From 1f608e600bfb77a3e9bf013690515de65ec08a7d Mon Sep 17 00:00:00 2001 From: Sadie Powell Date: Sun, 30 May 2021 06:25:09 +0100 Subject: Require opting out of SSL verification in /server and /reconnect. --- src/common/outbound.c | 34 ++++++++++++++++++++++------------ 1 file changed, 22 insertions(+), 12 deletions(-) diff --git a/src/common/outbound.c b/src/common/outbound.c index e8d35c96..0248a58d 100644 --- a/src/common/outbound.c +++ b/src/common/outbound.c @@ -3225,16 +3225,19 @@ cmd_reconnect (struct session *sess, char *tbuf, char *word[], char *word_eol[]) else if (*word[2]) { int offset = 0; -#ifdef USE_OPENSSL - int use_ssl = FALSE; - if (strcmp (word[2], "-ssl") == 0) +#ifdef USE_OPENSSL + if (g_strcmp0 (word[2], "-ssl") == 0) + { + serv->use_ssl = TRUE; + serv->accept_invalid_cert = FALSE; + offset++; /* args move up by 1 word */ + } else if (g_strcmp0 (word[2], "-ssl-noverify") == 0) { - use_ssl = TRUE; + serv->use_ssl = TRUE; + serv->accept_invalid_cert = TRUE; offset++; /* args move up by 1 word */ } - serv->use_ssl = use_ssl; - serv->accept_invalid_cert = TRUE; #endif if (*word[4+offset]) @@ -3422,15 +3425,22 @@ cmd_server (struct session *sess, char *tbuf, char *word[], char *word_eol[]) char *channel = NULL; char *key = NULL; int use_ssl = FALSE; + int use_ssl_noverify = FALSE; int is_url = TRUE; server *serv = sess->server; ircnet *net = NULL; #ifdef USE_OPENSSL /* BitchX uses -ssl, mIRC uses -e, let's support both */ - if (strcmp (word[2], "-ssl") == 0 || strcmp (word[2], "-e") == 0) + if (g_strcmp0 (word[2], "-ssl") == 0 || g_strcmp0 (word[2], "-e") == 0) + { + use_ssl = TRUE; + offset++; /* args move up by 1 word */ + } + else if (g_strcmp0 (word[2], "-ssl-noverify") == 0) { use_ssl = TRUE; + use_ssl_noverify = TRUE; offset++; /* args move up by 1 word */ } #endif @@ -3497,7 +3507,7 @@ cmd_server (struct session *sess, char *tbuf, char *word[], char *word_eol[]) #ifdef USE_OPENSSL serv->use_ssl = use_ssl; - serv->accept_invalid_cert = TRUE; + serv->accept_invalid_cert = use_ssl_noverify; #endif /* try to connect by Network name */ @@ -3528,7 +3538,7 @@ cmd_servchan (struct session *sess, char *tbuf, char *word[], int offset = 0; #ifdef USE_OPENSSL - if (strcmp (word[2], "-ssl") == 0) + if (g_strcmp0 (word[2], "-ssl") == 0 || g_strcmp0 (word[2], "-ssl-noverify") == 0) offset++; #endif @@ -4077,7 +4087,7 @@ const struct commands xc_cmds[] = { N_("QUOTE , sends the text in raw form to the server")}, #ifdef USE_OPENSSL {"RECONNECT", cmd_reconnect, 0, 0, 1, - N_("RECONNECT [-ssl] [] [] [], Can be called just as /RECONNECT to reconnect to the current server or with /RECONNECT ALL to reconnect to all the open servers")}, + N_("RECONNECT [-ssl|-ssl-noverify] [] [] [], Can be called just as /RECONNECT to reconnect to the current server or with /RECONNECT ALL to reconnect to all the open servers")}, #else {"RECONNECT", cmd_reconnect, 0, 0, 1, N_("RECONNECT [] [] [], Can be called just as /RECONNECT to reconnect to the current server or with /RECONNECT ALL to reconnect to all the open servers")}, @@ -4089,14 +4099,14 @@ const struct commands xc_cmds[] = { {"SEND", cmd_send, 0, 0, 1, N_("SEND []")}, #ifdef USE_OPENSSL {"SERVCHAN", cmd_servchan, 0, 0, 1, - N_("SERVCHAN [-ssl] , connects and joins a channel")}, + N_("SERVCHAN [-ssl|-ssl-noverify] , connects and joins a channel")}, #else {"SERVCHAN", cmd_servchan, 0, 0, 1, N_("SERVCHAN , connects and joins a channel")}, #endif #ifdef USE_OPENSSL {"SERVER", cmd_server, 0, 0, 1, - N_("SERVER [-ssl] [] [], connects to a server, the default port is 6667 for normal connections, and 6697 for ssl connections")}, + N_("SERVER [-ssl|-ssl-noverify] [] [], connects to a server, the default port is 6667 for normal connections, and 6697 for ssl connections")}, #else {"SERVER", cmd_server, 0, 0, 1, N_("SERVER [] [], connects to a server, the default port is 6667")}, -- cgit 1.4.1