search

inspircd / inspircd

A modular C++ IRC server (ircd).
https://www.inspircd.org
1.14k stars 265 forks source link

Add XLINE for client certificate fingerprints #1412

Open duckspike opened 6 years ago

duckspike commented 6 years ago

As the title suggests, I am presently looking for a way to ban users from the server/network based on their client certificate fingerprint. There is already a way to do this with extbans on a channel level.

sebastiannielsen commented 6 years ago

What is the purpose of this?

1: If the server is not configured to require client certificates, they could easily deconfigure the certificate from their client and evade the ban. A channel ban makes more sense, since the client certificate in question may give access to other parts of network (for example OP in other channels) and thus deconfiguring the certificate will deprive the access from those channels.

2: If the server is configured to require certificates (mandatory client certificates), just revoking the certificate in CRL will do the trick.