Improve 'trust ok' command
if a client send "TRUST OK" to bip and all connexions are already trusted, reply "No untrusted certificates." instead of "Unknown command"
This commit is contained in:
parent
46c599d92e
commit
b2dde370d6
18
src/bip.c
18
src/bip.c
|
@ -1714,8 +1714,10 @@ int ssl_check_trust(struct link_client *ic)
|
||||||
int i;
|
int i;
|
||||||
|
|
||||||
if(!LINK(ic)->untrusted_certs ||
|
if(!LINK(ic)->untrusted_certs ||
|
||||||
sk_X509_num(LINK(ic)->untrusted_certs) <= 0)
|
sk_X509_num(LINK(ic)->untrusted_certs) <= 0) {
|
||||||
|
ic->allow_trust = 0;
|
||||||
return 0;
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
trustcert = sk_X509_value(LINK(ic)->untrusted_certs, 0);
|
trustcert = sk_X509_value(LINK(ic)->untrusted_certs, 0);
|
||||||
strcpy(subject, "Subject: ");
|
strcpy(subject, "Subject: ");
|
||||||
|
@ -1753,6 +1755,8 @@ int ssl_check_trust(struct link_client *ic)
|
||||||
"Type /QUOTE BIP TRUST OK to trust this "
|
"Type /QUOTE BIP TRUST OK to trust this "
|
||||||
"certificate, /QUOTE BIP TRUST NO to discard it.");
|
"certificate, /QUOTE BIP TRUST NO to discard it.");
|
||||||
|
|
||||||
|
TYPE(ic) = IRC_TYPE_TRUST_CLIENT;
|
||||||
|
ic->allow_trust = 1;
|
||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -1773,18 +1777,10 @@ static int ssl_discard_next_cert(struct link_client *ic)
|
||||||
int adm_trust(struct link_client *ic, struct line *line)
|
int adm_trust(struct link_client *ic, struct line *line)
|
||||||
{
|
{
|
||||||
if (ic->allow_trust != 1) {
|
if (ic->allow_trust != 1) {
|
||||||
mylog(LOG_ERROR, "User attempted TRUST command without "
|
|
||||||
"being allowed to!");
|
|
||||||
unbind_from_link(ic);
|
|
||||||
return OK_CLOSE;
|
|
||||||
}
|
|
||||||
|
|
||||||
if(!LINK(ic)->untrusted_certs ||
|
|
||||||
sk_X509_num(LINK(ic)->untrusted_certs) <= 0) {
|
|
||||||
/* shouldn't have been asked to /QUOTE BIP TRUST but well... */
|
/* shouldn't have been asked to /QUOTE BIP TRUST but well... */
|
||||||
WRITE_LINE2(CONN(ic), P_SERV, "NOTICE", "TrustEm",
|
WRITE_LINE2(CONN(ic), P_SERV, "NOTICE", "TrustEm",
|
||||||
"No untrusted certificates.");
|
"No untrusted certificates.");
|
||||||
return ERR_PROTOCOL;
|
return OK_FORGET;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (irc_line_count(line) != 3)
|
if (irc_line_count(line) != 3)
|
||||||
|
@ -2268,6 +2264,8 @@ int adm_bip(bip_t *bip, struct link_client *ic, struct line *line, int privmsg)
|
||||||
adm_bip_delconn(bip, ic,
|
adm_bip_delconn(bip, ic,
|
||||||
irc_line_elem(line, privmsg + 2));
|
irc_line_elem(line, privmsg + 2));
|
||||||
}
|
}
|
||||||
|
} else if (strcasecmp(irc_line_elem(line, privmsg + 1), "TRUST") == 0) {
|
||||||
|
return adm_trust(ic, line);
|
||||||
} else {
|
} else {
|
||||||
bip_notify(ic, "Unknown command.");
|
bip_notify(ic, "Unknown command.");
|
||||||
}
|
}
|
||||||
|
|
|
@ -767,8 +767,6 @@ static int irc_cli_startup(bip_t *bip, struct link_client *ic,
|
||||||
if (LINK(ic)->s_state != IRCS_CONNECTED) {
|
if (LINK(ic)->s_state != IRCS_CONNECTED) {
|
||||||
/* Check if we have an untrusted certificate from the server */
|
/* Check if we have an untrusted certificate from the server */
|
||||||
if (ssl_check_trust(ic)) {
|
if (ssl_check_trust(ic)) {
|
||||||
TYPE(ic) = IRC_TYPE_TRUST_CLIENT;
|
|
||||||
ic->allow_trust = 1;
|
|
||||||
free(init_nick);
|
free(init_nick);
|
||||||
return OK_FORGET;
|
return OK_FORGET;
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue