2012-04-19 20:58:29 +02:00
|
|
|
/*
|
|
|
|
|
* InspIRCd -- Internet Relay Chat Daemon
|
2007-07-16 17:30:04 +00:00
|
|
|
*
|
2020-04-24 10:23:47 +01:00
|
|
|
* Copyright (C) 2020 Matt Schatz <genius3000@g3k.solutions>
|
2020-01-11 22:02:47 +00:00
|
|
|
* Copyright (C) 2019 B00mX0r <b00mx0r@aureus.pw>
|
|
|
|
|
* Copyright (C) 2018 Dylan Frank <b00mx0r@aureus.pw>
|
2021-05-14 14:48:39 +01:00
|
|
|
* Copyright (C) 2013, 2017-2019, 2021 Sadie Powell <sadie@witchery.services>
|
2020-01-11 22:02:47 +00:00
|
|
|
* Copyright (C) 2013, 2015-2016 Attila Molnar <attilamolnar@hush.com>
|
|
|
|
|
* Copyright (C) 2012 Robby <robby@chatbelgie.be>
|
|
|
|
|
* Copyright (C) 2012 ChrisTX <xpipe@hotmail.de>
|
|
|
|
|
* Copyright (C) 2009-2010 Daniel De Graaf <danieldg@inspircd.org>
|
|
|
|
|
* Copyright (C) 2007 Dennis Friis <peavey@inspircd.org>
|
|
|
|
|
* Copyright (C) 2006 Craig Edwards <brain@inspircd.org>
|
2007-07-16 17:30:04 +00:00
|
|
|
*
|
2012-04-19 20:58:29 +02:00
|
|
|
* This file is part of InspIRCd. InspIRCd is free software: you can
|
|
|
|
|
* redistribute it and/or modify it under the terms of the GNU General Public
|
|
|
|
|
* License as published by the Free Software Foundation, version 2.
|
2007-07-16 17:30:04 +00:00
|
|
|
*
|
2012-04-19 20:58:29 +02:00
|
|
|
* This program is distributed in the hope that it will be useful, but WITHOUT
|
|
|
|
|
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
|
|
|
|
|
* FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
|
|
|
|
|
* details.
|
|
|
|
|
*
|
|
|
|
|
* You should have received a copy of the GNU General Public License
|
|
|
|
|
* along with this program. If not, see <http://www.gnu.org/licenses/>.
|
2007-07-16 17:30:04 +00:00
|
|
|
*/
|
|
|
|
|
|
2012-04-19 20:58:29 +02:00
|
|
|
|
2013-04-02 20:12:15 +01:00
|
|
|
#pragma once
|
2007-07-16 17:30:04 +00:00
|
|
|
|
|
|
|
|
#include <string>
|
2013-05-24 19:34:25 +02:00
|
|
|
#include "iohook.h"
|
2007-07-16 17:30:04 +00:00
|
|
|
|
2020-04-12 22:56:10 -06:00
|
|
|
/** ssl_cert is a class which abstracts TLS (SSL) certificate
|
2007-07-16 17:30:04 +00:00
|
|
|
* and key information.
|
|
|
|
|
*
|
|
|
|
|
* Because gnutls and openssl represent key information in
|
|
|
|
|
* wildly different ways, this class allows it to be accessed
|
|
|
|
|
* in a unified manner. These classes are attached to ssl-
|
2009-09-13 20:30:25 +00:00
|
|
|
* connected local users using SSLCertExt
|
2007-07-16 17:30:04 +00:00
|
|
|
*/
|
2009-11-06 22:37:52 +00:00
|
|
|
class ssl_cert : public refcountbase
|
2007-07-16 17:30:04 +00:00
|
|
|
{
|
|
|
|
|
public:
|
2009-07-02 18:17:26 +00:00
|
|
|
std::string dn;
|
|
|
|
|
std::string issuer;
|
|
|
|
|
std::string error;
|
|
|
|
|
std::string fingerprint;
|
|
|
|
|
bool trusted, invalid, unknownsigner, revoked;
|
2009-02-14 21:14:36 +00:00
|
|
|
|
2010-02-08 19:38:54 +00:00
|
|
|
ssl_cert() : trusted(false), invalid(true), unknownsigner(true), revoked(false) {}
|
|
|
|
|
|
2007-07-16 17:30:04 +00:00
|
|
|
/** Get certificate distinguished name
|
|
|
|
|
* @return Certificate DN
|
|
|
|
|
*/
|
|
|
|
|
const std::string& GetDN()
|
|
|
|
|
{
|
2009-07-02 18:17:26 +00:00
|
|
|
return dn;
|
2007-07-16 17:30:04 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/** Get Certificate issuer
|
|
|
|
|
* @return Certificate issuer
|
|
|
|
|
*/
|
|
|
|
|
const std::string& GetIssuer()
|
|
|
|
|
{
|
2009-07-02 18:17:26 +00:00
|
|
|
return issuer;
|
2007-07-16 17:30:04 +00:00
|
|
|
}
|
|
|
|
|
|
2020-04-21 06:34:17 +00:00
|
|
|
/** Get error string if an error has occurred
|
2007-07-16 17:30:04 +00:00
|
|
|
* @return The error associated with this users certificate,
|
|
|
|
|
* or an empty string if there is no error.
