mirror of
https://github.com/unrealircd/unrealircd.git
synced 2026-07-09 10:03:13 +02:00
Apparently on newer OpenSSL versions (unreleased) you can't access the read buffer. So use this method instead. Ohh.. we are so helpful to our users..
This commit is contained in:
+1
-1
@@ -296,7 +296,7 @@ typedef OperPermission (*OperClassEntryEvalCallback)(OperClassACLEntryVar* varia
|
||||
#define FLAGS_GOTID 0x1000 /* successful ident lookup achieved */
|
||||
#define FLAGS_DOID 0x2000 /* I-lines say must use ident return */
|
||||
#define FLAGS_NONL 0x4000 /* No \n in buffer */
|
||||
//0x8000 unused (was cgiirc)
|
||||
#define FLAGS_NCALL 0x8000 /* Next call (don't ask...) */
|
||||
#define FLAGS_ULINE 0x10000 /* User/server is considered U-lined */
|
||||
#define FLAGS_SQUIT 0x20000 /* Server has been /squit by an oper */
|
||||
#define FLAGS_PROTOCTL 0x40000 /* Received a PROTOCTL message */
|
||||
|
||||
@@ -585,6 +585,26 @@ int ircd_SSL_accept(aClient *acptr, int fd) {
|
||||
|
||||
int ssl_err;
|
||||
|
||||
#ifdef MSG_PEEK
|
||||
if (!(acptr->flags & FLAGS_NCALL))
|
||||
{
|
||||
char buf[1024];
|
||||
int n;
|
||||
|
||||
n = recv(fd, buf, sizeof(buf), MSG_PEEK);
|
||||
if ((n >= 8) && !strncmp(buf, "STARTTLS", 8))
|
||||
{
|
||||
char buf[512];
|
||||
snprintf(buf, sizeof(buf),
|
||||
"ERROR :STARTTLS received but this is an SSL-only port. Check your connect settings. "
|
||||
"If this is a server linking in then add 'ssl' in your link::outgoing::options block.\r\n");
|
||||
send(fd, buf, strlen(buf), 0);
|
||||
return fatal_ssl_error(SSL_ERROR_SSL, SAFE_SSL_ACCEPT, ERRNO, acptr);
|
||||
}
|
||||
if (n > 0)
|
||||
acptr->flags |= FLAGS_NCALL;
|
||||
}
|
||||
#endif
|
||||
if ((ssl_err = SSL_accept((SSL *)acptr->ssl)) <= 0)
|
||||
{
|
||||
switch(ssl_err = SSL_get_error((SSL *)acptr->ssl, ssl_err))
|
||||
@@ -596,15 +616,6 @@ int ircd_SSL_accept(aClient *acptr, int fd) {
|
||||
}
|
||||
return fatal_ssl_error(ssl_err, SAFE_SSL_ACCEPT, ERRNO, acptr);
|
||||
case SSL_ERROR_WANT_READ:
|
||||
if ((acptr->ssl->packet_length >= 8) && !strncmp(acptr->ssl->packet, "STARTTLS", 8))
|
||||
{
|
||||
char buf[512];
|
||||
snprintf(buf, sizeof(buf),
|
||||
"ERROR :STARTTLS received but this is an SSL-only port. Check your connect settings. "
|
||||
"If this is a server linking in then add 'ssl' in your link::outgoing::options block.\r\n");
|
||||
send(fd, buf, strlen(buf), 0);
|
||||
return fatal_ssl_error(ssl_err, SAFE_SSL_ACCEPT, ERRNO, acptr);
|
||||
}
|
||||
fd_setselect(fd, FD_SELECT_READ, ircd_SSL_accept_retry, acptr);
|
||||
fd_setselect(fd, FD_SELECT_WRITE, NULL, acptr);
|
||||
return 1;
|
||||
|
||||
Reference in New Issue
Block a user