mirror of
https://github.com/matrix-construct/construct
synced 2024-11-16 15:00:51 +01:00
allow certfp method to be configured
This commit is contained in:
parent
772c95cc7a
commit
13d8f0edba
6 changed files with 46 additions and 3 deletions
|
@ -536,6 +536,7 @@ general {
|
|||
throttle_count = 4;
|
||||
max_ratelimit_tokens = 30;
|
||||
away_interval = 30;
|
||||
certfp_method = sha1;
|
||||
};
|
||||
|
||||
modules {
|
||||
|
|
|
@ -1294,6 +1294,12 @@ general {
|
|||
* counts.
|
||||
*/
|
||||
away_interval = 30;
|
||||
|
||||
/* certfp_method: the method that should be used for computing certificate fingerprints.
|
||||
* Acceptable options are sha1, sha256 and sha512. Networks running versions of charybdis
|
||||
* prior to charybdis 3.5 MUST use sha1 for certfp_method.
|
||||
*/
|
||||
certfp_method = sha1;
|
||||
};
|
||||
|
||||
modules {
|
||||
|
|
|
@ -234,6 +234,7 @@ struct config_file_entry
|
|||
int client_flood_message_num;
|
||||
|
||||
unsigned int nicklen;
|
||||
int certfp_method;
|
||||
};
|
||||
|
||||
struct config_channel_entry
|
||||
|
|
|
@ -1644,6 +1644,24 @@ conf_set_general_oper_umodes(void *data)
|
|||
set_modes_from_table(&ConfigFileEntry.oper_umodes, "umode", umode_table, data);
|
||||
}
|
||||
|
||||
static void
|
||||
conf_set_general_certfp_method(void *data)
|
||||
{
|
||||
char *method = data;
|
||||
|
||||
if (!strcasecmp(method, "sha1"))
|
||||
ConfigFileEntry.certfp_method = RB_SSL_CERTFP_METH_SHA1;
|
||||
else if (!strcasecmp(method, "sha256"))
|
||||
ConfigFileEntry.certfp_method = RB_SSL_CERTFP_METH_SHA256;
|
||||
else if (!strcasecmp(method, "sha512"))
|
||||
ConfigFileEntry.certfp_method = RB_SSL_CERTFP_METH_SHA512;
|
||||
else
|
||||
{
|
||||
ConfigFileEntry.certfp_method = RB_SSL_CERTFP_METH_SHA1;
|
||||
conf_report_error("Ignoring general::certfp_method -- bogus certfp method %s", method);
|
||||
}
|
||||
}
|
||||
|
||||
static void
|
||||
conf_set_general_oper_only_umodes(void *data)
|
||||
{
|
||||
|
@ -2376,6 +2394,7 @@ static struct ConfEntry conf_general_table[] =
|
|||
{ "client_flood_message_time", CF_INT, NULL, 0, &ConfigFileEntry.client_flood_message_time },
|
||||
{ "max_ratelimit_tokens", CF_INT, NULL, 0, &ConfigFileEntry.max_ratelimit_tokens },
|
||||
{ "away_interval", CF_INT, NULL, 0, &ConfigFileEntry.away_interval },
|
||||
{ "certfp_method", CF_STRING, conf_set_general_certfp_method, 0, NULL },
|
||||
{ "\0", 0, NULL, 0, NULL }
|
||||
};
|
||||
|
||||
|
|
|
@ -819,6 +819,7 @@ set_default_conf(void)
|
|||
ServerInfo.default_max_clients = MAXCONNECTIONS;
|
||||
|
||||
ConfigFileEntry.nicklen = NICKLEN;
|
||||
ConfigFileEntry.certfp_method = RB_SSL_CERTFP_METH_SHA1;
|
||||
|
||||
if (!alias_dict)
|
||||
alias_dict = irc_dictionary_create(strcasecmp);
|
||||
|
|
|
@ -72,6 +72,7 @@ struct _ssl_ctl
|
|||
static void send_new_ssl_certs_one(ssl_ctl_t * ctl, const char *ssl_cert,
|
||||
const char *ssl_private_key, const char *ssl_dh_params);
|
||||
static void send_init_prng(ssl_ctl_t * ctl, prng_seed_t seedtype, const char *path);
|
||||
static void send_certfp_method(ssl_ctl_t *ctl, int method);
|
||||
|
||||
|
||||
static rb_dlink_list ssl_daemons;
|
||||
|
@ -306,10 +307,14 @@ start_ssldaemon(int count, const char *ssl_cert, const char *ssl_private_key, co
|
|||
rb_close(P1);
|
||||
ctl = allocate_ssl_daemon(F1, P2, pid);
|
||||
if(ssl_ok)
|
||||
{
|
||||
send_init_prng(ctl, RB_PRNG_DEFAULT, NULL);
|
||||
if(ssl_ok && ssl_cert != NULL && ssl_private_key != NULL)
|
||||
send_certfp_method(ctl, ConfigFileEntry.certfp_method);
|
||||
|
||||
if(ssl_cert != NULL && ssl_private_key != NULL)
|
||||
send_new_ssl_certs_one(ctl, ssl_cert, ssl_private_key,
|
||||
ssl_dh_params != NULL ? ssl_dh_params : "");
|
||||
}
|
||||
ssl_read_ctl(ctl->F, ctl);
|
||||
ssl_do_pipe(P2, ctl);
|
||||
|
||||
|
@ -627,6 +632,16 @@ send_init_prng(ssl_ctl_t * ctl, prng_seed_t seedtype, const char *path)
|
|||
ssl_cmd_write_queue(ctl, NULL, 0, tmpbuf, len);
|
||||
}
|
||||
|
||||
static void
|
||||
send_certfp_method(ssl_ctl_t *ctl, int method)
|
||||
{
|
||||
char buf[5];
|
||||
|
||||
buf[0] = 'F';
|
||||
int32_to_buf(&buf[1], method);
|
||||
ssl_cmd_write_queue(ctl, NULL, 0, buf, sizeof(buf));
|
||||
}
|
||||
|
||||
void
|
||||
send_new_ssl_certs(const char *ssl_cert, const char *ssl_private_key, const char *ssl_dh_params)
|
||||
{
|
||||
|
|
Loading…
Reference in a new issue