From a13b4a8e468f52937b787015b08dac014f7730fc Mon Sep 17 00:00:00 2001
From: J-P Nurmi <jpnurmi@gmail.com>
Date: Tue, 4 Aug 2015 23:50:11 +0200
Subject: [PATCH] CZNC: add missing SSL-related getters and setters

- SSLCiphers
- SSLProtocols
- SSLCertFile
---
 include/znc/znc.h |  6 ++++
 src/znc.cpp       | 91 ++++++++++++++++++++++++++++-------------------
 2 files changed, 61 insertions(+), 36 deletions(-)

diff --git a/include/znc/znc.h b/include/znc/znc.h
index d6acba8d..bbd7506f 100644
--- a/include/znc/znc.h
+++ b/include/znc/znc.h
@@ -104,6 +104,9 @@ public:
 	void SetProtectWebSessions(bool b) { m_bProtectWebSessions = b; }
 	void SetHideVersion(bool b) { m_bHideVersion = b; }
 	void SetConnectDelay(unsigned int i);
+	void SetSSLCiphers(const CString& sCiphers) { m_sSSLCiphers = sCiphers; }
+	bool SetSSLProtocols(const CString& sProtocols);
+	void SetSSLCertFile(const CString& sFile) { m_sSSLCertFile = sFile; }
 	// !Setters
 
 	// Getters
@@ -133,7 +136,10 @@ public:
 	bool GetProtectWebSessions() const { return m_bProtectWebSessions; }
 	bool GetHideVersion() const { return m_bHideVersion; }
 	CString GetSSLCiphers() const { return m_sSSLCiphers; }
+	CString GetSSLProtocols() const { return m_sSSLProtocols; }
 	Csock::EDisableProtocol GetDisabledSSLProtocols() const { return static_cast<Csock::EDisableProtocol>(m_uDisabledSSLProtocols); }
+	CString GetSSLCertFile() const { return m_sSSLCertFile; }
+	static VCString GetAvailableSSLProtocols();
 	// !Getters
 
 	// Static allocator
diff --git a/src/znc.cpp b/src/znc.cpp
index 624b92ce..fe2d3594 100644
--- a/src/znc.cpp
+++ b/src/znc.cpp
@@ -1098,42 +1098,13 @@ bool CZNC::LoadGlobal(CConfig& config, CString& sError) {
 		m_bProtectWebSessions = sVal.ToBool();
 	if (config.FindStringEntry("hideversion", sVal))
 		m_bHideVersion = sVal.ToBool();
-
-	if (config.FindStringEntry("sslprotocols", m_sSSLProtocols)) {
-		VCString vsProtocols;
-		m_sSSLProtocols.Split(" ", vsProtocols, false, "", "", true, true);
-
-		for (CString& sProtocol : vsProtocols) {
-			unsigned int uFlag = 0;
-			bool bEnable = sProtocol.TrimPrefix("+");
-			bool bDisable = sProtocol.TrimPrefix("-");
-
-			if (sProtocol.Equals("All")) {
-				uFlag = ~0;
-			} else if (sProtocol.Equals("SSLv2")) {
-				uFlag = Csock::EDP_SSLv2;
-			} else if (sProtocol.Equals("SSLv3")) {
-				uFlag = Csock::EDP_SSLv3;
-			} else if (sProtocol.Equals("TLSv1")) {
-				uFlag = Csock::EDP_TLSv1;
-			} else if (sProtocol.Equals("TLSv1.1")) {
-				uFlag = Csock::EDP_TLSv1_1;
-			} else if (sProtocol.Equals("TLSv1.2")) {
-				uFlag = Csock::EDP_TLSv1_2;
-			} else {
-				CUtils::PrintError("Invalid SSLProtocols value [" + sProtocol + "]");
-				CUtils::PrintError("The syntax is [SSLProtocols = [+|-]<protocol> ...]");
-				CUtils::PrintError("Available protocols are [SSLv2, SSLv3, TLSv1, TLSv1.1, TLSv1.2]");
-				return false;
-			}
-
-			if (bEnable) {
-				m_uDisabledSSLProtocols &= ~uFlag;
-			} else if (bDisable) {
-				m_uDisabledSSLProtocols |= uFlag;
-			} else {
-				m_uDisabledSSLProtocols = ~uFlag;
-			}
+	if (config.FindStringEntry("sslprotocols", sVal)) {
+		if (!SetSSLProtocols(sVal)) {
+			VCString vsProtocols = GetAvailableSSLProtocols();
+			CUtils::PrintError("Invalid SSLProtocols value [" + sVal + "]");
+			CUtils::PrintError("The syntax is [SSLProtocols = [+|-]<protocol> ...]");
+			CUtils::PrintError("Available protocols are [" + CString(", ").Join(vsProtocols.begin(), vsProtocols.end()) + "]");
+			return false;
 		}
 	}
 
@@ -1905,6 +1876,54 @@ void CZNC::SetConnectDelay(unsigned int i) {
 	m_uiConnectDelay = i;
 }
 
+VCString CZNC::GetAvailableSSLProtocols()
+{
+	// NOTE: keep in sync with SetSSLProtocols()
+	return {"SSLv2", "SSLv3", "TLSv1", "TLSV1.1", "TLSv1.2"};
+}
+
+bool CZNC::SetSSLProtocols(const CString& sProtocols)
+{
+	VCString vsProtocols;
+	sProtocols.Split(" ", vsProtocols, false, "", "", true, true);
+
+	unsigned int uDisabledProtocols = Csock::EDP_SSL;
+	for (CString& sProtocol : vsProtocols) {
+		unsigned int uFlag = 0;
+		bool bEnable = sProtocol.TrimPrefix("+");
+		bool bDisable = sProtocol.TrimPrefix("-");
+
+		// NOTE: keep in sync with GetAvailableSSLProtocols()
+		if (sProtocol.Equals("All")) {
+			uFlag = ~0;
+		} else if (sProtocol.Equals("SSLv2")) {
+			uFlag = Csock::EDP_SSLv2;
+		} else if (sProtocol.Equals("SSLv3")) {
+			uFlag = Csock::EDP_SSLv3;
+		} else if (sProtocol.Equals("TLSv1")) {
+			uFlag = Csock::EDP_TLSv1;
+		} else if (sProtocol.Equals("TLSv1.1")) {
+			uFlag = Csock::EDP_TLSv1_1;
+		} else if (sProtocol.Equals("TLSv1.2")) {
+			uFlag = Csock::EDP_TLSv1_2;
+		} else {
+			return false;
+		}
+
+		if (bEnable) {
+			uDisabledProtocols &= ~uFlag;
+		} else if (bDisable) {
+			uDisabledProtocols |= uFlag;
+		} else {
+			uDisabledProtocols = ~uFlag;
+		}
+	}
+
+	m_sSSLProtocols = sProtocols;
+	m_uDisabledSSLProtocols = uDisabledProtocols;
+	return true;
+}
+
 void CZNC::EnableConnectQueue() {
 	if (!m_pConnectQueueTimer && !m_uiConnectPaused && !m_lpConnectQueue.empty()) {
 		m_pConnectQueueTimer = new CConnectQueueTimer(m_uiConnectDelay);