|
|
|
|
|
*/
|
|
|
|
|
const std::string& GetError()
|
|
|
|
|
{
|
2009-07-02 18:17:26 +00:00
|
|
|
return error;
|
2007-07-16 17:30:04 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/** Get key fingerprint.
|
|
|
|
|
* @return The key fingerprint as a hex string.
|
|
|
|
|
*/
|
|
|
|
|
const std::string& GetFingerprint()
|
|
|
|
|
{
|
2009-07-02 18:17:26 +00:00
|
|
|
return fingerprint;
|
2007-07-16 17:30:04 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/** Get trust status
|
|
|
|
|
* @return True if this is a trusted certificate
|
|
|
|
|
* (the certificate chain validates)
|
|
|
|
|
*/
|
|
|
|
|
bool IsTrusted()
|
|
|
|
|
{
|
2009-07-02 18:17:26 +00:00
|
|
|
return trusted;
|
2007-07-16 17:30:04 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/** Get validity status
|
|
|
|
|
* @return True if the certificate itself is
|
|
|
|
|
* correctly formed.
|
|
|
|
|
*/
|
|
|
|
|
bool IsInvalid()
|
|
|
|
|
{
|
2009-07-02 18:17:26 +00:00
|
|
|
return invalid;
|
2007-07-16 17:30:04 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/** Get signer status
|
|
|
|
|
* @return True if the certificate appears to be
|
|
|
|
|
* self-signed.
|
|
|
|
|
*/
|
|
|
|
|
bool IsUnknownSigner()
|
|
|
|
|
{
|
2009-07-02 18:17:26 +00:00
|
|
|
return unknownsigner;
|
2007-07-16 17:30:04 +00:00
|
|
|
}
|
|
|
|
|
|
2021-06-21 16:47:06 -04:00
|
|
|
/** Get revocation status.
|
2007-07-16 17:30:04 +00:00
|
|
|
* @return True if the certificate is revoked.
|
|
|
|
|
* Note that this only works properly for GnuTLS
|
|
|
|
|
* right now.
|
|
|
|
|
*/
|
|
|
|
|
bool IsRevoked()
|
|
|
|
|
{
|
2009-07-02 18:17:26 +00:00
|
|
|
return revoked;
|
2007-07-16 17:30:04 +00:00
|
|
|
}
|
2009-07-02 18:17:33 +00:00
|
|
|
|
2018-03-29 11:11:55 -07:00
|
|
|
/** Get certificate usability
|
|
|
|
|
* @return True if the certificate is not expired nor revoked
|
|
|
|
|
*/
|
|
|
|
|
bool IsUsable()
|
|
|
|
|
{
|
|
|
|
|
return !invalid && !revoked && error.empty();
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/** Get CA trust status
|
|
|
|
|
* @return True if the certificate is issued by a CA
|
|
|
|
|
* and valid.
|
|
|
|
|
*/
|
2010-02-08 19:38:54 +00:00
|
|
|
bool IsCAVerified()
|
|
|
|
|
{
|
2018-03-29 11:11:55 -07:00
|
|
|
return IsUsable() && trusted && !unknownsigner;
|
2010-02-08 19:38:54 +00:00
|
|
|
}
|
|
|
|
|
|
2009-07-02 18:17:33 +00:00
|
|
|
std::string GetMetaLine()
|
|
|
|
|
{
|
|
|
|
|
std::stringstream value;
|
Windows: In-depth cleanup (see details)
-Fix x64 builds for Windows. Now all configurations compile.
