From f61d09618669a6d70ee255f7615e63dc10bcf231 Mon Sep 17 00:00:00 2001
From: Simon Arlott <sa.me.uk>
Date: Mon, 25 Apr 2016 20:19:48 +0100
Subject: [PATCH] conf: require certificate fingerprint for SSL connections

---
 ircd/newconf.c | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/ircd/newconf.c b/ircd/newconf.c
index 47a5924c0..c4c9ee08e 100644
--- a/ircd/newconf.c
+++ b/ircd/newconf.c
@@ -1305,6 +1305,13 @@ conf_end_connect(struct TopConf *tc)
 		return 0;
 	}
 
+	if((yy_server->flags & SERVER_SSL) && EmptyString(yy_server->certfp))
+	{
+		conf_report_error("Ignoring connect block for %s -- no fingerprint provided for SSL connection.",
+					yy_server->name);
+		return 0;
+	}
+
 	if(EmptyString(yy_server->connect_host)
 			&& GET_SS_FAMILY(&yy_server->connect4) != AF_INET
 #ifdef RB_IPV6