mr_server: Handle certificate validation errors.
When certificate validation fails, the certificate fingerprint won't be calculated, resulting in an attempt to format NULL into a log line showing the fingerprint. Instead, add a different error message for missing fingerprint (i.e. validation failed).
This commit is contained in:
parent
d57ff45c68
commit
df0c70dd1f
1 changed files with 18 additions and 6 deletions
|
@ -189,13 +189,25 @@ mr_server(struct MsgBuf *msgbuf_p, struct Client *client_p, struct Client *sourc
|
||||||
exit_client(client_p, client_p, client_p, "Access denied, requires SSL/TLS but is plaintext");
|
exit_client(client_p, client_p, client_p, "Access denied, requires SSL/TLS but is plaintext");
|
||||||
return;
|
return;
|
||||||
case -6:
|
case -6:
|
||||||
sendto_realops_snomask(SNO_GENERAL, L_ALL,
|
if (client_p->certfp)
|
||||||
"Connection from servername %s has invalid certificate fingerprint %s",
|
{
|
||||||
name, client_p->certfp);
|
sendto_realops_snomask(SNO_GENERAL, L_ALL,
|
||||||
ilog(L_SERVER, "Access denied, invalid certificate fingerprint %s from %s",
|
"Connection from servername %s has invalid certificate fingerprint %s",
|
||||||
client_p->certfp, log_client_name(client_p, SHOW_IP));
|
name, client_p->certfp);
|
||||||
|
ilog(L_SERVER, "Access denied, invalid certificate fingerprint %s from %s",
|
||||||
|
client_p->certfp, log_client_name(client_p, SHOW_IP));
|
||||||
|
exit_client(client_p, client_p, client_p, "Invalid fingerprint.");
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
sendto_realops_snomask(SNO_GENERAL, L_ALL,
|
||||||
|
"Connection from servername %s failed certificate validation",
|
||||||
|
name);
|
||||||
|
ilog(L_SERVER, "Access denied; certificate validation failed for certificate from %s",
|
||||||
|
log_client_name(client_p, SHOW_IP));
|
||||||
|
exit_client(client_p, client_p, client_p, "Invalid certificate.");
|
||||||
|
}
|
||||||
|
|
||||||
exit_client(client_p, client_p, client_p, "Invalid fingerprint.");
|
|
||||||
return;
|
return;
|
||||||
default:
|
default:
|
||||||
sendto_realops_snomask(SNO_GENERAL, L_ALL,
|
sendto_realops_snomask(SNO_GENERAL, L_ALL,
|
||||||
|
|
Loading…
Reference in a new issue