From 168ff802c4d98e80f424378deeca42332011f3d1 Mon Sep 17 00:00:00 2001 From: Bram Matthys Date: Wed, 15 Jul 2015 15:09:01 +0200 Subject: [PATCH] Show a meaningful error when connecting to an SSL-only port with STARTTLS (iotw: if you forgot ssl in link::outgoing::options). --- src/ssl.c | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/src/ssl.c b/src/ssl.c index a40cfe2de..79b6d3d81 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -596,6 +596,15 @@ int ircd_SSL_accept(aClient *acptr, int fd) { } return fatal_ssl_error(ssl_err, SAFE_SSL_ACCEPT, ERRNO, acptr); case SSL_ERROR_WANT_READ: + if ((acptr->ssl->packet_length >= 8) && !strncmp(acptr->ssl->packet, "STARTTLS", 8)) + { + char buf[512]; + snprintf(buf, sizeof(buf), + "ERROR :STARTTLS received but this is an SSL-only port. Check your connect settings. " + "If this is a server linking in then add 'ssl' in your link::outgoing::options block.\r\n"); + send(fd, buf, strlen(buf), 0); + return fatal_ssl_error(ssl_err, SAFE_SSL_ACCEPT, ERRNO, acptr); + } fd_setselect(fd, FD_SELECT_READ, ircd_SSL_accept_retry, acptr); fd_setselect(fd, FD_SELECT_WRITE, NULL, acptr); return 1;