exit_client(client_p, client_p, client_p, "Access denied, requires SSL/TLS but is plaintext");
return;
case -6:
- sendto_realops_snomask(SNO_GENERAL, L_ALL,
- "Connection from servername %s has invalid certificate fingerprint %s",
- name, client_p->certfp);
- ilog(L_SERVER, "Access denied, invalid certificate fingerprint %s from %s",
- client_p->certfp, log_client_name(client_p, SHOW_IP));
+ if (client_p->certfp)
+ {
+ sendto_realops_snomask(SNO_GENERAL, L_ALL,
+ "Connection from servername %s has invalid certificate fingerprint %s",
+ name, client_p->certfp);
+ ilog(L_SERVER, "Access denied, invalid certificate fingerprint %s from %s",
+ client_p->certfp, log_client_name(client_p, SHOW_IP));
+ exit_client(client_p, client_p, client_p, "Invalid fingerprint.");
+ }
+ else
+ {
+ sendto_realops_snomask(SNO_GENERAL, L_ALL,
+ "Connection from servername %s failed certificate validation",
+ name);
+ ilog(L_SERVER, "Access denied; certificate validation failed for certificate from %s",
+ log_client_name(client_p, SHOW_IP));
+ exit_client(client_p, client_p, client_p, "Invalid certificate.");
+ }
- exit_client(client_p, client_p, client_p, "Invalid fingerprint.");
return;
default:
sendto_realops_snomask(SNO_GENERAL, L_ALL,