Skip to content
Browse files

Merge branch 'master+sslconnmsg'

  • Loading branch information...
2 parents 6cfe401 + 1e4b53a commit fb66fb5ce3410d7e32813aed85e8ad3050584740 @attilamolnar attilamolnar committed Apr 30, 2016
View
19 include/modules/ssl.h
@@ -164,6 +164,14 @@ class SSLIOHook : public IOHook
}
public:
+ static SSLIOHook* IsSSL(StreamSocket* sock)
+ {
+ IOHook* const iohook = sock->GetIOHook();
+ if ((iohook) && ((iohook->prov->type == IOHookProvider::IOH_SSL)))
+ return static_cast<SSLIOHook*>(iohook);
+ return NULL;
+ }
+
SSLIOHook(IOHookProvider* hookprov)
: IOHook(hookprov)
{
@@ -190,6 +198,12 @@ class SSLIOHook : public IOHook
return cert->GetFingerprint();
return "";
}
+
+ /**
+ * Get the ciphersuite negotiated with the peer
+ * @param out String where the ciphersuite string will be appended to
+ */
+ virtual void GetCiphersuite(std::string& out) const = 0;
};
/** Helper functions for obtaining SSL client certificates and key fingerprints
@@ -205,11 +219,10 @@ class SSLClientCert
*/
static ssl_cert* GetCertificate(StreamSocket* sock)
{
- IOHook* iohook = sock->GetIOHook();
- if ((!iohook) || (iohook->prov->type != IOHookProvider::IOH_SSL))
+ SSLIOHook* ssliohook = SSLIOHook::IsSSL(sock);
+ if (!ssliohook)
return NULL;
- SSLIOHook* ssliohook = static_cast<SSLIOHook*>(iohook);
return ssliohook->GetCertificate();
}
View
25 src/modules/extra/m_ssl_gnutls.cpp
@@ -1150,22 +1150,10 @@ class GnuTLSIOHook : public SSLIOHook
return 1;
}
- void TellCiphersAndFingerprint(LocalUser* user)
- {
- if (sess)
- {
- std::string text = "*** You are connected using SSL cipher '";
- GetCiphersuite(text);
- text += '\'';
- if (!certificate->fingerprint.empty())
- text += " and your SSL certificate fingerprint is " + certificate->fingerprint;
-
- user->WriteNotice(text);
- }
- }
-
- void GetCiphersuite(std::string& out) const
+ void GetCiphersuite(std::string& out) const CXX11_OVERRIDE
{
+ if (!IsHandshakeDone())
+ return;
out.append(UnknownIfNULL(gnutls_protocol_get_name(gnutls_protocol_get_version(sess)))).push_back('-');
out.append(UnknownIfNULL(gnutls_kx_get_name(gnutls_kx_get(sess)))).push_back('-');
out.append(UnknownIfNULL(gnutls_cipher_get_name(gnutls_cipher_get(sess)))).push_back('-');
@@ -1344,13 +1332,6 @@ class ModuleSSLGnuTLS : public Module
return Version("Provides SSL support for clients", VF_VENDOR);
}
- void OnUserConnect(LocalUser* user) CXX11_OVERRIDE
- {
- IOHook* hook = user->eh.GetIOHook();
- if (hook && hook->prov->creator == this)
- static_cast<GnuTLSIOHook*>(hook)->TellCiphersAndFingerprint(user);
- }
-
ModResult OnCheckReady(LocalUser* user) CXX11_OVERRIDE
{
if ((user->eh.GetIOHook()) && (user->eh.GetIOHook()->prov->creator == this))
View
26 src/modules/extra/m_ssl_openssl.cpp
@@ -720,23 +720,10 @@ class OpenSSLIOHook : public SSLIOHook
return 1;
}
- void TellCiphersAndFingerprint(LocalUser* user)
- {
- if (sess)
- {
- std::string text = "*** You are connected using SSL cipher '";
- GetCiphersuite(text);
- text += '\'';
- const std::string& fingerprint = certificate->fingerprint;
