kike: thorough review, no functional changes
This commit is contained in:
parent
670e1c5770
commit
6c30452b28
18
kike.c
18
kike.c
@ -226,6 +226,7 @@ irc_is_valid_hostaddr (const char *hostaddr)
|
||||
return false;
|
||||
}
|
||||
|
||||
// TODO: we should actually use this, though what should we do on failure?
|
||||
static bool
|
||||
irc_is_valid_host (const char *host)
|
||||
{
|
||||
@ -1563,7 +1564,7 @@ irc_handle_time (const struct irc_message *msg, struct client *c)
|
||||
if (msg->params.len > 0 && !irc_is_this_me (c->ctx, msg->params.vector[0]))
|
||||
RETURN_WITH_REPLY (c, IRC_ERR_NOSUCHSERVER, msg->params.vector[0]);
|
||||
|
||||
char buf[32];
|
||||
char buf[32] = "";
|
||||
time_t now = time (NULL);
|
||||
struct tm tm;
|
||||
strftime (buf, sizeof buf, "%a %b %d %Y %T", localtime_r (&now, &tm));
|
||||
@ -1840,7 +1841,7 @@ mode_processor_do_list (struct mode_processor *self,
|
||||
break;
|
||||
|
||||
bool found = i != list->len;
|
||||
if ((found ^ self->adding))
|
||||
if (found != self->adding)
|
||||
{
|
||||
if (self->adding)
|
||||
strv_append (list, mask);
|
||||
@ -2131,6 +2132,7 @@ irc_send_rpl_list (struct client *c, const struct channel *chan)
|
||||
int visible = 0;
|
||||
for (struct channel_user *user = chan->users;
|
||||
user; user = user->next)
|
||||
// XXX: maybe we should skip IRC_USER_MODE_INVISIBLE
|
||||
visible++;
|
||||
|
||||
irc_send_reply (c, IRC_RPL_LIST, chan->name, visible, chan->topic);
|
||||
@ -3470,8 +3472,18 @@ irc_ssl_verify_callback (int verify_ok, X509_STORE_CTX *ctx)
|
||||
(void) verify_ok;
|
||||
(void) ctx;
|
||||
|
||||
// RFC 5246: "If the client has sent a certificate with signing ability,
|
||||
// a digitally-signed CertificateVerify message is sent to explicitly
|
||||
// verify possession of the private key in the certificate."
|
||||
//
|
||||
// The handshake will fail if the client doesn't have a matching private
|
||||
// key, see OpenSSL's tls_process_cert_verify(), and the CertificateVerify
|
||||
// message cannot be skipped (except for a case where it doesn't matter).
|
||||
// Thus we're fine checking just the cryptographic hash of the certificate.
|
||||
|
||||
// We only want to provide additional privileges based on the client's
|
||||
// certificate, so let's not terminate the connection because of a failure.
|
||||
// certificate, so let's not terminate the connection because of a failure
|
||||
// (especially since self-signed certificates are likely to be used).
|
||||
return 1;
|
||||
}
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user