-Remove the non-working rebase stuff.
-Remove the Windows fork hack and instead use FreeConsole() to emulate the behavior. This directly allows us to compile with ASLR, which is turned on now.
-Remove the old IPC mechanism for the removed GUI. This is not needed anymore as the GUI wasn't ever supported on anything newer than 1.2
-Remove the WIN32/WINDOWS macros. _WIN32 is supported on all x86-based VC++ targets, so that's what we need.
-Enable optimizations for release builds.
-De-duplicate printf_c(), it was previously copy-pasted into colors.h for configure
-Add the VC++ specific bad files in .gitignore
-Disable PID writing on Windows. This is only making sense for *nix builds.
-Replace the CPU usage retrieval with an algorithm analogous to the *nix behavior. Also supports separated now/total values. (Tested with a dummy busy loop - seems working)
-Removed certain unused functions and variables
-Remove stdint defines from the windows wrapper
-Remove CRT debug alloc. This is a bad idea as it would define a macro to replace free which breaks builds.
-Re-evaluated the warnings list, commented it.
-Moved inspircd_config/_version to include/ to match *nix
-Removed the creation of inspircd_se_config, as it isn't used at all.
-Made non-git builds show as "r0" instead of "r" (thanks to @SaberUK for pointing this out)
-Fixed up m_spanningtree's project paths. Now all configurations (debug/release x86/x64) have been tested and build properly.
-Moved FindDNS out of the wrapper and matched its log behavior with *nix. (It's pointless having it in the wrapper after the recent slimming down)
-Replaced random/srandom wrappers with a mechanism that tries to use Windows' Random API first is no SSL module is loaded.
-Removed more old junk from support for compilers older than VC++ 2010 (we don't have project files for these, so compiling them would be hard anyways)
-Removed the unused ClearConsole()
-Removed unused includes from the wrapper. Also, do not include psapi.h here if we don't link psapi.lib. This should be done where appropriate.
-Made inet_aton an inline function for increased performance
-C4800, performance warning about bool forcing, resolved at all occurrences.
-C4701, uninitialized variable 'cached', resolved at all occurrences.
-dlerror() was migrated out of the wrapper for more thread safety (no global buffer being shared) and increased performance.
-Removed the wrong CRT debug flags. This drains a lot of performance.
-Removed the clock_gettime/gettimeofday wrappers
-Replaced all TCHAR/ANSI mix-ups of functions with the correct respective function.
-Added a block of C4355 for < VS2012
-Update project files for c870714
2012-10-12 22:31:38 +02:00
|
|
|
bool hasError = !error.empty();
|
2009-07-02 18:17:33 +00:00
|
|
|
value << (IsInvalid() ? "v" : "V") << (IsTrusted() ? "T" : "t") << (IsRevoked() ? "R" : "r")
|
|
|
|
|
<< (IsUnknownSigner() ? "s" : "S") << (hasError ? "E" : "e") << " ";
|
|
|
|
|
if (hasError)
|
|
|
|
|
value << GetError();
|
|
|
|
|
else
|
|
|
|
|
value << GetFingerprint() << " " << GetDN() << " " << GetIssuer();
|
|
|
|
|
return value.str();
|
|
|
|
|
}
|
2007-07-16 17:30:04 +00:00
