From 2b17787939dbbee1da9bbfccda4edb9ffdf78919 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Mantas=20Mikul=C4=97nas?= <grawity@gmail.com>
Date: Wed, 30 Dec 2015 09:28:53 +0200
Subject: [PATCH] m_starttls: reject "STARTTLS" use over an existing TLS
 connection

---
 modules/m_starttls.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/modules/m_starttls.c b/modules/m_starttls.c
index 504df56aa..6c1530b52 100644
--- a/modules/m_starttls.c
+++ b/modules/m_starttls.c
@@ -53,6 +53,12 @@ mr_starttls(struct Client *client_p, struct Client *source_p, int parc, const ch
 	if (!MyConnect(client_p))
 		return 0;
 
+	if (IsSSL(client_p))
+	{
+		sendto_one_numeric(client_p, ERR_STARTTLS, form_str(ERR_STARTTLS), "Nested TLS handshake not allowed");
+		return 1;
+	}
+
 	if (!ssl_ok || !get_ssld_count())
 	{
 		sendto_one_numeric(client_p, ERR_STARTTLS, form_str(ERR_STARTTLS), "TLS is not configured");