/*
* ngIRCd -- The Next Generation IRC Daemon
- * Copyright (c)2001-2013 Alexander Barton (alex@barton.de) and Contributors.
+ * Copyright (c)2001-2014 Alexander Barton (alex@barton.de) and Contributors.
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* IRC commands for server links
*/
-#include "imp.h"
#include <assert.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <strings.h>
-#include "defines.h"
-#include "conn.h"
#include "conn-func.h"
#include "conn-zip.h"
#include "conf.h"
#include "channel.h"
-#include "lists.h"
#include "log.h"
#include "messages.h"
#include "parse.h"
#include "numeric.h"
#include "ngircd.h"
#include "irc-info.h"
-#include "irc-macros.h"
#include "irc-write.h"
#include "op.h"
-#include "exp.h"
#include "irc-server.h"
/**
return DISCONNECTED;
}
+#ifdef SSL_SUPPORT
+ /*
+ * This check is only done if RequireClientCert is disabled, and this Servers [SERVER] section has
+ * "SSLVerify" enabled.
+ * (if RequireClientCert is set, certificate validation is done during SSL/TLS handshake)
+ */
+ CONN_ID con = Client_Conn (Client);
+ if (Conf_Server[i].SSLVerify && !(Conn_Options(con) & CONN_SSL_PEERCERT_OK)) {
+ Log(LOG_ERR, "Connection %d: SSLVerify is set, and server \"%s\" did not present a valid certificate",
+ Client_Conn(Client), Req->argv[0]);
+ Conn_Close(Client_Conn(Client), NULL, "No valid SSL certificate", true);
+ return DISCONNECTED;
+ }
+#endif
+
/* Is there a registered server with this ID? */
if (!Client_CheckID(Client, Req->argv[0]))
return DISCONNECTED;
projects / ngircd-alex.git / blobdiff