adam/znc
1
0
Fork 0
mirror of https://github.com/znc/znc.git synced 2026-06-23 19:42:02 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #1019 from jpnurmi/ssl

Browse Source 
CZNC: add missing SSL-related getters and setters
This commit is contained in:
Alexey Sokolov
2015-08-07 09:26:43 +01:00
parent 483074cbf8 a13b4a8e46
commit 71fc592bfa
2 changed files with 61 additions and 36 deletions
Download Patch File Download Diff File Expand all files Collapse all files
include/znc/znc.h
+6
View File
@@ -104,6 +104,9 @@ public:
void SetProtectWebSessions(bool b) { m_bProtectWebSessions = b; }
void SetHideVersion(bool b) { m_bHideVersion = b; }
void SetConnectDelay(unsigned int i);
void SetSSLCiphers(const CString& sCiphers) { m_sSSLCiphers = sCiphers; }
bool SetSSLProtocols(const CString& sProtocols);
void SetSSLCertFile(const CString& sFile) { m_sSSLCertFile = sFile; }
// !Setters
// Getters
@@ -133,7 +136,10 @@ public:
bool GetProtectWebSessions() const { return m_bProtectWebSessions; }
bool GetHideVersion() const { return m_bHideVersion; }
CString GetSSLCiphers() const { return m_sSSLCiphers; }
CString GetSSLProtocols() const { return m_sSSLProtocols; }
Csock::EDisableProtocol GetDisabledSSLProtocols() const { return static_cast<Csock::EDisableProtocol>(m_uDisabledSSLProtocols); }
CString GetSSLCertFile() const { return m_sSSLCertFile; }
static VCString GetAvailableSSLProtocols();
// !Getters
// Static allocator
src/znc.cpp
+55 -36
View File
@@ -1099,42 +1099,13 @@ bool CZNC::LoadGlobal(CConfig& config, CString& sError) {
m_bProtectWebSessions = sVal.ToBool();
if (config.FindStringEntry("hideversion", sVal))
m_bHideVersion = sVal.ToBool();
if (config.FindStringEntry("sslprotocols", m_sSSLProtocols)) {
VCString vsProtocols;
m_sSSLProtocols.Split(" ", vsProtocols, false, "", "", true, true);
for (CString& sProtocol : vsProtocols) {
unsigned int uFlag = 0;
bool bEnable = sProtocol.TrimPrefix("+");
bool bDisable = sProtocol.TrimPrefix("-");
if (sProtocol.Equals("All")) {
uFlag = ~0;
} else if (sProtocol.Equals("SSLv2")) {
uFlag = Csock::EDP_SSLv2;
} else if (sProtocol.Equals("SSLv3")) {
uFlag = Csock::EDP_SSLv3;
} else if (sProtocol.Equals("TLSv1")) {
uFlag = Csock::EDP_TLSv1;
} else if (sProtocol.Equals("TLSv1.1")) {
uFlag = Csock::EDP_TLSv1_1;
} else if (sProtocol.Equals("TLSv1.2")) {
uFlag = Csock::EDP_TLSv1_2;
} else {
CUtils::PrintError("Invalid SSLProtocols value [" + sProtocol + "]");
CUtils::PrintError("The syntax is [SSLProtocols = [+|-]<protocol> ...]");
CUtils::PrintError("Available protocols are [SSLv2, SSLv3, TLSv1, TLSv1.1, TLSv1.2]");
return false;
}
if (bEnable) {
m_uDisabledSSLProtocols &= ~uFlag;
} else if (bDisable) {
m_uDisabledSSLProtocols |= uFlag;
} else {
m_uDisabledSSLProtocols = ~uFlag;
}
if (config.FindStringEntry("sslprotocols", sVal)) {
if (!SetSSLProtocols(sVal)) {
VCString vsProtocols = GetAvailableSSLProtocols();
CUtils::PrintError("Invalid SSLProtocols value [" + sVal + "]");
CUtils::PrintError("The syntax is [SSLProtocols = [+|-]<protocol> ...]");
CUtils::PrintError("Available protocols are [" + CString(", ").Join(vsProtocols.begin(), vsProtocols.end()) + "]");
return false;
}
}
@@ -1906,6 +1877,54 @@ void CZNC::SetConnectDelay(unsigned int i) {
m_uiConnectDelay = i;
}
VCString CZNC::GetAvailableSSLProtocols()
{
// NOTE: keep in sync with SetSSLProtocols()
return {"SSLv2", "SSLv3", "TLSv1", "TLSV1.1", "TLSv1.2"};
}
bool CZNC::SetSSLProtocols(const CString& sProtocols)
{
VCString vsProtocols;
sProtocols.Split(" ", vsProtocols, false, "", "", true, true);
unsigned int uDisabledProtocols = Csock::EDP_SSL;
for (CString& sProtocol : vsProtocols) {
unsigned int uFlag = 0;
bool bEnable = sProtocol.TrimPrefix("+");
bool bDisable = sProtocol.TrimPrefix("-");
// NOTE: keep in sync with GetAvailableSSLProtocols()
if (sProtocol.Equals("All")) {
uFlag = ~0;
} else if (sProtocol.Equals("SSLv2")) {
uFlag = Csock::EDP_SSLv2;
} else if (sProtocol.Equals("SSLv3")) {
uFlag = Csock::EDP_SSLv3;
} else if (sProtocol.Equals("TLSv1")) {
uFlag = Csock::EDP_TLSv1;
} else if (sProtocol.Equals("TLSv1.1")) {
uFlag = Csock::EDP_TLSv1_1;
} else if (sProtocol.Equals("TLSv1.2")) {
uFlag = Csock::EDP_TLSv1_2;
} else {
return false;
}
if (bEnable) {
uDisabledProtocols &= ~uFlag;
} else if (bDisable) {
uDisabledProtocols |= uFlag;
} else {
uDisabledProtocols = ~uFlag;
}
}
m_sSSLProtocols = sProtocols;
m_uDisabledSSLProtocols = uDisabledProtocols;
return true;
}
void CZNC::EnableConnectQueue() {
if (!m_pConnectQueueTimer && !m_uiConnectPaused && !m_lpConnectQueue.empty()) {
m_pConnectQueueTimer = new CConnectQueueTimer(m_uiConnectDelay);