From 75fbb10068a251f8cbe4b4726d84a8b21a2fbb4b Mon Sep 17 00:00:00 2001 From: Sadie Powell Date: Tue, 28 Dec 2021 14:59:45 +0000 Subject: Implement support for SPKI fingerprints into the sslinfo module. --- src/modules/m_sslinfo.cpp | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'src/modules/m_sslinfo.cpp') diff --git a/src/modules/m_sslinfo.cpp b/src/modules/m_sslinfo.cpp index 6cf1e1434..6ea50a564 100644 --- a/src/modules/m_sslinfo.cpp +++ b/src/modules/m_sslinfo.cpp @@ -301,6 +301,7 @@ class ModuleSSLInfo final private: CommandSSLInfo cmd; std::string hash; + bool spkifp; unsigned long warnexpiring; static bool MatchFP(ssl_cert* const cert, const std::string& fp) @@ -324,6 +325,7 @@ public: cmd.operonlyfp = tag->getBool("operonly"); cmd.sslapi.localsecure = tag->getBool("localsecure", true); hash = tag->getString("hash"); + spkifp = tag->getBool("spkifp"); warnexpiring = tag->getDuration("warnexpiring", 0, 0, 60*60*24*365); } @@ -468,7 +470,7 @@ public: auto* cert = new ssl_cert(); if (!hash.empty()) { - iter = flags->find("certfp-" + hash); + iter = flags->find(spkifp ? "spkifp-" : "certfp-" + hash); if (iter != flags->end() && !iter->second.empty()) { // If the gateway specifies this flag we put all trust onto them -- cgit v1.3.1-10-gc9f91