InspIRCd v4 is still early in development!
If you use this branch you may experience crashes, weird behaviour, and unannounced breaking changes.
You probably want to use InspIRCd v3 instead.
The "sslinfo" Module (v4)
Description
This module adds user facing TLS (SSL) information, various TLS (SSL) configuration options, and the /SSLINFO command to look up TLS (SSL) certificate information for other users.
Configuration
To load this module use the following <module> tag:
<module name="sslinfo">
<connect>
This module extends the core <connect> tags with the following fields:
| Name | Type | Default Value | Description |
|---|---|---|---|
| requiressl | Text | no | Whether users must be using TLS (SSL) to use this class. |
The requiressl field should be set to one of the following values:
| Value | Description |
|---|---|
| no | TLS (SSL) is not required to use this class. |
| trusted | TLS (SSL) is required and and a CA-verified client certificate must be provided to use this class. |
| yes | TLS (SSL) is required to use this class. |
Example Usage
Requires users to be using TLS (SSL) to be assigned to the Secure class:
<connect name="Secure"
...
requiressl="yes">
<oper> & <type>
This module extends the core <oper> and <type> tags with the following fields:
| Name | Type | Default Value | Description |
|---|---|---|---|
| fingerprint | Text | None | If defined then a space-delimited list of TLS (SSL) client certificate fingerprints to check against this server operator's TLS (SSL) client certificate. |
| sslonly | Boolean | No | Whether this server operator must be connected using TLS (SSL) to log into their account. |
Example Usage
Requires Sadie to connect with TLS (SSL) with the TLS (SSL) client certificate fingerprint 5d7499e1a3537687a2e875fed60b171508a4d1384351e276c4f961ab80729249 in order to log in to their server operator account:
<oper name="Sadie"
...
fingerprint="5d7499e1a3537687a2e875fed60b171508a4d1384351e276c4f961ab80729249"
sslonly="yes">
Requires server operators of type NetAdmin to connect with TLS (SSL) with the TLS (SSL) client certificate fingerprint 5d7499e1a3537687a2e875fed60b171508a4d1384351e276c4f961ab80729249 in order to log in to their server operator account:
<type name="NetAdmin"
...
fingerprint="5d7499e1a3537687a2e875fed60b171508a4d1384351e276c4f961ab80729249"
sslonly="yes">
<sslinfo>
The <sslinfo> tag defines settings about how the sethost module should behave. This tag can only be defined once.
| Name | Type | Default Value | Description |
|---|---|---|---|
| operonly | Boolean | No | Whether user TLS (SSL) certificate fingerprints are only visible to server operators. |
Example Usage
<sslinfo operonly="no">
Commands
| Name | Parameter Count | Syntax | Description |
|---|---|---|---|
| SSLINFO | 1 | <target> | Views the TLS (SSL) certificate information for <target>. |
Example Usage
Views the TLS (SSL) certificate information for Sadie:
/SSLINFO Sadie
Views the TLS (SSL) certificate information for users in #wibble:
/SSLINFO #wibble
Special Notes
The following TLS (SSL) modules are included with InspIRCd:
| Name | Module | Description |
|---|---|---|
| gnutls | ssl_gnutls | Uses the GnuTLS library. |
| mbedtls | ssl_mbedtls | Uses the mbedTLS library. |
| openssl | ssl_openssl | Uses the OpenSSL library. |