From 8ff07125c3480479784e2c6b8565f3c88dd41104 Mon Sep 17 00:00:00 2001
From: Jilles Tjoelker <jilles@stack.nl>
Date: Sat, 3 Nov 2012 15:50:43 +0100
Subject: [PATCH] starttls: Explicitly reject starttls if TLS is not configured
 or not compiled in.

---
 modules/m_starttls.c | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/modules/m_starttls.c b/modules/m_starttls.c
index 346446fca..a08267369 100644
--- a/modules/m_starttls.c
+++ b/modules/m_starttls.c
@@ -51,6 +51,12 @@ mr_starttls(struct Client *client_p, struct Client *source_p, int parc, const ch
 	if (!MyConnect(client_p))
 		return 0;
 
+	if (!ssl_ok || !get_ssld_count())
+	{
+		sendto_one_numeric(client_p, ERR_STARTTLS, form_str(ERR_STARTTLS), "TLS is not configured");
+		return 1;
+	}
+
 	if (rb_socketpair(AF_UNIX, SOCK_STREAM, 0, &F[0], &F[1], "STARTTLS ssld session") == -1)
 	{
 		ilog_error("error creating SSL/TLS socketpair for ssld slave");
@@ -79,5 +85,6 @@ mr_starttls(struct Client *client_p, struct Client *source_p, int parc, const ch
 		return 1;
 
 #endif
+	sendto_one_numeric(client_p, ERR_STARTTLS, form_str(ERR_STARTTLS), "TLS is not configured");
 	return 0;
 }