0
0
Fork 0
mirror of https://github.com/matrix-construct/construct synced 2024-11-16 15:00:51 +01:00

allow certfp method to be configured

This commit is contained in:
William Pitcock 2015-12-07 01:49:30 -06:00
parent 772c95cc7a
commit 13d8f0edba
6 changed files with 46 additions and 3 deletions

View file

@ -536,6 +536,7 @@ general {
throttle_count = 4;
max_ratelimit_tokens = 30;
away_interval = 30;
certfp_method = sha1;
};
modules {

View file

@ -1294,6 +1294,12 @@ general {
* counts.
*/
away_interval = 30;
/* certfp_method: the method that should be used for computing certificate fingerprints.
* Acceptable options are sha1, sha256 and sha512. Networks running versions of charybdis
* prior to charybdis 3.5 MUST use sha1 for certfp_method.
*/
certfp_method = sha1;
};
modules {

View file

@ -234,6 +234,7 @@ struct config_file_entry
int client_flood_message_num;
unsigned int nicklen;
int certfp_method;
};
struct config_channel_entry

View file

@ -1644,6 +1644,24 @@ conf_set_general_oper_umodes(void *data)
set_modes_from_table(&ConfigFileEntry.oper_umodes, "umode", umode_table, data);
}
static void
conf_set_general_certfp_method(void *data)
{
char *method = data;
if (!strcasecmp(method, "sha1"))
ConfigFileEntry.certfp_method = RB_SSL_CERTFP_METH_SHA1;
else if (!strcasecmp(method, "sha256"))
ConfigFileEntry.certfp_method = RB_SSL_CERTFP_METH_SHA256;
else if (!strcasecmp(method, "sha512"))
ConfigFileEntry.certfp_method = RB_SSL_CERTFP_METH_SHA512;
else
{
ConfigFileEntry.certfp_method = RB_SSL_CERTFP_METH_SHA1;
conf_report_error("Ignoring general::certfp_method -- bogus certfp method %s", method);
}
}
static void
conf_set_general_oper_only_umodes(void *data)
{
@ -2376,6 +2394,7 @@ static struct ConfEntry conf_general_table[] =
{ "client_flood_message_time", CF_INT, NULL, 0, &ConfigFileEntry.client_flood_message_time },
{ "max_ratelimit_tokens", CF_INT, NULL, 0, &ConfigFileEntry.max_ratelimit_tokens },
{ "away_interval", CF_INT, NULL, 0, &ConfigFileEntry.away_interval },
{ "certfp_method", CF_STRING, conf_set_general_certfp_method, 0, NULL },
{ "\0", 0, NULL, 0, NULL }
};

View file

@ -819,6 +819,7 @@ set_default_conf(void)
ServerInfo.default_max_clients = MAXCONNECTIONS;
ConfigFileEntry.nicklen = NICKLEN;
ConfigFileEntry.certfp_method = RB_SSL_CERTFP_METH_SHA1;
if (!alias_dict)
alias_dict = irc_dictionary_create(strcasecmp);

View file

@ -72,6 +72,7 @@ struct _ssl_ctl
static void send_new_ssl_certs_one(ssl_ctl_t * ctl, const char *ssl_cert,
const char *ssl_private_key, const char *ssl_dh_params);
static void send_init_prng(ssl_ctl_t * ctl, prng_seed_t seedtype, const char *path);
static void send_certfp_method(ssl_ctl_t *ctl, int method);
static rb_dlink_list ssl_daemons;
@ -306,10 +307,14 @@ start_ssldaemon(int count, const char *ssl_cert, const char *ssl_private_key, co
rb_close(P1);
ctl = allocate_ssl_daemon(F1, P2, pid);
if(ssl_ok)
{
send_init_prng(ctl, RB_PRNG_DEFAULT, NULL);
if(ssl_ok && ssl_cert != NULL && ssl_private_key != NULL)
send_certfp_method(ctl, ConfigFileEntry.certfp_method);
if(ssl_cert != NULL && ssl_private_key != NULL)
send_new_ssl_certs_one(ctl, ssl_cert, ssl_private_key,
ssl_dh_params != NULL ? ssl_dh_params : "");
}
ssl_read_ctl(ctl->F, ctl);
ssl_do_pipe(P2, ctl);
@ -627,6 +632,16 @@ send_init_prng(ssl_ctl_t * ctl, prng_seed_t seedtype, const char *path)
ssl_cmd_write_queue(ctl, NULL, 0, tmpbuf, len);
}
static void
send_certfp_method(ssl_ctl_t *ctl, int method)
{
char buf[5];
buf[0] = 'F';
int32_to_buf(&buf[1], method);
ssl_cmd_write_queue(ctl, NULL, 0, buf, sizeof(buf));
}
void
send_new_ssl_certs(const char *ssl_cert, const char *ssl_private_key, const char *ssl_dh_params)
{