From 84e405ebefd0aecce69ed87130f2bb7c3b8dcb56 Mon Sep 17 00:00:00 2001 From: Bram Matthys Date: Wed, 8 Feb 2017 11:19:01 +0100 Subject: [PATCH] Show a warning when there are zero listen { } blocks with SSL: [warning] Your server is not listening on any SSL ports. It is recommended to listen on port 6697. [warning] Consider adding this to your unrealircd.conf: listen { ip *; port 6697; options { ssl; }; }; --- src/s_conf.c | 39 ++++++++++++++++++++++++++++++++++++--- 1 file changed, 36 insertions(+), 3 deletions(-) diff --git a/src/s_conf.c b/src/s_conf.c index ecbbdb019..ba58ac5e4 100644 --- a/src/s_conf.c +++ b/src/s_conf.c @@ -258,6 +258,8 @@ int charsys_postconftest(void); void charsys_finish(void); int reloadable_perm_module_unloaded(void); +int ssl_tests(void); + /* Conf sub-sub-functions */ void test_sslblock(ConfigFile *conf, ConfigEntry *cep, int *totalerrors); void conf_sslblock(ConfigFile *conf, ConfigEntry *cep, SSLOptions *ssloptions); @@ -312,6 +314,7 @@ MODVAR int config_error_flag = 0; int config_verbose = 0; MODVAR int need_34_upgrade = 0; +int have_ssl_listeners = 0; void add_include(const char *filename, const char *included_from, int included_from_line); #ifdef USE_LIBCURL @@ -1606,6 +1609,24 @@ void upgrade_conf_to_34(void) /* TODO: win32 may require a different error */ } +/** Reset config tests (before running the config test) */ +void config_test_reset(void) +{ + charsys_reset_pretest(); +} + +/** Run config test and all post config tests. */ +int config_test_all(void) +{ + if ((config_test() < 0) || (callbacks_check() < 0) || (efunctions_check() < 0) || + (charsys_postconftest() < 0) || ssl_used_in_config_but_unavail() || + reloadable_perm_module_unloaded() || !ssl_tests()) + { + return 0; + } + return 1; +} + int init_conf(char *rootconf, int rehash) { char *old_pid_file = NULL; @@ -1631,9 +1652,8 @@ int init_conf(char *rootconf, int rehash) add_include(rootconf, "[thin air]", -1); if (load_conf(rootconf, rootconf) > 0) { - charsys_reset_pretest(); - if ((config_test() < 0) || (callbacks_check() < 0) || (efunctions_check() < 0) || - (charsys_postconftest() < 0) || ssl_used_in_config_but_unavail() || reloadable_perm_module_unloaded()) + config_test_reset(); + if (!config_test_all()) { config_error("IRCd configuration failed to pass testing"); #ifdef _WIN32 @@ -4717,6 +4737,8 @@ int _test_listen(ConfigFile *conf, ConfigEntry *ce) errors++; continue; } + if (!strcmp(cepp->ce_varname, "ssl")) + have_ssl_listeners = 1; /* for ssl config test */ } } else @@ -9888,6 +9910,17 @@ int ssl_used_in_config_but_unavail(void) return (errors ? 1 : 0); } +int ssl_tests(void) +{ + if (have_ssl_listeners == 0) + { + config_warn("Your server is not listening on any SSL ports. It is recommended to listen on port 6697."); + config_warn("Consider adding this to your unrealircd.conf: listen { ip *; port 6697; options { ssl; }; };"); + } + + return 1; /* always return success for now */ +} + /** Check if the user attempts to unload (eg: by commenting out) a module * that is currently loaded and is tagged as MOD_OPT_PERM_RELOADABLE * (in other words: a module that allows re-loading but not un-loading)