mr_server: Handle certificate validation errors.
When certificate validation fails, the certificate fingerprint won't be calculated, resulting in an attempt to format NULL into a log line showing the fingerprint. Instead, add a different error message for missing fingerprint (i.e. validation failed).
This commit is contained in:
Keith Buck
parent
d57ff45c68
commit
df0c70dd1f
1 changed files with 18 additions and 6 deletions
|
|
@ -189,13 +189,25 @@ mr_server(struct MsgBuf *msgbuf_p, struct Client *client_p, struct Client *sourc
|
|||
exit_client(client_p, client_p, client_p, "Access denied, requires SSL/TLS but is plaintext");
|
||||
return;
|
||||
case -6:
|
||||
sendto_realops_snomask(SNO_GENERAL, L_ALL,
|
||||
"Connection from servername %s has invalid certificate fingerprint %s",
|
||||
name, client_p->certfp);
|
||||
ilog(L_SERVER, "Access denied, invalid certificate fingerprint %s from %s",
|
||||
client_p->certfp, log_client_name(client_p, SHOW_IP));
|
||||
if (client_p->certfp)
|
||||
{
|
||||
sendto_realops_snomask(SNO_GENERAL, L_ALL,
|
||||
"Connection from servername %s has invalid certificate fingerprint %s",
|
||||
name, client_p->certfp);
|
||||
ilog(L_SERVER, "Access denied, invalid certificate fingerprint %s from %s",
|
||||
client_p->certfp, log_client_name(client_p, SHOW_IP));
|
||||
exit_client(client_p, client_p, client_p, "Invalid fingerprint.");
|
||||
}
|
||||
else
|
||||
{
|
||||
sendto_realops_snomask(SNO_GENERAL, L_ALL,
|
||||
"Connection from servername %s failed certificate validation",
|
||||
name);
|
||||
ilog(L_SERVER, "Access denied; certificate validation failed for certificate from %s",
|
||||
log_client_name(client_p, SHOW_IP));
|
||||
exit_client(client_p, client_p, client_p, "Invalid certificate.");
|
||||
}
|
||||
|
||||
exit_client(client_p, client_p, client_p, "Invalid fingerprint.");
|
||||
return;
|
||||
default:
|
||||
sendto_realops_snomask(SNO_GENERAL, L_ALL,
|
||||
|
|
|
|||
Loading…
Reference in a new issue