- if (!fingerprint.empty())
- text += " and your SSL certificate fingerprint is " + fingerprint;
-
- user->WriteNotice(text);
- }
- }
-
- void GetCiphersuite(std::string& out) const
+ void GetCiphersuite(std::string& out) const CXX11_OVERRIDE
{
+ if (!IsHandshakeDone())
+ return;
out.append(SSL_get_version(sess)).push_back('-');
out.append(SSL_get_cipher(sess));
}
@@ -917,13 +904,6 @@ class ModuleSSLOpenSSL : public Module
}
}
- void OnUserConnect(LocalUser* user) CXX11_OVERRIDE
- {
- IOHook* hook = user->eh.GetIOHook();
- if (hook && hook->prov->creator == this)
- static_cast<OpenSSLIOHook*>(hook)->TellCiphersAndFingerprint(user);
- }
-
void OnCleanup(int target_type, void* item) CXX11_OVERRIDE
{
if (target_type == TYPE_USER)
View
2 src/modules/m_jumpserver.cpp
@@ -140,7 +140,7 @@ class CommandJumpserver : public Command
int GetPort(LocalUser* user)
{
- int p = (SSLClientCert::GetCertificate(&user->eh) ? sslport : port);
+ int p = (SSLIOHook::IsSSL(&user->eh) ? sslport : port);
if (p == 0)
p = user->GetServerPort();
return p;
View
10 src/modules/m_spanningtree/server.cpp
@@ -19,6 +19,7 @@
#include "inspircd.h"
+#include "modules/ssl.h"
#include "main.h"
#include "utils.h"
@@ -127,6 +128,15 @@ Link* TreeSocket::AuthRemote(const parameterlist& params)
return NULL;
ServerInstance->SNO->WriteToSnoMask('l',"Verified server connection " + linkID + " ("+description+")");
+
+ const SSLIOHook* const ssliohook = SSLIOHook::IsSSL(this);
+ if (ssliohook)
+ {
+ std::string ciphersuite;
+ ssliohook->GetCiphersuite(ciphersuite);
+ ServerInstance->SNO->WriteToSnoMask('l', "Negotiated ciphersuite %s on link %s", ciphersuite.c_str(), x->Name.c_str());
+ }
+
return x;
}
View
22 src/modules/m_sslinfo.cpp
@@ -209,8 +209,26 @@ class ModuleSSLInfo : public Module, public Whois::EventListener
void OnPostConnect(User* user) CXX11_OVERRIDE
{
- ssl_cert *cert = cmd.CertExt.get(user);
- if (!cert || cert->fingerprint.empty())
+ LocalUser* const localuser = IS_LOCAL(user);
+ if (!localuser)
+ return;
+
+ const SSLIOHook* const ssliohook = SSLIOHook::IsSSL(&localuser->eh);
+ if (!ssliohook)
+ return;
+
+ ssl_cert* const cert = ssliohook->GetCertificate();
+
+ {
+ std::string text = "*** You are connected using SSL cipher '";
@Robby-
Robby- added a note May 5, 2016

Does this now also show the TLS version in use? If not, can this be added? Like TLSv1.0, TLSv1.1, ...

@attilamolnar
inspircd member
attilamolnar added a note May 5, 2016

Yes, it shows that.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
+ ssliohook->GetCiphersuite(text);
+ text.push_back('\'');
+ if ((cert) && (!cert->GetFingerprint().empty()))
+ text.append(" and your SSL certificate fingerprint is ").append(cert->GetFingerprint());
+ user->WriteNotice(text);
+ }
+
+ if (!cert)
return;
// find an auto-oper block for this user
for (ServerConfig::OperIndex::const_iterator i = ServerInstance->Config->oper_blocks.begin(); i != ServerInstance->Config->oper_blocks.end(); ++i)

0 comments on commit fb66fb5

Please sign in to comment.
Something went wrong with that request. Please try again.