mr_server: Handle certificate validation errors.

When certificate validation fails, the certificate fingerprint won't be
calculated, resulting in an attempt to format NULL into a log line
showing the fingerprint. Instead, add a different error message for
missing fingerprint (i.e. validation failed).
This commit is contained in:
Keith Buck 2016-12-09 10:01:22 +00:00
parent d57ff45c68
commit df0c70dd1f

View file

@ -189,13 +189,25 @@ mr_server(struct MsgBuf *msgbuf_p, struct Client *client_p, struct Client *sourc
exit_client(client_p, client_p, client_p, "Access denied, requires SSL/TLS but is plaintext");
return;
case -6:
sendto_realops_snomask(SNO_GENERAL, L_ALL,
"Connection from servername %s has invalid certificate fingerprint %s",
name, client_p->certfp);
ilog(L_SERVER, "Access denied, invalid certificate fingerprint %s from %s",
client_p->certfp, log_client_name(client_p, SHOW_IP));
if (client_p->certfp)
{
sendto_realops_snomask(SNO_GENERAL, L_ALL,
"Connection from servername %s has invalid certificate fingerprint %s",
name, client_p->certfp);
ilog(L_SERVER, "Access denied, invalid certificate fingerprint %s from %s",
client_p->certfp, log_client_name(client_p, SHOW_IP));
exit_client(client_p, client_p, client_p, "Invalid fingerprint.");
}
else
{
sendto_realops_snomask(SNO_GENERAL, L_ALL,
"Connection from servername %s failed certificate validation",
name);
ilog(L_SERVER, "Access denied; certificate validation failed for certificate from %s",
log_client_name(client_p, SHOW_IP));
exit_client(client_p, client_p, client_p, "Invalid certificate.");
}
exit_client(client_p, client_p, client_p, "Invalid fingerprint.");
return;
default:
sendto_realops_snomask(SNO_GENERAL, L_ALL,