mr_server: Handle certificate validation errors.

When certificate validation fails, the certificate fingerprint won't be
calculated, resulting in an attempt to format NULL into a log line
showing the fingerprint. Instead, add a different error message for
missing fingerprint (i.e. validation failed).

modules/core/m_server.c

@@ -189,13 +189,25 @@ mr_server(struct MsgBuf *msgbuf_p, struct Client *client_p, struct Client *sourc
 		exit_client(client_p, client_p, client_p, "Access denied, requires SSL/TLS but is plaintext");
 		return;
 	case -6:
-		sendto_realops_snomask(SNO_GENERAL, L_ALL,
+		if (client_p->certfp)
-		     "Connection from servername %s has invalid certificate fingerprint %s",
+		{
-		     name, client_p->certfp);
+			sendto_realops_snomask(SNO_GENERAL, L_ALL,
-		ilog(L_SERVER, "Access denied, invalid certificate fingerprint %s from %s",
+			     "Connection from servername %s has invalid certificate fingerprint %s",
-		     client_p->certfp, log_client_name(client_p, SHOW_IP));
+			     name, client_p->certfp);
+			ilog(L_SERVER, "Access denied, invalid certificate fingerprint %s from %s",
+			     client_p->certfp, log_client_name(client_p, SHOW_IP));
+			exit_client(client_p, client_p, client_p, "Invalid fingerprint.");
+		}
+		else
+		{
+			sendto_realops_snomask(SNO_GENERAL, L_ALL,
+			    "Connection from servername %s failed certificate validation",
+			    name);
+			ilog(L_SERVER, "Access denied; certificate validation failed for certificate from %s",
+			    log_client_name(client_p, SHOW_IP));
+			exit_client(client_p, client_p, client_p, "Invalid certificate.");
+		}
 
-		exit_client(client_p, client_p, client_p, "Invalid fingerprint.");
 		return;
 	default:
 		sendto_realops_snomask(SNO_GENERAL, L_ALL,