ouch/inspircd
2
0
Fork 0
mirror of https://github.com/inspircd/inspircd.git synced 2025-03-11 11:39:02 -04:00
Code Issues Packages Projects Releases Wiki Activity

All but cert revocation is now supported by both modules

Browse Source 
git-svn-id: http://svn.inspircd.org/repository/trunk/inspircd@5128 e03df62e-2008-0410-955e-edbf42e46eb7
This commit is contained in:
brain 2006-09-03 20:42:16 +00:00
parent f0101edab9
commit 0000b8172e
1 changed files with 29 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

29
src/modules/extra/m_ssl_openssl.cpp
View File

@ -25,6 +25,8 @@
enum issl_status { ISSL_NONE, ISSL_HANDSHAKING, ISSL_OPEN };
enum issl_io_status { ISSL_WRITE, ISSL_READ };
static bool SelfSigned = false;
bool isin(int port, const std::vector<int> &portlist)
{
for(unsigned int i = 0; i < portlist.size(); i++)
@ -66,6 +68,10 @@ static int OnVerify(int preverify_ok, X509_STORE_CTX *ctx)
* we can just return preverify_ok here, and openssl
* will boot off self-signed and invalid peer certs.
*/
int ve = X509_STORE_CTX_get_error(ctx);
SelfSigned = (ve == X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT);
return 1;
}
@ -313,6 +319,16 @@ class ModuleSSLOpenSSL : public Module
{
ServerInstance->Log(DEBUG, "m_ssl_openssl.so: OnRawSocketClose: %d", fd);
CloseSession(&sessions[fd]);
EventHandler* user = ServerInstance->SE->GetRef(fd);
if ((user) && (user->GetExt("ssl_cert", dummy)))
{
ssl_cert* tofree;
user->GetExt("ssl_cert", tofree);
delete tofree;
user->Shrink("ssl_cert");
}
}
virtual int OnRawSocketRead(int fd, char* buffer, unsigned int count, int &readresult)
@ -698,6 +714,19 @@ class ModuleSSLOpenSSL : public Module
return;
}
certinfo->data.insert(std::make_pair("invalid", SSL_get_verify_result(session->sess) != X509_V_OK ? ConvToStr(1) : ConvToStr(0)));
if (SelfSigned)
{
certinfo->data.insert(std::make_pair("unknownsigner",ConvToStr(0)));
certinfo->data.insert(std::make_pair("trusted",ConvToStr(1)));
}
else
{
certinfo->data.insert(std::make_pair("unknownsigner",ConvToStr(1)));
certinfo->data.insert(std::make_pair("trusted",ConvToStr(0)));
}
/*if (!X509_verify_cert(cert))
{
certinfo->data.insert(std::make_pair("invalid",ConvToStr(1)));