|
|
|
};
|
|
|
|
|
|
2021-03-09 01:00:16 +00:00
|
|
|
/** I/O hook provider for SSL modules. */
|
|
|
|
|
class SSLIOHookProvider : public IOHookProvider
|
|
|
|
|
{
|
|
|
|
|
public:
|
|
|
|
|
SSLIOHookProvider(Module* mod, const std::string& Name)
|
|
|
|
|
: IOHookProvider(mod, "ssl/" + Name, IOH_SSL)
|
|
|
|
|
{
|
|
|
|
|
}
|
|
|
|
|
};
|
|
|
|
|
|
2013-05-24 19:34:25 +02:00
|
|
|
class SSLIOHook : public IOHook
|
2007-07-16 17:30:04 +00:00
|
|
|
{
|
2013-09-24 20:40:20 +02:00
|
|
|
protected:
|
2021-08-17 12:06:22 +01:00
|
|
|
/** An enumeration of possible TLS (SSL) socket states. */
|
|
|
|
|
enum Status
|
|
|
|
|
{
|
|
|
|
|
/** The SSL socket has just been opened or has been closed. */
|
|
|
|
|
STATUS_NONE,
|
|
|
|
|
|
|
|
|
|
/** The SSL socket is currently handshaking. */
|
|
|
|
|
STATUS_HANDSHAKING,
|
|
|
|
|
|
|
|
|
|
/** The SSL handshake has completed and data can be sent. */
|
|
|
|
|
STATUS_OPEN
|
|
|
|
|
};
|
|
|
|
|
|
2020-04-12 22:56:10 -06:00
|
|
|
/** Peer TLS (SSL) certificate, set by the TLS (SSL) module
|
2013-09-24 20:40:20 +02:00
|
|
|
*/
|
|
|
|
|
reference<ssl_cert> certificate;
|
|
|
|
|
|
2021-08-17 12:06:22 +01:00
|
|
|
/** The status of the TLS (SSL) connection. */
|
|
|
|
|
Status status;
|
|
|
|
|
|
2015-06-06 14:42:59 +02:00
|
|
|
/** Reduce elements in a send queue by appending later elements to the first element until there are no more
|
|
|
|
|
* elements to append or a desired length is reached
|
|
|
|
|
* @param sendq SendQ to work on
|
|
|
|
|
* @param targetsize Target size of the front element
|
|
|
|
|
*/
|
|
|
|
|
static void FlattenSendQueue(StreamSocket::SendQueue& sendq, size_t targetsize)
|
|
|
|
|
{
|
|
|
|
|
if ((sendq.size() <= 1) || (sendq.front().length() >= targetsize))
|
|
|
|
|
return;
|
|
|
|
|
|
2020-04-12 22:56:10 -06:00
|
|
|
// Avoid multiple repeated TLS (SSL) encryption invocations
|
2015-06-06 14:42:59 +02:00
|
|
|
// This adds a single copy of the queue, but avoids
|
|
|
|
|
// much more overhead in terms of system calls invoked
|
|
|
|
|
// by an IOHook.
|
|
|
|
|
std::string tmp;
|
|
|
|
|
tmp.reserve(std::min(targetsize, sendq.bytes())+1);
|
|
|
|
|
do
|
|
|
|
|
{
|
|
|
|
|
tmp.append(sendq.front());
|
|
|
|
|
sendq.pop_front();
|
|
|
|
|
}
|
|
|
|
|
while (!sendq.empty() && tmp.length() < targetsize);
|
|
|
|
|
sendq.push_front(tmp);
|
|
|
|
|
}
|
|
|
|
|
|
2013-05-24 19:34:25 +02:00
|
|
|
public:
|
2016-04-28 17:04:33 +02:00
|
|
|
static SSLIOHook* IsSSL(StreamSocket* sock)
|
|
|
|
|
{
|
2020-07-20 20:37:20 -06:00
|
|
|
IOHook* const lasthook = sock->GetLastHook();
|
|
|
|
|
if (lasthook && (lasthook->prov->type == IOHookProvider::IOH_SSL))
|
|
|
|
|
return static_cast<SSLIOHook*>(lasthook);
|
|
|
|
|
|
2016-04-28 17:04:33 +02:00
|
|
|
return NULL;
|
|
|
|
|
}
|
|
|
|
|
|
2013-09-24 20:40:20 +02:00
|
|
|
SSLIOHook(IOHookProvider* hookprov)
|
|
|
|
|
: IOHook(hookprov)
|
2013-05-24 19:34:25 +02:00
|
|
|
{
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
2013-09-24 20:40:20 +02:00
|
|
|
* Get the certificate sent by this peer
|
2020-04-12 22:56:10 -06:00
|
|
|
* @return The TLS (SSL) certificate sent by the peer, NULL if no cert was sent
