Automatically add client certificates to the cert list on register.

2 files changed, 15 insertions, 0 deletions

diff --git a/data/nickserv.example.conf b/data/nickserv.example.conf
index 7bc2a3dd0..1191bd045 100644
--- a/data/nickserv.example.conf
+++ b/data/nickserv.example.conf
@@ -287,6 +287,12 @@ module
 	name = "ns_cert"
 
 	/*
+	* Should users who are connected with a SSL client certificate have its fingerprint be added to
+	* their account when they register. Defaults to yes.
+	*/
+	automatic = yes
+
+	/*
 	 * The maximum number of entries allowed on a nickname's certificate fingerprint list.
 	 * The default is 5. This number cannot be set to 0.
 	 */
diff --git a/modules/nickserv/ns_cert.cpp b/modules/nickserv/ns_cert.cpp
index a6a0a3bfe..8a5f85ded 100644
--- a/modules/nickserv/ns_cert.cpp
+++ b/modules/nickserv/ns_cert.cpp
@@ -405,6 +405,15 @@ public:
 		Log(NickServ) << u->GetMask() << " automatically identified for account " << nc->display << " via SSL certificate fingerprint";
 	}
 
+	void OnNickRegister(User *u, NickAlias *na, const Anope::string &pass) override
+	{
+		if (!Config->GetModule(this)->Get<bool>("automatic", "yes") || u->fingerprint.empty())
+			return;
+
+		auto *cl = certs.Require(na->nc);
+		cl->AddCert(u->fingerprint);
+	}
+
 	EventReturn OnNickValidate(User *u, NickAlias *na) override
 	{
 		NSCertList *cl = certs.Get(na->nc);