From 3cf1f1d92d1f70d22a5130b8ff9c602acd7f17c8 Mon Sep 17 00:00:00 2001
From: Russell King <rmk+kernel@arm.linux.org.uk>
Date: Sun, 5 Jun 2016 14:43:34 +0100
Subject: Add initial support for client certificate fingerprints

Networks such as Freenode and OFTC use client certificates to identify
users and servers, not only for services, but also for server operator
status and auth blocks.

This allows us to use stronger certificates for authentication rather
than passwords.
---
 src/conf.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

(limited to 'src/conf.c')

diff --git a/src/conf.c b/src/conf.c
index ca93b9e..8c459d7 100644
--- a/src/conf.c
+++ b/src/conf.c
@@ -324,7 +324,8 @@ verify_access(struct Client *client_p)
     conf = find_address_conf(client_p->host, client_p->username,
                              &client_p->localClient->ip,
                              client_p->localClient->aftype,
-                             client_p->localClient->passwd);
+                             client_p->localClient->passwd,
+                             client_p->certfp);
   }
   else
   {
@@ -332,7 +333,8 @@ verify_access(struct Client *client_p)
     conf = find_address_conf(client_p->host,non_ident,
                              &client_p->localClient->ip,
                              client_p->localClient->aftype,
-                             client_p->localClient->passwd);
+                             client_p->localClient->passwd,
+                             client_p->certfp);
   }
 
   if (conf != NULL)
-- 
cgit