From 416661d17d6797c439d80afb0681e75a3573ff80 Mon Sep 17 00:00:00 2001 From: Sadie Powell Date: Sat, 11 Feb 2023 09:27:46 +0000 Subject: Add an option so local non-SSL users can be seen as securely connected. --- src/modules/m_sasl.cpp | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-) (limited to 'src/modules/m_sasl.cpp') diff --git a/src/modules/m_sasl.cpp b/src/modules/m_sasl.cpp index 85aba2d0f..2ecd38640 100644 --- a/src/modules/m_sasl.cpp +++ b/src/modules/m_sasl.cpp @@ -114,17 +114,14 @@ private: bool OnRequest(LocalUser* user, bool adding) override { - if (requiressl && sslapi && !sslapi->GetCertificate(user)) - return false; - // Servers MUST NAK any sasl capability request if the authentication layer // is unavailable. - return servertracker.IsOnline(); + return OnList(user); } bool OnList(LocalUser* user) override { - if (requiressl && sslapi && !sslapi->GetCertificate(user)) + if (requiressl && sslapi && !sslapi->IsSecure(user)) return false; // Servers MUST NOT advertise the sasl capability if the authentication layer @@ -189,7 +186,7 @@ private: params.reserve(3); params.push_back(user->GetRealHost()); params.push_back(user->GetAddress()); - params.emplace_back(sslapi && sslapi->GetCertificate(user) ? "S" : "P"); + params.emplace_back(sslapi && sslapi->IsSecure(user) ? "S" : "P"); SendSASL(user, "*", 'H', params); } -- cgit v1.3.1-10-gc9f91