From dcb4e382a3d81c384238fe42dac7d70c6e561dcf Mon Sep 17 00:00:00 2001 From: Bram Matthys Date: Wed, 15 Jul 2015 15:48:00 +0200 Subject: [PATCH] Apparently on newer OpenSSL versions (unreleased) you can't access the read buffer. So use this method instead. Ohh.. we are so helpful to our users.. --- include/struct.h | 2 +- src/ssl.c | 29 ++++++++++++++++++++--------- 2 files changed, 21 insertions(+), 10 deletions(-) diff --git a/include/struct.h b/include/struct.h index 5252b926d..9bbd9ed9a 100644 --- a/include/struct.h +++ b/include/struct.h @@ -296,7 +296,7 @@ typedef OperPermission (*OperClassEntryEvalCallback)(OperClassACLEntryVar* varia #define FLAGS_GOTID 0x1000 /* successful ident lookup achieved */ #define FLAGS_DOID 0x2000 /* I-lines say must use ident return */ #define FLAGS_NONL 0x4000 /* No \n in buffer */ -//0x8000 unused (was cgiirc) +#define FLAGS_NCALL 0x8000 /* Next call (don't ask...) */ #define FLAGS_ULINE 0x10000 /* User/server is considered U-lined */ #define FLAGS_SQUIT 0x20000 /* Server has been /squit by an oper */ #define FLAGS_PROTOCTL 0x40000 /* Received a PROTOCTL message */ diff --git a/src/ssl.c b/src/ssl.c index 79b6d3d81..a44866d90 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -585,6 +585,26 @@ int ircd_SSL_accept(aClient *acptr, int fd) { int ssl_err; +#ifdef MSG_PEEK + if (!(acptr->flags & FLAGS_NCALL)) + { + char buf[1024]; + int n; + + n = recv(fd, buf, sizeof(buf), MSG_PEEK); + if ((n >= 8) && !strncmp(buf, "STARTTLS", 8)) + { + char buf[512]; + snprintf(buf, sizeof(buf), + "ERROR :STARTTLS received but this is an SSL-only port. Check your connect settings. " + "If this is a server linking in then add 'ssl' in your link::outgoing::options block.\r\n"); + send(fd, buf, strlen(buf), 0); + return fatal_ssl_error(SSL_ERROR_SSL, SAFE_SSL_ACCEPT, ERRNO, acptr); + } + if (n > 0) + acptr->flags |= FLAGS_NCALL; + } +#endif if ((ssl_err = SSL_accept((SSL *)acptr->ssl)) <= 0) { switch(ssl_err = SSL_get_error((SSL *)acptr->ssl, ssl_err)) @@ -596,15 +616,6 @@ int ircd_SSL_accept(aClient *acptr, int fd) { } return fatal_ssl_error(ssl_err, SAFE_SSL_ACCEPT, ERRNO, acptr); case SSL_ERROR_WANT_READ: - if ((acptr->ssl->packet_length >= 8) && !strncmp(acptr->ssl->packet, "STARTTLS", 8)) - { - char buf[512]; - snprintf(buf, sizeof(buf), - "ERROR :STARTTLS received but this is an SSL-only port. Check your connect settings. " - "If this is a server linking in then add 'ssl' in your link::outgoing::options block.\r\n"); - send(fd, buf, strlen(buf), 0); - return fatal_ssl_error(ssl_err, SAFE_SSL_ACCEPT, ERRNO, acptr); - } fd_setselect(fd, FD_SELECT_READ, ircd_SSL_accept_retry, acptr); fd_setselect(fd, FD_SELECT_WRITE, NULL, acptr); return 1;