X-Git-Url: https://jfr.im/git/irc/rqf/shadowircd.git/blobdiff_plain/4c16b692f3ae28b40e134d94105d806beba9317e..255130dde8eed921fea4b23786a5743fbd50cbda:/src/newconf.c

diff --git a/src/newconf.c b/src/newconf.c
index 761e518..65e28f8 100644
--- a/src/newconf.c
+++ b/src/newconf.c
@@ -1309,9 +1309,9 @@ conf_end_connect(struct TopConf *tc)
 		return 0;
 	}
 
-	if(EmptyString(yy_server->passwd) || EmptyString(yy_server->spasswd))
+	if((EmptyString(yy_server->passwd) || EmptyString(yy_server->spasswd)) && EmptyString(yy_server->certfp))
 	{
-		conf_report_error("Ignoring connect block for %s -- missing password.",
+		conf_report_error("Ignoring connect block for %s -- no certfp or password credentials provided.",
 					yy_server->name);
 		return 0;
 	}
@@ -1383,6 +1383,15 @@ conf_set_connect_accept_password(void *data)
 	yy_server->passwd = rb_strdup(data);
 }
 
+static void
+conf_set_connect_fingerprint(void *data)
+{
+	yy_server->certfp = rb_strdup((char *) data);
+
+	/* force SSL to be enabled if fingerprint is enabled. */
+	yy_server->flags |= SERVER_SSL;
+}
+
 static void
 conf_set_connect_port(void *data)
 {
@@ -2020,7 +2029,7 @@ add_conf_item(const char *topconf, const char *name, int type, void (*func) (voi
 	if((tc = find_top_conf(topconf)) == NULL)
 		return -1;
 
-	if((cf = find_conf_item(tc, name)) != NULL)
+	if(find_conf_item(tc, name))
 		return -1;
 
 	cf = rb_malloc(sizeof(struct ConfEntry));
@@ -2164,6 +2173,7 @@ static struct ConfEntry conf_connect_table[] =
 {
 	{ "send_password",	CF_QSTRING,   conf_set_connect_send_password,	0, NULL },
 	{ "accept_password",	CF_QSTRING,   conf_set_connect_accept_password,	0, NULL },
+	{ "fingerprint",	CF_QSTRING,   conf_set_connect_fingerprint,	0, NULL },
 	{ "flags",	CF_STRING | CF_FLIST, conf_set_connect_flags,	0, NULL },
 	{ "host",	CF_QSTRING, conf_set_connect_host,	0, NULL },
 	{ "vhost",	CF_QSTRING, conf_set_connect_vhost,	0, NULL },