mr_server: Handle certificate validation errors.

When certificate validation fails, the certificate fingerprint won't be
calculated, resulting in an attempt to format NULL into a log line
showing the fingerprint. Instead, add a different error message for
missing fingerprint (i.e. validation failed).
This commit is contained in:
Keith Buck 2016-12-09 10:01:22 +00:00
parent 5fd7e2bb8c
commit a91a4515c9

View file

@ -189,13 +189,25 @@ mr_server(struct Client *client_p, struct Client *source_p, int parc, const char
exit_client(client_p, client_p, client_p, "Access denied, requires SSL/TLS but is plaintext"); exit_client(client_p, client_p, client_p, "Access denied, requires SSL/TLS but is plaintext");
return 0; return 0;
case -6: case -6:
sendto_realops_snomask(SNO_GENERAL, L_ALL, if (client_p->certfp)
"Connection from servername %s has invalid certificate fingerprint %s", {
name, client_p->certfp); sendto_realops_snomask(SNO_GENERAL, L_ALL,
ilog(L_SERVER, "Access denied, invalid certificate fingerprint %s from %s", "Connection from servername %s has invalid certificate fingerprint %s",
client_p->certfp, log_client_name(client_p, SHOW_IP)); name, client_p->certfp);
ilog(L_SERVER, "Access denied, invalid certificate fingerprint %s from %s",
client_p->certfp, log_client_name(client_p, SHOW_IP));
exit_client(client_p, client_p, client_p, "Invalid fingerprint.");
}
else
{
sendto_realops_snomask(SNO_GENERAL, L_ALL,
"Connection from servername %s failed certificate validation",
name);
ilog(L_SERVER, "Access denied; certificate validation failed for certificate from %s",
log_client_name(client_p, SHOW_IP));
exit_client(client_p, client_p, client_p, "Invalid certificate.");
}
exit_client(client_p, client_p, client_p, "Invalid fingerprint.");
return 0; return 0;
default: default:
sendto_realops_snomask(SNO_GENERAL, L_ALL, sendto_realops_snomask(SNO_GENERAL, L_ALL,