]> jfr.im git - solanum.git/commitdiff
projects / solanum.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side (parent: d57ff45)
mr_server: Handle certificate validation errors.
authorKeith Buck <redacted>
Fri, 9 Dec 2016 10:01:22 +0000 (10:01 +0000)
committerKeith Buck <redacted>
Fri, 9 Dec 2016 10:08:47 +0000 (10:08 +0000)
When certificate validation fails, the certificate fingerprint won't be
calculated, resulting in an attempt to format NULL into a log line
showing the fingerprint. Instead, add a different error message for
missing fingerprint (i.e. validation failed).

modules/core/m_server.c patch | blob | blame | history

diff --git a/modules/core/m_server.c b/modules/core/m_server.c
index 1ceaca9f821de10ee7ebb33da68722463f6278d0..ad8f66a986849f02c4358922602c5e08615c63a3 100644 (file)
--- a/modules/core/m_server.c
+++ b/modules/core/m_server.c
@@ -189,13 +189,25 @@ mr_server(struct MsgBuf *msgbuf_p, struct Client *client_p, struct Client *sourc
                exit_client(client_p, client_p, client_p, "Access denied, requires SSL/TLS but is plaintext");
                return;
        case -6:
-               sendto_realops_snomask(SNO_GENERAL, L_ALL,
-                    "Connection from servername %s has invalid certificate fingerprint %s",
-                    name, client_p->certfp);
-               ilog(L_SERVER, "Access denied, invalid certificate fingerprint %s from %s",
-                    client_p->certfp, log_client_name(client_p, SHOW_IP));
+               if (client_p->certfp)
+               {
+                       sendto_realops_snomask(SNO_GENERAL, L_ALL,
+                            "Connection from servername %s has invalid certificate fingerprint %s",
+                            name, client_p->certfp);
+                       ilog(L_SERVER, "Access denied, invalid certificate fingerprint %s from %s",
+                            client_p->certfp, log_client_name(client_p, SHOW_IP));
+                       exit_client(client_p, client_p, client_p, "Invalid fingerprint.");
+               }
+               else
+               {
+                       sendto_realops_snomask(SNO_GENERAL, L_ALL,
+                           "Connection from servername %s failed certificate validation",
+                           name);
+                       ilog(L_SERVER, "Access denied; certificate validation failed for certificate from %s",
+                           log_client_name(client_p, SHOW_IP));
+                       exit_client(client_p, client_p, client_p, "Invalid certificate.");
+               }
 
-               exit_client(client_p, client_p, client_p, "Invalid fingerprint.");
                return;
        default:
                sendto_realops_snomask(SNO_GENERAL, L_ALL,
Fork of solanum ircd, history is rebased regularly