From: Michael Marley <michael@michaelmarley.com>
Date: Wed, 13 Nov 2013 16:48:15 +0000 (-0500)
Subject: Add core commandline option to require SSL for client connections.
X-Git-Tag: 0.10-beta1~96
X-Git-Url: https://git.quassel-irc.org/?p=quassel.git;a=commitdiff_plain;h=bd2f6b000aca217a680b24b59effb2fb6489be4b

Add core commandline option to require SSL for client connections.

If the --require-ssl commandline option is passed when starting the core,
it will reject any client that does not use SSL.
---

diff --git a/src/common/main.cpp b/src/common/main.cpp
index 198e76be..ced7d5bd 100644
--- a/src/common/main.cpp
+++ b/src/common/main.cpp
@@ -115,6 +115,9 @@ int main(int argc, char **argv)
     cliParser->addOption("change-userpass <username>", 0, "Starts an interactive session to change the password of the user identified by username");
     cliParser->addSwitch("oidentd", 0, "Enable oidentd integration");
     cliParser->addOption("oidentd-conffile <file>", 0, "Set path to oidentd configuration file");
+#ifdef HAVE_SSL
+    cliParser->addSwitch("require-ssl", 0, "Require SSL for client connections");
+#endif
 #endif
 
 #ifdef HAVE_KDE
diff --git a/src/core/coreauthhandler.cpp b/src/core/coreauthhandler.cpp
index 4b2824f5..7356d5b4 100644
--- a/src/core/coreauthhandler.cpp
+++ b/src/core/coreauthhandler.cpp
@@ -101,6 +101,11 @@ void CoreAuthHandler::handle(const RegisterClient &msg)
     // TODO: only in compat mode
     bool useSsl = false;
 #ifdef HAVE_SSL
+    if (Quassel::isOptionSet("require-ssl") && !msg.sslSupported) {
+        _peer->dispatch(ClientDenied(tr("<b>SSL is required!</b><br>You need to use SSL in order to connect to this core.")));
+        _peer->close();
+        return;
+    }
     if (Core::sslSupported() && msg.sslSupported)
         useSsl = true;
 #endif