_websocket.cpp index 672c438e9..4d72f1bd2 100644 --- a/src/modules/m_websocket.cpp +++ b/src/modules/m_websocket.cpp @@ -459,6 +459,11 @@ class WebSocketHook : public IOHookMiddle sock->AddIOHook(this); } + bool IsHookReady() const override + { + return state == STATE_ESTABLISHED; + } + int OnStreamSocketWrite(StreamSocket* sock, StreamSocket::SendQueue& uppersendq) CXX11_OVERRIDE { StreamSocket::SendQueue& mysendq = GetSendQ(); -- cgit v1.3.1-10-gc9f91 From 191fb584780b5651931d703fb17c9bbad273dfa2 Mon Sep 17 00:00:00 2001 From: Sadie Powell Date: Tue, 21 Sep 2021 10:14:49 +0100 Subject: Replace with . --- docs/conf/modules.conf.example | 16 ++++++++-------- src/modules/m_websocket.cpp | 41 +++++++++++++++++++++++++++++++++++------ 2 files changed, 43 insertions(+), 14 deletions(-) diff --git a/docs/conf/modules.conf.example b/docs/conf/modules.conf.example index 8668673e6..581212609 100644 --- a/docs/conf/modules.conf.example +++ b/docs/conf/modules.conf.example @@ -2462,19 +2462,19 @@ # Requires SHA-1 hash support available in the sha1 module. # # +# defaultmode: The default frame mode if a client does not send a +# WebSocket subprotocol. Potential values are "text" to +# encode messages as UTF-8 text frames, "binary" to send +# messages as raw binary frames, or "reject" to close +# connections which do not request a subprotocol. Defaults +# to "text". # proxyranges: A space-delimited list of glob or CIDR matches to trust # the X-Real-IP or X-Forwarded-For headers from. If enabled # the server will use the IP address specified by those HTTP # headers. You should NOT enable this unless you are using # a HTTP proxy like nginx as it will allow IP spoofing. -# sendastext: Whether to re-encode messages as UTF-8 before sending to -# WebSocket clients. This is recommended as the WebSocket -# protocol requires all text frames to be sent as UTF-8. -# If you do not have this enabled messages will be sent as -# binary frames instead. Clients can override this using a -# WebSocket subprotocol. See the docs page for more info. -# +# # # If you use the websocket module you MUST specify one or more origins # which are allowed to connect to the server. You should set this as diff --git a/src/modules/m_websocket.cpp b/src/modules/m_websocket.cpp index 4d72f1bd2..8ac8a50e3 100644 --- a/src/modules/m_websocket.cpp +++ b/src/modules/m_websocket.cpp @@ -35,17 +35,29 @@ static dynamic_reference_nocheck* sha1; struct WebSocketConfig { + enum DefaultMode + { + // Reject connections if a subprotocol is not requested. + DM_REJECT, + + // Use binary frames if a subprotocol is not requested. + DM_BINARY, + + // Use UTF-8 text frames if a subprotocol is not requested. + DM_TEXT + }; + typedef std::vector OriginList; typedef std::vector ProxyRanges; // The HTTP origins that can connect to the server. OriginList allowedorigins; + // The method to use if a subprotocol is not negotiated. + DefaultMode defaultmode; + // The IP ranges which send trustworthy X-Real-IP or X-Forwarded-For headers. ProxyRanges proxyranges; - - // Whether to send as UTF-8 text instead of binary data. - bool sendastext; }; class WebSocketHookProvider : public IOHookProvider @@ -406,8 +418,10 @@ class WebSocketHook : public IOHookMiddle irc::spacesepstream protostream(protocolheader.ExtractValue(recvq)); for (std::string proto; protostream.GetToken(proto); ) { + bool is_binary = stdalgo::string::equalsci(proto, "binary.inspircd.org"); bool is_text = stdalgo::string::equalsci(proto, "text.inspircd.org"); - if (stdalgo::string::equalsci(proto, "binary.inspircd.org") || is_text) + + if (is_binary || is_text) { selectedproto = proto; sendastext = is_text; @@ -416,6 +430,12 @@ class WebSocketHook : public IOHookMiddle } } + if (selectedproto.empty() && config.defaultmode == WebSocketConfig::DM_REJECT) + { + FailHandshake(sock, "HTTP/1.1 400 Bad Request\r\nConnection: close\r\n\r\n", "WebSocket: Received HTTP request that did not send the Sec-WebSocket-Protocol header"); + return -1; + } + HTTPHeaderFinder keyheader; if (!keyheader.Find(recvq, "Sec-WebSocket-Key:", 18, reqend)) { @@ -454,7 +474,7 @@ class WebSocketHook : public IOHookMiddle , state(STATE_HTTPREQ) , lastpingpong(0) , config(cfg) - , sendastext(cfg.sendastext) + , sendastext(config.defaultmode != WebSocketConfig::DM_BINARY) { sock->AddIOHook(this); } @@ -577,7 +597,16 @@ class ModuleWebSocket : public Module } ConfigTag* tag = ServerInstance->Config->ConfValue("websocket"); - config.sendastext = tag->getBool("sendastext", true); + + const std::string defaultmodestr = tag->getString("defaultmode", tag->getBool("sendastext", true) ? "text" : "binary", 1); + if (stdalgo::string::equalsci(defaultmodestr, "reject")) + config.defaultmode = WebSocketConfig::DM_REJECT; + else if (stdalgo::string::equalsci(defaultmodestr, "binary")) + config.defaultmode = WebSocketConfig::DM_BINARY; + else if (stdalgo::string::equalsci(defaultmodestr, "text")) + config.defaultmode = WebSocketConfig::DM_TEXT; + else + throw ModuleException(defaultmodestr + " is an invalid value for ; acceptable values are 'binary', 'text' and 'reject', at " + tag->getTagLocation()); irc::spacesepstream proxyranges(tag->getString("proxyranges")); for (std::string proxyrange; proxyranges.GetToken(proxyrange); ) -- cgit v1.3.1-10-gc9f91 From 99dc047c2f04f7ec37082cc6373785f6f2f6b9ac Mon Sep 17 00:00:00 2001 From: Sadie Powell Date: Wed, 22 Sep 2021 20:37:23 +0100 Subject: Send SSL profile reloading errors to snomask `a`. --- src/modules/extra/m_ssl_gnutls.cpp | 2 +- src/modules/extra/m_ssl_mbedtls.cpp | 2 +- src/modules/extra/m_ssl_openssl.cpp | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/src/modules/extra/m_ssl_gnutls.cpp b/src/modules/extra/m_ssl_gnutls.cpp index 43169df1a..020f10482 100644 --- a/src/modules/extra/m_ssl_gnutls.cpp +++ b/src/modules/extra/m_ssl_gnutls.cpp @@ -1370,7 +1370,7 @@ class ModuleSSLGnuTLS : public Module } catch (ModuleException& ex) { - ServerInstance->Logs->Log(MODNAME, LOG_DEFAULT, ex.GetReason() + " Not applying settings."); + ServerInstance->SNO->WriteToSnoMask('a', "Failed to reload the GnuTLS TLS (SSL) profiles. " + ex.GetReason()); } } diff --git a/src/modules/extra/m_ssl_mbedtls.cpp b/src/modules/extra/m_ssl_mbedtls.cpp index abda2d1b0..cf7c9020f 100644 --- a/src/modules/extra/m_ssl_mbedtls.cpp +++ b/src/modules/extra/m_ssl_mbedtls.cpp @@ -968,7 +968,7 @@ class ModuleSSLmbedTLS : public Module } catch (ModuleException& ex) { - ServerInstance->Logs->Log(MODNAME, LOG_DEFAULT, ex.GetReason() + " Not applying settings."); + ServerInstance->SNO->WriteToSnoMask('a', "Failed to reload the mbedTLS TLS (SSL) profiles. " + ex.GetReason()); } } diff --git a/src/modules/extra/m_ssl_openssl.cpp b/src/modules/extra/m_ssl_openssl.cpp index 740861b60..a42e81cab 100644 --- a/src/modules/extra/m_ssl_openssl.cpp +++ b/src/modules/extra/m_ssl_openssl.cpp @@ -1106,7 +1106,7 @@ class ModuleSSLOpenSSL : public Module } catch (ModuleException& ex) { - ServerInstance->Logs->Log(MODNAME, LOG_DEFAULT, ex.GetReason() + " Not applying settings."); + ServerInstance->SNO->WriteToSnoMask('a', "Failed to reload the OpenSSL TLS (SSL) profiles. " + ex.GetReason()); } } -- cgit v1.3.1-10-gc9f91 From 6646c9fbeab6cd85e4efcff9ffb16d11ee617650 Mon Sep 17 00:00:00 2001 From: Sadie Powell Date: Wed, 22 Sep 2021 20:49:32 +0100 Subject: Use CXX11_OVERRIDE instead of the override keyword. --- include/modules/ssl.h | 2 +- src/modules/m_haproxy.cpp | 2 +- src/modules/m_websocket.cpp | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/include/modules/ssl.h b/include/modules/ssl.h index 9e8f7ebe0..84e2ab3ef 100644 --- a/include/modules/ssl.h +++ b/include/modules/ssl.h @@ -260,7 +260,7 @@ class SSLIOHook : public IOHook virtual bool GetServerName(std::string& out) const = 0; /** @copydoc IOHook::IsHookReady */ - bool IsHookReady() const override { return status == STATUS_OPEN; } + bool IsHookReady() const CXX11_OVERRIDE { return status == STATUS_OPEN; } }; /** Helper functions for obtaining TLS (SSL) client certificates and key fingerprints diff --git a/src/modules/m_haproxy.cpp b/src/modules/m_haproxy.cpp index ab3251031..d50d1ff09 100644 --- a/src/modules/m_haproxy.cpp +++ b/src/modules/m_haproxy.cpp @@ -384,7 +384,7 @@ class HAProxyHook : public IOHookMiddle sock->AddIOHook(this); } - bool IsHookReady() const override + bool IsHookReady() const CXX11_OVERRIDE { return state == HPS_CONNECTED; } diff --git a/src/modules/m_websocket.cpp b/src/modules/m_websocket.cpp index 8ac8a50e3..58ce8507d 100644 --- a/src/modules/m_websocket.cpp +++ b/src/modules/m_websocket.cpp @@ -479,7 +479,7 @@ class WebSocketHook : public IOHookMiddle sock->AddIOHook(this); } - bool IsHookReady() const override + bool IsHookReady() const CXX11_OVERRIDE { return state == STATE_ESTABLISHED; } -- cgit v1.3.1-10-gc9f91