diff options
| author | Adam <Adam@anope.org> | 2013-04-12 01:14:56 -0500 |
|---|---|---|
| committer | Adam <Adam@anope.org> | 2013-04-12 01:14:56 -0500 |
| commit | 066fc5801b4e0d8174cf279473a1c9936bc5502a (patch) | |
| tree | 6dc86b87fa71bb33d6fcf66cb78a8e895458455e | |
| parent | 416eaa1e667186e0f935b3d08e98090753114d34 (diff) | |
Fix m_ssl
| -rw-r--r-- | modules/extra/m_ssl.cpp | 73 |
1 files changed, 37 insertions, 36 deletions
diff --git a/modules/extra/m_ssl.cpp b/modules/extra/m_ssl.cpp index c64e04af5..95de6694a 100644 --- a/modules/extra/m_ssl.cpp +++ b/modules/extra/m_ssl.cpp @@ -107,13 +107,47 @@ class SSLModule : public Module if (!client_ctx || !server_ctx) throw ModuleException("Error initializing SSL CTX"); + SSL_CTX_set_mode(client_ctx, SSL_MODE_ENABLE_PARTIAL_WRITE | SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER); + SSL_CTX_set_mode(server_ctx, SSL_MODE_ENABLE_PARTIAL_WRITE | SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER); + + SSL_CTX_set_verify(client_ctx, SSL_VERIFY_PEER | SSL_VERIFY_CLIENT_ONCE, SSLModule::AlwaysAccept); + SSL_CTX_set_verify(server_ctx, SSL_VERIFY_PEER | SSL_VERIFY_CLIENT_ONCE, SSLModule::AlwaysAccept); + + Anope::string context_name = "Anope"; + SSL_CTX_set_session_id_context(client_ctx, reinterpret_cast<const unsigned char *>(context_name.c_str()), context_name.length()); + SSL_CTX_set_session_id_context(server_ctx, reinterpret_cast<const unsigned char *>(context_name.c_str()), context_name.length()); + + ModuleManager::Attach(I_OnReload, this); + ModuleManager::Attach(I_OnPreServerConnect, this); + } + + ~SSLModule() + { + for (std::map<int, Socket *>::const_iterator it = SocketEngine::Sockets.begin(), it_end = SocketEngine::Sockets.end(); it != it_end;) + { + Socket *s = it->second; + ++it; + + if (dynamic_cast<SSLSocketIO *>(s->io)) + delete s; + } + + SSL_CTX_free(client_ctx); + SSL_CTX_free(server_ctx); + } + + void OnReload(ServerConfig *conf, ConfigReader &reader) anope_override + { + this->certfile = reader.ReadValue("ssl", "cert", "data/anope.crt", 0); + this->keyfile = reader.ReadValue("ssl", "key", "data/anope.key", 0); + if (Anope::IsFile(this->certfile.c_str())) { if (!SSL_CTX_use_certificate_file(client_ctx, this->certfile.c_str(), SSL_FILETYPE_PEM) || !SSL_CTX_use_certificate_file(server_ctx, this->certfile.c_str(), SSL_FILETYPE_PEM)) { SSL_CTX_free(client_ctx); SSL_CTX_free(server_ctx); - throw ModuleException("Error loading certificate"); + throw ConfigException("Error loading certificate"); } else Log(LOG_DEBUG) << "m_ssl: Successfully loaded certificate " << this->certfile; @@ -127,7 +161,7 @@ class SSLModule : public Module { SSL_CTX_free(client_ctx); SSL_CTX_free(server_ctx); - throw ModuleException("Error loading private key"); + throw ConfigException("Error loading private key"); } else Log(LOG_DEBUG) << "m_ssl: Successfully loaded private key " << this->keyfile; @@ -138,45 +172,12 @@ class SSLModule : public Module { SSL_CTX_free(client_ctx); SSL_CTX_free(server_ctx); - throw ModuleException("Error loading private key " + this->keyfile + " - file not found"); + throw ConfigException("Error loading private key " + this->keyfile + " - file not found"); } else Log() << "Unable to open private key " << this->keyfile; } - SSL_CTX_set_mode(client_ctx, SSL_MODE_ENABLE_PARTIAL_WRITE | SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER); - SSL_CTX_set_mode(server_ctx, SSL_MODE_ENABLE_PARTIAL_WRITE | SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER); - - SSL_CTX_set_verify(client_ctx, SSL_VERIFY_PEER | SSL_VERIFY_CLIENT_ONCE, SSLModule::AlwaysAccept); - SSL_CTX_set_verify(server_ctx, SSL_VERIFY_PEER | SSL_VERIFY_CLIENT_ONCE, SSLModule::AlwaysAccept); - - Anope::string context_name = "Anope"; - SSL_CTX_set_session_id_context(client_ctx, reinterpret_cast<const unsigned char *>(context_name.c_str()), context_name.length()); - SSL_CTX_set_session_id_context(server_ctx, reinterpret_cast<const unsigned char *>(context_name.c_str()), context_name.length()); - - ModuleManager::Attach(I_OnReload, this); - ModuleManager::Attach(I_OnPreServerConnect, this); - } - - ~SSLModule() - { - for (std::map<int, Socket *>::const_iterator it = SocketEngine::Sockets.begin(), it_end = SocketEngine::Sockets.end(); it != it_end;) - { - Socket *s = it->second; - ++it; - - if (dynamic_cast<SSLSocketIO *>(s->io)) - delete s; - } - - SSL_CTX_free(client_ctx); - SSL_CTX_free(server_ctx); - } - - void OnReload(ServerConfig *conf, ConfigReader &reader) anope_override - { - this->certfile = reader.ReadValue("ssl", "cert", "data/anope.crt", 0); - this->keyfile = reader.ReadValue("ssl", "key", "data/anope.key", 0); } void OnPreServerConnect() anope_override |