diff options
author | Sadie Powell <sadie@witchery.services> | 2021-05-30 06:25:09 +0100 |
---|---|---|
committer | Patrick <tingping@tingping.se> | 2021-06-17 19:47:34 -0500 |
commit | 1f608e600bfb77a3e9bf013690515de65ec08a7d (patch) | |
tree | 23b95a8be9ee00d4a028ed9e325574053d42f2b8 /src | |
parent | 747a52aae8806a9072a23ea68212767f352ac431 (diff) |
Require opting out of SSL verification in /server and /reconnect.
Diffstat (limited to 'src')
-rw-r--r-- | src/common/outbound.c | 34 |
1 files changed, 22 insertions, 12 deletions
diff --git a/src/common/outbound.c b/src/common/outbound.c index e8d35c96..0248a58d 100644 --- a/src/common/outbound.c +++ b/src/common/outbound.c @@ -3225,16 +3225,19 @@ cmd_reconnect (struct session *sess, char *tbuf, char *word[], char *word_eol[]) else if (*word[2]) { int offset = 0; -#ifdef USE_OPENSSL - int use_ssl = FALSE; - if (strcmp (word[2], "-ssl") == 0) +#ifdef USE_OPENSSL + if (g_strcmp0 (word[2], "-ssl") == 0) + { + serv->use_ssl = TRUE; + serv->accept_invalid_cert = FALSE; + offset++; /* args move up by 1 word */ + } else if (g_strcmp0 (word[2], "-ssl-noverify") == 0) { - use_ssl = TRUE; + serv->use_ssl = TRUE; + serv->accept_invalid_cert = TRUE; offset++; /* args move up by 1 word */ } - serv->use_ssl = use_ssl; - serv->accept_invalid_cert = TRUE; #endif if (*word[4+offset]) @@ -3422,15 +3425,22 @@ cmd_server (struct session *sess, char *tbuf, char *word[], char *word_eol[]) char *channel = NULL; char *key = NULL; int use_ssl = FALSE; + int use_ssl_noverify = FALSE; int is_url = TRUE; server *serv = sess->server; ircnet *net = NULL; #ifdef USE_OPENSSL /* BitchX uses -ssl, mIRC uses -e, let's support both */ - if (strcmp (word[2], "-ssl") == 0 || strcmp (word[2], "-e") == 0) + if (g_strcmp0 (word[2], "-ssl") == 0 || g_strcmp0 (word[2], "-e") == 0) + { + use_ssl = TRUE; + offset++; /* args move up by 1 word */ + } + else if (g_strcmp0 (word[2], "-ssl-noverify") == 0) { use_ssl = TRUE; + use_ssl_noverify = TRUE; offset++; /* args move up by 1 word */ } #endif @@ -3497,7 +3507,7 @@ cmd_server (struct session *sess, char *tbuf, char *word[], char *word_eol[]) #ifdef USE_OPENSSL serv->use_ssl = use_ssl; - serv->accept_invalid_cert = TRUE; + serv->accept_invalid_cert = use_ssl_noverify; #endif /* try to connect by Network name */ @@ -3528,7 +3538,7 @@ cmd_servchan (struct session *sess, char *tbuf, char *word[], int offset = 0; #ifdef USE_OPENSSL - if (strcmp (word[2], "-ssl") == 0) + if (g_strcmp0 (word[2], "-ssl") == 0 || g_strcmp0 (word[2], "-ssl-noverify") == 0) offset++; #endif @@ -4077,7 +4087,7 @@ const struct commands xc_cmds[] = { N_("QUOTE <text>, sends the text in raw form to the server")}, #ifdef USE_OPENSSL {"RECONNECT", cmd_reconnect, 0, 0, 1, - N_("RECONNECT [-ssl] [<host>] [<port>] [<password>], Can be called just as /RECONNECT to reconnect to the current server or with /RECONNECT ALL to reconnect to all the open servers")}, + N_("RECONNECT [-ssl|-ssl-noverify] [<host>] [<port>] [<password>], Can be called just as /RECONNECT to reconnect to the current server or with /RECONNECT ALL to reconnect to all the open servers")}, #else {"RECONNECT", cmd_reconnect, 0, 0, 1, N_("RECONNECT [<host>] [<port>] [<password>], Can be called just as /RECONNECT to reconnect to the current server or with /RECONNECT ALL to reconnect to all the open servers")}, @@ -4089,14 +4099,14 @@ const struct commands xc_cmds[] = { {"SEND", cmd_send, 0, 0, 1, N_("SEND <nick> [<file>]")}, #ifdef USE_OPENSSL {"SERVCHAN", cmd_servchan, 0, 0, 1, - N_("SERVCHAN [-ssl] <host> <port> <channel>, connects and joins a channel")}, + N_("SERVCHAN [-ssl|-ssl-noverify] <host> <port> <channel>, connects and joins a channel")}, #else {"SERVCHAN", cmd_servchan, 0, 0, 1, N_("SERVCHAN <host> <port> <channel>, connects and joins a channel")}, #endif #ifdef USE_OPENSSL {"SERVER", cmd_server, 0, 0, 1, - N_("SERVER [-ssl] <host> [<port>] [<password>], connects to a server, the default port is 6667 for normal connections, and 6697 for ssl connections")}, + N_("SERVER [-ssl|-ssl-noverify] <host> [<port>] [<password>], connects to a server, the default port is 6667 for normal connections, and 6697 for ssl connections")}, #else {"SERVER", cmd_server, 0, 0, 1, N_("SERVER <host> [<port>] [<password>], connects to a server, the default port is 6667")}, |