The "sslinfo" Module
Description
This module adds user facing TLS (SSL) information, various TLS (SSL) configuration options, and the /SSLINFO
command to look up TLS (SSL) certificate information for other users.
Configuration
To load this module use the following <module>
tag:
<module name="sslinfo">
<connect>
This module extends the core <connect>
tags with the following fields:
Name | Type | Default Value | Description |
---|---|---|---|
requiressl | Text | no | Whether users must be using TLS (SSL) to use this class. |
The requiressl field should be set to one of the following values:
Value | Description |
---|---|
no | TLS (SSL) is not required to use this class. |
trusted | TLS (SSL) is required and and a CA-verified client certificate must be provided to use this class. |
yes | TLS (SSL) is required to use this class. |
Example Usage
Requires users to be using TLS (SSL) to be assigned to the Secure class:
<connect name="Secure"
...
requiressl="yes">
<oper>
This module extends the core <oper>
tag with the following fields:
Name | Type | Default Value | Description |
---|---|---|---|
autologin | Text | no | Whether to automatically log server operators in when they connect to the server. |
fingerprint | Text | None | If defined then a space-delimited list of fingerprints of this server operator's TLS (SSL) client certificates. |
sslonly | Boolean | No | Whether this server operator must be connected using TLS (SSL) to log into their account. |
The autologin field should be set to one of the following values:
Value | Description |
---|---|
yes | Automatically log users with the specified client certificate fingerprint into this server operator account. |
if-host-match | Automatically log users with the specified client certificate fingerprint into this server operator account if their hostname matches <oper:host> . |
no | Do not automatically log users with the specified client certificate into this server operator account. |
Example Usage
<oper name="Sadie"
...
autologin="no"
fingerprint="5d7499e1a3537687a2e875fed60b171508a4d1384351e276c4f961ab80729249"
sslonly="yes">
<sslinfo>
The <sslinfo>
tag defines settings about how the sethost module should behave. This tag can only be defined once.
Name | Type | Default Value | Description |
---|---|---|---|
operonly | Boolean | No | Whether user TLS (SSL) certificate fingerprints are only visible to server operators. |
Example Usage
<sslinfo operonly="no">
Commands
Name | Parameter Count | Syntax | Description |
---|---|---|---|
SSLINFO | 1 | <target> | Views the TLS (SSL) certificate information for <target>. |
Example Usage
Views the TLS (SSL) certificate information for Sadie:
/SSLINFO Sadie
New in v3.9.0! Views the TLS (SSL) certificate information for users in #wibble:
/SSLINFO #wibble
Special Notes
The following TLS (SSL) modules are included with InspIRCd:
Name | Module | Description |
---|---|---|
gnutls | ssl_gnutls | Uses the GnuTLS library. |
mbedtls | ssl_mbedtls | Uses the mbedTLS library. |
openssl | ssl_openssl | Uses the OpenSSL library. |