InspIRCd v4 is still early in development!

If you use this branch you may experience crashes, weird behaviour, and unannounced breaking changes.

You probably want to use InspIRCd v3 instead.

The "sslinfo" Module (v4)

Description

This module adds user facing TLS (SSL) information, various TLS (SSL) configuration options, and the /SSLINFO command to look up TLS (SSL) certificate information for other users.

Configuration

To load this module use the following <module> tag:

<module name="sslinfo">

<connect>

This module extends the core <connect> tags with the following fields:

Name Type Default Value Description
requiressl Text no Whether users must be using TLS (SSL) to use this class.

The requiressl field should be set to one of the following values:

Value Description
no TLS (SSL) is not required to use this class.
trusted TLS (SSL) is required and and a CA-verified client certificate must be provided to use this class.
yes TLS (SSL) is required to use this class.
Example Usage

Requires users to be using TLS (SSL) to be assigned to the Secure class:

<connect name="Secure"
         ...
         requiressl="yes">

<oper> & <type>

This module extends the core <oper> and <type> tags with the following fields:

Name Type Default Value Description
fingerprint Text None If defined then a space-delimited list of TLS (SSL) client certificate fingerprints to check against this server operator's TLS (SSL) client certificate.
sslonly Boolean No Whether this server operator must be connected using TLS (SSL) to log into their account.
Example Usage

Requires Sadie to connect with TLS (SSL) with the TLS (SSL) client certificate fingerprint 5d7499e1a3537687a2e875fed60b171508a4d1384351e276c4f961ab80729249 in order to log in to their server operator account:

<oper name="Sadie"
      ...
      fingerprint="5d7499e1a3537687a2e875fed60b171508a4d1384351e276c4f961ab80729249"
      sslonly="yes">

Requires server operators of type NetAdmin to connect with TLS (SSL) with the TLS (SSL) client certificate fingerprint 5d7499e1a3537687a2e875fed60b171508a4d1384351e276c4f961ab80729249 in order to log in to their server operator account:

<type name="NetAdmin"
      ...
      fingerprint="5d7499e1a3537687a2e875fed60b171508a4d1384351e276c4f961ab80729249"
      sslonly="yes">

<sslinfo>

The <sslinfo> tag defines settings about how the sethost module should behave. This tag can only be defined once.

Name Type Default Value Description
operonly Boolean No Whether user TLS (SSL) certificate fingerprints are only visible to server operators.
Example Usage
<sslinfo operonly="no">

Commands

Name Parameter Count Syntax Description
SSLINFO 1 <target> Views the TLS (SSL) certificate information for <target>.

Example Usage

Views the TLS (SSL) certificate information for Sadie:

/SSLINFO Sadie

Views the TLS (SSL) certificate information for users in #wibble:

/SSLINFO #wibble

Special Notes

The following TLS (SSL) modules are included with InspIRCd:

Name Module Description
gnutls ssl_gnutls Uses the GnuTLS library.
mbedtls ssl_mbedtls Uses the mbedTLS library.
openssl ssl_openssl Uses the OpenSSL library.