|
2013-05-24 19:34:25 +02:00
|
|
|
*/
|
2019-05-13 14:26:16 +01:00
|
|
|
virtual ssl_cert* GetCertificate() const
|
2013-09-24 20:40:20 +02:00
|
|
|
{
|
2018-11-26 14:33:44 +00:00
|
|
|
return certificate;
|
2013-09-24 20:40:20 +02:00
|
|
|
}
|
2009-11-06 22:37:52 +00:00
|
|
|
|
2013-05-24 19:34:25 +02:00
|
|
|
/**
|
2013-09-24 20:40:20 +02:00
|
|
|
* Get the fingerprint of the peer's certificate
|
2020-04-12 22:56:10 -06:00
|
|
|
* @return The fingerprint of the TLS (SSL) client certificate sent by the peer,
|
2013-05-24 19:34:25 +02:00
|
|
|
* empty if no cert was sent
|
|
|
|
|
*/
|
2019-05-13 14:26:16 +01:00
|
|
|
virtual std::string GetFingerprint() const
|
2009-11-06 22:37:52 +00:00
|
|
|
{
|
2013-09-24 20:40:20 +02:00
|
|
|
ssl_cert* cert = GetCertificate();
|
2019-01-31 01:26:06 -08:00
|
|
|
if (cert && cert->IsUsable())
|
2013-05-24 19:34:25 +02:00
|
|
|
return cert->GetFingerprint();
|
|
|
|
|
return "";
|
2009-11-06 22:37:52 +00:00
|
|
|
}
|
2016-04-28 17:06:16 +02:00
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Get the ciphersuite negotiated with the peer
|
|
|
|
|
* @param out String where the ciphersuite string will be appended to
|
|
|
|
|
*/
|
|
|
|
|
virtual void GetCiphersuite(std::string& out) const = 0;
|
2017-10-29 11:15:47 +00:00
|
|
|
|
|
|
|
|
|
2020-04-12 22:56:10 -06:00
|
|
|
/** Retrieves the name of the TLS (SSL) connection which is sent via SNI.
|
2017-10-29 11:15:47 +00:00
|
|
|
* @param out String that the server name will be appended to.
|
|
|
|
|
* returns True if the server name was retrieved; otherwise, false.
|
|
|
|
|
*/
|
|
|
|
|
virtual bool GetServerName(std::string& out) const = 0;
|
2021-08-17 12:06:22 +01:00
|
|
|
|
|
|
|
|
/** @copydoc IOHook::IsHookReady */
|
2021-09-22 20:49:32 +01:00
|
|
|
bool IsHookReady() const CXX11_OVERRIDE { return status == STATUS_OPEN; }
|
2013-05-24 19:34:25 +02:00
|
|
|
};
|
2009-11-06 22:37:52 +00:00
|
|
|
|
2020-04-12 22:56:10 -06:00
|
|
|
/** Helper functions for obtaining TLS (SSL) client certificates and key fingerprints
|
2013-05-24 19:34:25 +02:00
|
|
|
* from StreamSockets
|
|
|
|
|
*/
|
|
|
|
|
class SSLClientCert
|
|
|
|
|
{
|
|
|
|
|
public:
|
2021-04-27 16:36:40 +01:00
|
|
|
/**
|
2013-05-24 19:34:25 +02:00
|
|
|
* Get the client certificate from a socket
|
2020-04-12 22:56:10 -06:00
|
|
|
* @param sock The socket to get the certificate from, the socket does not have to use TLS (SSL)
|
|
|
|
|
* @return The TLS (SSL) client certificate information, NULL if the peer is not using TLS (SSL)
|
2013-05-24 19:34:25 +02:00
|
|
|
*/
|
|
|
|
|
static ssl_cert* GetCertificate(StreamSocket* sock)
|
|
|
|
|
{
|
2016-04-28 17:04:33 +02:00
|
|
|
SSLIOHook* ssliohook = SSLIOHook::IsSSL(sock);
|
|
|
|
|
if (!ssliohook)
|
2013-05-24 19:34:25 +02:00
|
|
|
return NULL;
|
|
|
|
|
|
2013-09-24 20:40:20 +02:00
|
|
|
return ssliohook->GetCertificate();
|
2013-05-24 19:34:25 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Get the fingerprint of a client certificate from a socket
|
|
|
|
|
* @param sock The socket to get the certificate fingerprint from, the
|
2020-04-12 22:56:10 -06:00
