X-Git-Url: https://arthur.barton.de/cgi-bin/gitweb.cgi?p=ngircd-alex.git;a=blobdiff_plain;f=src%2Fngircd%2Fconn.c;fp=src%2Fngircd%2Fconn.c;h=3882899f4406b85829d0f5e0ce04f0008aff093a;hp=ae442b4ddbd5abf9820f804397d057a9082af59e;hb=817937b218c4b57515f54216ebc936cd69df0aae;hpb=339ad77b621b061de7053f88410f1b1395392ff5

diff --git a/src/ngircd/conn.c b/src/ngircd/conn.c
index ae442b4d..3882899f 100644
--- a/src/ngircd/conn.c
+++ b/src/ngircd/conn.c
@@ -2563,6 +2563,7 @@ static void
 cb_connserver_login_ssl(int sock, short unused)
 {
 	CONN_ID idx = Socket2Index(sock);
+	int serveridx;
 
 	(void) unused;
 
@@ -2581,10 +2582,30 @@ cb_connserver_login_ssl(int sock, short unused)
 			return;
 	}
 
+	serveridx = Conf_GetServer(idx);
+	assert(serveridx >= 0);
+	if (serveridx < 0)
+		goto err;
+
 	Log( LOG_INFO, "SSL connection %d with \"%s:%d\" established.", idx,
 	    My_Connections[idx].host, Conf_Server[Conf_GetServer( idx )].port );
 
+	if (!Conn_OPTION_ISSET(&My_Connections[idx], CONN_SSL_PEERCERT_OK)) {
+		if (Conf_Server[serveridx].SSLVerify) {
+			Log(LOG_ERR,
+				"SSLVerify enabled for %d, but peer certificate check failed",
+				idx);
+			goto err;
+		}
+		Log(LOG_WARNING,
+			"Peer certificate check failed for %d, but SSLVerify is disabled, continuing",
+			idx);
+	}
 	server_login(idx);
+	return;
+      err:
+	Log(LOG_ERR, "SSL connection on socket %d failed!", sock);
+	Conn_Close(idx, "Can't connect!", NULL, false);
 }