Fix rejectcache and unknown_count.

Unfortunately they are checked after SSL setup.

src/listener.c

@@ -435,9 +435,10 @@ close_listeners()
  * any client list yet.
  */
 static void
-add_connection(struct Listener *listener, rb_fde_t *F, struct sockaddr *sai, void *ssl_ctl, int exempt)
+add_connection(struct Listener *listener, rb_fde_t *F, struct sockaddr *sai, void *ssl_ctl)
 {
 	struct Client *new_client;
+	struct ConfItem *aconf;
 	s_assert(NULL != listener);
 
 	/* 
@@ -467,7 +468,9 @@ add_connection(struct Listener *listener, rb_fde_t *F, struct sockaddr *sai, voi
 
 	++listener->ref_count;
 
-	if(!exempt)
+	/* XXX these should be done in accept_precallback */
+	aconf = find_dline(sai, sai->sa_family);
+	if(aconf == NULL || aconf->status & CONF_EXEMPTDLINE)
 	{
 		if(check_reject(new_client))
 			return; 
@@ -549,7 +552,7 @@ accept_ssld(rb_fde_t *F, struct sockaddr *addr, struct sockaddr *laddr, struct L
 	rb_fde_t *xF[2];
 	rb_socketpair(AF_UNIX, SOCK_STREAM, 0, &xF[0], &xF[1], "Incoming ssld Connection");
 	ctl = start_ssld_accept(F, xF[1], rb_get_fd(xF[0])); /* this will close F for us */
-	add_connection(listener, xF[0], addr, ctl, 1);
+	add_connection(listener, xF[0], addr, ctl);
 }
 
 static void
@@ -571,5 +574,5 @@ accept_callback(rb_fde_t *F, int status, struct sockaddr *addr, rb_socklen_t add
 	if(listener->ssl)
 		accept_ssld(F, addr, (struct sockaddr *)&lip, listener);
 	else
-		add_connection(listener, F, addr, NULL, 1);
+		add_connection(listener, F, addr, NULL);
 }