|
|
|
* socket does not have to use TLS (SSL)
|
|
|
|
|
* @return The key fingerprint from the TLS (SSL) certificate sent by the peer,
|
|
|
|
|
* empty if no cert was sent or the peer is not using TLS (SSL)
|
2013-05-24 19:34:25 +02:00
|
|
|
*/
|
|
|
|
|
static std::string GetFingerprint(StreamSocket* sock)
|
2009-11-06 22:37:52 +00:00
|
|
|
{
|
2013-05-24 19:34:25 +02:00
|
|
|
ssl_cert* cert = SSLClientCert::GetCertificate(sock);
|
2009-11-06 22:37:52 +00:00
|
|
|
if (cert)
|
|
|
|
|
return cert->GetFingerprint();
|
|
|
|
|
return "";
|
|
|
|
|
}
|
|
|
|
|
};
|
|
|
|
|
|
2013-05-24 19:34:25 +02:00
|
|
|
class UserCertificateAPIBase : public DataProvider
|
2009-11-06 22:37:52 +00:00
|
|
|
{
|
2013-05-24 19:34:25 +02:00
|
|
|
public:
|
2021-04-27 16:36:40 +01:00
|
|
|
UserCertificateAPIBase(Module* parent)
|
2013-05-24 19:34:25 +02:00
|
|
|
: DataProvider(parent, "m_sslinfo_api")
|
2009-10-25 15:21:45 +00:00
|
|
|
{
|
|
|
|
|
}
|
|
|
|
|
|
2020-04-12 22:56:10 -06:00
|
|
|
/** Get the TLS (SSL) certificate of a user
|
2013-05-24 19:34:25 +02:00
|
|
|
* @param user The user whose certificate to get, user may be remote
|
2020-04-12 22:56:10 -06:00
|
|
|
* @return The TLS (SSL) certificate of the user or NULL if the user is not using TLS (SSL)
|
2013-05-24 19:34:25 +02:00
|
|
|
*/
|
|
|
|
|
virtual ssl_cert* GetCertificate(User* user) = 0;
|
|
|
|
|
|
2020-04-12 22:56:10 -06:00
|
|
|
/** Set the TLS (SSL) certificate of a user.
|
2018-10-16 14:57:28 +01:00
|
|
|
* @param user The user whose certificate to set.
|
2020-04-12 22:56:10 -06:00
|
|
|
* @param cert The TLS (SSL) certificate to set for the user.
|
2018-10-16 14:57:28 +01:00
|
|
|
*/
|
|
|
|
|
virtual void SetCertificate(User* user, ssl_cert* cert) = 0;
|
|
|
|
|
|
2013-05-24 19:34:25 +02:00
|
|
|
/** Get the key fingerprint from a user's certificate
|
|
|
|
|
* @param user The user whose key fingerprint to get, user may be remote
|
2020-04-12 22:56:10 -06:00
|
|
|
* @return The key fingerprint from the user's TLS (SSL) certificate or an empty string
|
|
|
|
|
* if the user is not using TLS (SSL) or did not provide a client certificate
|
2013-05-24 19:34:25 +02:00
|
|
|
*/
|
|
|
|
|
std::string GetFingerprint(User* user)
|
2009-09-13 20:30:25 +00:00
|
|
|
{
|
2013-05-24 19:34:25 +02:00
|
|
|
ssl_cert* cert = GetCertificate(user);
|
2009-10-08 23:29:21 +00:00
|
|
|
if (cert)
|
|
|
|
|
return cert->GetFingerprint();
|
|
|
|
|
return "";
|
2009-09-13 20:30:25 +00:00
|
|
|
}
|
|
|
|
|
};
|
2013-05-24 19:34:25 +02:00
|
|
|
|
2020-04-21 06:34:17 +00:00
|
|
|
/** API implemented by m_sslinfo that allows modules to retrieve the TLS (SSL) certificate
|
2013-05-24 19:34:25 +02:00
|
|
|
* information of local and remote users. It can also be used to find out whether a
|
2020-04-12 22:56:10 -06:00
|
|
|
* user is using TLS (SSL) or not.
|
2013-05-24 19:34:25 +02:00
|
|
|
*/
|
|
|
|
|
class UserCertificateAPI : public dynamic_reference<UserCertificateAPIBase>
|
|
|
|
|
{
|
|
|
|
|
public:
|
|
|
|
|
UserCertificateAPI(Module* parent)
|
|
|
|
|
: dynamic_reference<UserCertificateAPIBase>(parent, "m_sslinfo_api")
|
|
|
|
|
{
|
|
|
|
|
}
|
|
|
|
|
};
|
