summary refs log tree commit diff stats
path: root/src
diff options
context:
space:
mode:
authorSadie Powell <sadie@witchery.services>2021-05-30 06:25:09 +0100
committerPatrick <tingping@tingping.se>2021-06-17 19:47:34 -0500
commit1f608e600bfb77a3e9bf013690515de65ec08a7d (patch)
tree23b95a8be9ee00d4a028ed9e325574053d42f2b8 /src
parent747a52aae8806a9072a23ea68212767f352ac431 (diff)
Require opting out of SSL verification in /server and /reconnect.
Diffstat (limited to 'src')
-rw-r--r--src/common/outbound.c34
1 files changed, 22 insertions, 12 deletions
diff --git a/src/common/outbound.c b/src/common/outbound.c
index e8d35c96..0248a58d 100644
--- a/src/common/outbound.c
+++ b/src/common/outbound.c
@@ -3225,16 +3225,19 @@ cmd_reconnect (struct session *sess, char *tbuf, char *word[], char *word_eol[])
 	else if (*word[2])
 	{
 		int offset = 0;
-#ifdef USE_OPENSSL
-		int use_ssl = FALSE;
 
-		if (strcmp (word[2], "-ssl") == 0)
+#ifdef USE_OPENSSL
+		if (g_strcmp0 (word[2], "-ssl") == 0)
+		{
+			serv->use_ssl = TRUE;
+			serv->accept_invalid_cert = FALSE;
+			offset++;	/* args move up by 1 word */
+		} else if (g_strcmp0 (word[2], "-ssl-noverify") == 0)
 		{
-			use_ssl = TRUE;
+			serv->use_ssl = TRUE;
+			serv->accept_invalid_cert = TRUE;
 			offset++;	/* args move up by 1 word */
 		}
-		serv->use_ssl = use_ssl;
-		serv->accept_invalid_cert = TRUE;
 #endif
 
 		if (*word[4+offset])
@@ -3422,15 +3425,22 @@ cmd_server (struct session *sess, char *tbuf, char *word[], char *word_eol[])
 	char *channel = NULL;
 	char *key = NULL;
 	int use_ssl = FALSE;
+	int use_ssl_noverify = FALSE;
 	int is_url = TRUE;
 	server *serv = sess->server;
 	ircnet *net = NULL;
 
 #ifdef USE_OPENSSL
 	/* BitchX uses -ssl, mIRC uses -e, let's support both */
-	if (strcmp (word[2], "-ssl") == 0 || strcmp (word[2], "-e") == 0)
+	if (g_strcmp0 (word[2], "-ssl") == 0 || g_strcmp0 (word[2], "-e") == 0)
+	{
+		use_ssl = TRUE;
+		offset++;	/* args move up by 1 word */
+	}
+	else if (g_strcmp0 (word[2], "-ssl-noverify") == 0)
 	{
 		use_ssl = TRUE;
+		use_ssl_noverify = TRUE;
 		offset++;	/* args move up by 1 word */
 	}
 #endif
@@ -3497,7 +3507,7 @@ cmd_server (struct session *sess, char *tbuf, char *word[], char *word_eol[])
 
 #ifdef USE_OPENSSL
 	serv->use_ssl = use_ssl;
-	serv->accept_invalid_cert = TRUE;
+	serv->accept_invalid_cert = use_ssl_noverify;
 #endif
 
 	/* try to connect by Network name */
@@ -3528,7 +3538,7 @@ cmd_servchan (struct session *sess, char *tbuf, char *word[],
 	int offset = 0;
 
 #ifdef USE_OPENSSL
-	if (strcmp (word[2], "-ssl") == 0)
+	if (g_strcmp0 (word[2], "-ssl") == 0 || g_strcmp0 (word[2], "-ssl-noverify") == 0)
 		offset++;
 #endif
 
@@ -4077,7 +4087,7 @@ const struct commands xc_cmds[] = {
 	 N_("QUOTE <text>, sends the text in raw form to the server")},
 #ifdef USE_OPENSSL
 	{"RECONNECT", cmd_reconnect, 0, 0, 1,
-	 N_("RECONNECT [-ssl] [<host>] [<port>] [<password>], Can be called just as /RECONNECT to reconnect to the current server or with /RECONNECT ALL to reconnect to all the open servers")},
+	 N_("RECONNECT [-ssl|-ssl-noverify] [<host>] [<port>] [<password>], Can be called just as /RECONNECT to reconnect to the current server or with /RECONNECT ALL to reconnect to all the open servers")},
 #else
 	{"RECONNECT", cmd_reconnect, 0, 0, 1,
 	 N_("RECONNECT [<host>] [<port>] [<password>], Can be called just as /RECONNECT to reconnect to the current server or with /RECONNECT ALL to reconnect to all the open servers")},
@@ -4089,14 +4099,14 @@ const struct commands xc_cmds[] = {
 	{"SEND", cmd_send, 0, 0, 1, N_("SEND <nick> [<file>]")},
 #ifdef USE_OPENSSL
 	{"SERVCHAN", cmd_servchan, 0, 0, 1,
-	 N_("SERVCHAN [-ssl] <host> <port> <channel>, connects and joins a channel")},
+	 N_("SERVCHAN [-ssl|-ssl-noverify] <host> <port> <channel>, connects and joins a channel")},
 #else
 	{"SERVCHAN", cmd_servchan, 0, 0, 1,
 	 N_("SERVCHAN <host> <port> <channel>, connects and joins a channel")},
 #endif
 #ifdef USE_OPENSSL
 	{"SERVER", cmd_server, 0, 0, 1,
-	 N_("SERVER [-ssl] <host> [<port>] [<password>], connects to a server, the default port is 6667 for normal connections, and 6697 for ssl connections")},
+	 N_("SERVER [-ssl|-ssl-noverify] <host> [<port>] [<password>], connects to a server, the default port is 6667 for normal connections, and 6697 for ssl connections")},
 #else
 	{"SERVER", cmd_server, 0, 0, 1,
 	 N_("SERVER <host> [<port>] [<password>], connects to a server, the default port is 6667")},