pegasus/anope
1
0
Fork 0
mirror of https://github.com/anope/anope.git synced 2026-06-27 05:26:38 +02:00
Code Activity

Made ssl cert and keyfiles configurable

Browse Source
This commit is contained in:
Adam
2012-05-09 03:37:37 -04:00
parent f89599726e
commit d5ffae0e46
2 changed files with 38 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files
data/modules.example.conf
+13
View File
@@ -359,6 +359,19 @@ rewrite
* This module uses SSL to connect to the uplink server(s)
*/
module { name = "m_ssl" }
ssl
{
/*
* An optional certificate and key for m_ssl to give to the uplink.
*
* You can generate your own certificate and key pair by using:
*
* openssl genrsa -out anope.key 2048
* openssl req -new -x509 -key anope.key -out anope.crt -days 1095
*/
cert = "data/anope.crt"
key = "data/anope.key"
}
/*
* m_statusupdate
modules/extra/m_ssl.cpp
+25 -12
View File
@@ -10,9 +10,6 @@
#include <openssl/crypto.h>
#include <openssl/evp.h>
#define CERTFILE "anope.cert"
#define KEYFILE "anope.key"
static SSL_CTX *server_ctx, *client_ctx;
class MySSLService : public SSLService
@@ -90,6 +87,8 @@ class SSLModule : public Module
return 1;
}
Anope::string certfile, keyfile;
public:
MySSLService service;
@@ -109,37 +108,43 @@ class SSLModule : public Module
if (!client_ctx || !server_ctx)
throw ModuleException("Error initializing SSL CTX");
if (IsFile(CERTFILE))
this->OnReload();
if (IsFile(this->certfile.c_str()))
{
if (!SSL_CTX_use_certificate_file(client_ctx, CERTFILE, SSL_FILETYPE_PEM) || !SSL_CTX_use_certificate_file(server_ctx, CERTFILE, SSL_FILETYPE_PEM))
if (!SSL_CTX_use_certificate_file(client_ctx, this->certfile.c_str(), SSL_FILETYPE_PEM) || !SSL_CTX_use_certificate_file(server_ctx, this->certfile.c_str(), SSL_FILETYPE_PEM))
{
SSL_CTX_free(client_ctx);
SSL_CTX_free(server_ctx);
throw ModuleException("Error loading certificate");
}
else
Log(LOG_DEBUG) << "m_ssl: Successfully loaded certificate " << this->certfile;
}
else
Log() << "m_ssl: No certificate file found";
Log() << "m_ssl: Unable to open certificate " << this->certfile;
if (IsFile(KEYFILE))
if (IsFile(this->keyfile.c_str()))
{
if (!SSL_CTX_use_PrivateKey_file(client_ctx, KEYFILE, SSL_FILETYPE_PEM) || !SSL_CTX_use_PrivateKey_file(server_ctx, KEYFILE, SSL_FILETYPE_PEM))
if (!SSL_CTX_use_PrivateKey_file(client_ctx, this->keyfile.c_str(), SSL_FILETYPE_PEM) || !SSL_CTX_use_PrivateKey_file(server_ctx, this->keyfile.c_str(), SSL_FILETYPE_PEM))
{
SSL_CTX_free(client_ctx);
SSL_CTX_free(server_ctx);
throw ModuleException("Error loading private key");
}
else
Log(LOG_DEBUG) << "m_ssl: Successfully loaded private key " << this->keyfile;
}
else
{
if (IsFile(CERTFILE))
if (IsFile(this->certfile.c_str()))
{
SSL_CTX_free(client_ctx);
SSL_CTX_free(server_ctx);
throw ModuleException("Error loading private key - file not found");
throw ModuleException("Error loading private key " + this->keyfile + " - file not found");
}
else
Log() << "m_ssl: No private key found";
Log() << "m_ssl: Unable to open private key " << this->keyfile;
}
SSL_CTX_set_mode(client_ctx, SSL_MODE_ENABLE_PARTIAL_WRITE | SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER);
@@ -148,7 +153,7 @@ class SSLModule : public Module
SSL_CTX_set_verify(client_ctx, SSL_VERIFY_PEER | SSL_VERIFY_CLIENT_ONCE, SSLModule::AlwaysAccept);
SSL_CTX_set_verify(server_ctx, SSL_VERIFY_PEER | SSL_VERIFY_CLIENT_ONCE, SSLModule::AlwaysAccept);
ModuleManager::Attach(I_OnReload, this);
ModuleManager::Attach(I_OnPreServerConnect, this);
}
@@ -167,6 +172,14 @@ class SSLModule : public Module
SSL_CTX_free(server_ctx);
}
void OnReload() anope_override
{
ConfigReader config;
this->certfile = config.ReadValue("ssl", "cert", "data/anope.crt", 0);
this->keyfile = config.ReadValue("ssl", "key", "data/anope.key", 0);
}
void OnPreServerConnect() anope_override
{
ConfigReader config;