Merge pull request #347 from edk0/hide-tls-info

Add general::tls_ciphers_oper_only
This commit is contained in:
Aaron Jones 2020-07-06 08:31:47 +00:00 committed by GitHub
commit eb2103bb0e
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
7 changed files with 15 additions and 1 deletions

View file

@ -625,6 +625,7 @@ general {
away_interval = 30;
certfp_method = spki_sha256;
hide_opers_in_whois = no;
tls_ciphers_oper_only = no;
};
modules {

View file

@ -1436,6 +1436,9 @@ general {
/* hide_opers_in_whois: if set to YES, then oper status will be hidden in /WHOIS output. */
hide_opers_in_whois = no;
/* tls_ciphers_oper_only: show the TLS cipher string in /WHOIS only to opers and self */
tls_ciphers_oper_only = no;
};
modules {

View file

@ -232,6 +232,7 @@ struct config_file_entry
int use_propagated_bans;
int max_ratelimit_tokens;
int away_interval;
int tls_ciphers_oper_only;
int client_flood_max_lines;
int client_flood_burst_rate;

View file

@ -2802,6 +2802,7 @@ static struct ConfEntry conf_general_table[] =
{ "hide_opers", CF_YESNO, NULL, 0, &ConfigFileEntry.hide_opers },
{ "certfp_method", CF_STRING, conf_set_general_certfp_method, 0, NULL },
{ "drain_reason", CF_QSTRING, NULL, BUFSIZE, &ConfigFileEntry.drain_reason },
{ "tls_ciphers_oper_only", CF_YESNO, NULL, 0, &ConfigFileEntry.tls_ciphers_oper_only },
{ "\0", 0, NULL, 0, NULL }
};

View file

@ -772,6 +772,7 @@ set_default_conf(void)
ConfigFileEntry.use_propagated_bans = true;
ConfigFileEntry.max_ratelimit_tokens = 30;
ConfigFileEntry.away_interval = 30;
ConfigFileEntry.tls_ciphers_oper_only = false;
#ifdef HAVE_LIBZ
ConfigFileEntry.compression_level = 4;

View file

@ -524,6 +524,12 @@ static struct InfoStruct info_table[] = {
&ConfigFileEntry.away_interval,
"The minimum time between aways",
},
{
"tls_ciphers_oper_only",
OUTPUT_BOOLEAN_YN,
&ConfigFileEntry.tls_ciphers_oper_only,
"TLS cipher strings are hidden in whois for non-opers",
},
{
"default_split_server_count",
OUTPUT_DECIMAL,

View file

@ -334,7 +334,8 @@ single_whois(struct Client *source_p, struct Client *target_p, int operspy)
{
char cbuf[256] = "is using a secure connection";
if (MyClient(target_p) && target_p->localClient->cipher_string != NULL)
if (MyClient(target_p) && target_p->localClient->cipher_string != NULL &&
(!ConfigFileEntry.tls_ciphers_oper_only || source_p == target_p || IsOper(source_p)))
rb_snprintf_append(cbuf, sizeof(cbuf), " [%s]", target_p->localClient->cipher_string);
sendto_one_numeric(source_p, RPL_WHOISSECURE, form_str(RPL_WHOISSECURE),