Commit graph

89 commits

Author SHA1 Message Date
c7da812303
Merge branch 'solanum' into merging-solanum-into-hackint 2024-06-06 00:33:19 +00:00
JailBird
ab9f279a1d ssld: Remove unused zlib_ok variable 2022-11-09 18:14:41 -06:00
jailbird777
3c586ccf3e
Remove ancient portability code (#361)
Remove portability code for systems that don't follow at least SUSv3.
This fairly closely aligns with ISO C99, which solanum already requires.
2022-08-24 20:53:52 -04:00
jailbird777
8f0c3422e7 Remove Windows support 2021-07-30 14:17:47 -04:00
Ariadne Conill
81531536aa
Remove ziplinks (#218) 2021-06-26 17:45:52 +01:00
Ed Kellett
a6f63a829e
Innovation by sed 2020-10-15 15:52:41 +01:00
ManiacTwister
074e23e4e2 Added SNI support (OpenSSL) 2018-11-21 20:03:48 +01:00
Simon Arlott
4f8866f680
ssld: avoid clang static analysis warning
Edit by @aaronmdjones: fix for loop initialisation and inner condition
2017-08-04 20:51:53 +01:00
Simon Arlott
ae6ce6100a
ssld: avoid clang static analysis warning
Don't set `x = 0` twice.

Edit by @aaronmdjones: fix for loop initialisation and inner condition
2017-08-04 12:32:58 +00:00
Simon Arlott
a21843a0a0
ssld: avoid clang static analysis warning 2017-08-04 12:32:58 +00:00
Aaron Jones
82e920102f
lots of misc cleanups for compiler warnings
ratbox_lib.c:159:1: warning: function 'rb_lib_restart' could be declared
                    with attribute 'noreturn' [-Wmissing-noreturn]

ratbox_lib.c:220:1: warning: function 'rb_lib_loop' could be declared
                    with attribute 'noreturn' [-Wmissing-noreturn]

restart.c:55:1: warning: function 'server_reboot' could be declared with
                attribute 'noreturn' [-Wmissing-noreturn]
2017-08-04 12:32:57 +00:00
Aaron Jones
9519919ff5
ssld/ssld.c: misc cleanup for compiler warning
ssld.c:1251:14: warning: signed shift result (0x80000000) sets the sign
                bit of the shift expression's type ('int') and becomes
                negative [-Wshift-sign-overflow]
2017-08-04 12:32:56 +00:00
Simon Arlott
209c57fbbf
ssld: avoid clang static analysis warning
Don't set `x = 0` twice.
2017-07-29 22:39:48 +01:00
Simon Arlott
f660af2155
ssld: avoid clang static analysis warning 2017-07-29 22:28:50 +01:00
Aaron Jones
2afd965b21
TLS: Partially backport the SubjectPublicKeyInfo digesting functionality
This backports the code responsible for SPKI digests from release/4.

It also adjusts doc/reference.conf to note that SPKI digests are now
supported, and how to generate them. It does NOT backport the mkfingerprint
program -- the instructions in reference.conf are sufficient. I am ofcourse
open to anyone else backporting the program, but I don't see the need.
2016-11-15 12:30:09 +00:00
Aaron Jones
1187d61128
ssld: remove unused macros, avoid sign overflow in integer function argument 2016-06-01 20:17:09 +00:00
William Pitcock
bc2eeb0992
Do not shadow OpenSSL-internal symbol "ssl_ok".
This is a backport of commit bfc44622
2016-06-01 16:32:26 +00:00
Aaron Jones
f5960b830b
[sslproc] Use certificate file if key file is not present 2016-05-05 04:10:57 +00:00
Aaron Jones
b8cf4b3bf2
[sslproc] Various fixes
* Properly allow no DH parameters (some backends come with defaults)
* If no private key is given, assume it's in the certificate file
* Use correct length calculation in buffer for TLS options
* Fix compiler warnings regarding uint64_t stats counters
2016-05-03 23:19:06 +00:00
Aaron Jones
f831e92603
Fix possible crash when DH parameters are not provided
This has ssld calling strlen() on a NULL value

[ci ckip]
2016-05-03 17:49:00 +00:00
Aaron Jones
1ea72c8f86
[ssld] Fix possible crash when DH parameters are not provided
This has ssld calling strlen() on a NULL value

[ci skip]
2016-05-03 17:48:04 +00:00
Aaron Jones
5c8da48264
Backport more TLS backend and ssld fixes & improvements from 3.6
openssl:
 * Don't manually initialise libssl 1.1.0 -- it does this automatically
 * SSL_library_init() should be called first otherwise
 * Move SSL_CTX construction to rb_setup_ssl_server()
 * Test for all required files (certificate & key) before doing anything
 * Free the old CTX before constructing a new one (Fixes #186)
 * Properly abort rb_setup_ssl_server() on CTX construction failures
 * Support ECDHE on more than one curve on OpenSSL 1.0.2 and above
 * Clean up ifdef indentation
 * Fix DH parameters memory leak

mbedtls:
 * Fix certificate fingerprint generation
 * Fix library linking order
 * Fix incorrect printf()-esque argument count
 * Return digest length for fingerprints instead of 1, consistent
   with the other backends

sslproc / ssld:
 * Fingerprint methods have no assocated file descriptors
 * Send TLS information (cipher, fingerprint) before data
 * Use correct header length for fingerprint method

Authored-by: Aaron Jones <aaronmdjones@gmail.com>
Authored-by: William Pitcock <nenolod@dereferenced.org>
Authored-by: Simon Arlott <sa.me.uk>
2016-04-30 21:39:05 +00:00
Simon Arlott
dc986b5468
sslproc: prefix SPKI certfp types to distinguish them from CERT 2016-04-25 20:12:27 +01:00
Simon Arlott
19d1853f71
ssld: remove init_prng command
This is no longer configurable so it's redundant.
2016-04-25 19:02:03 +01:00
Simon Arlott
4fbb736202
ssld: add a callback when the connection is opened
This allows us to wait until we have the fingerprint information before
continuing with a server connect process.
2016-04-24 11:48:35 +01:00
Simon Arlott
fbbc6aeb00
ssld: send cipher/certfp before proxying any plaintext traffic 2016-04-24 10:39:16 +01:00
Simon Arlott
cf430c1a40
ssld: Add new certfp_methods spki_sha256 and spki_sha512
These operate on the SubjectPublicKeyInfo of the certificate, which does
change unless the private key is changed. This allows the fingerprint to
stay constant even if the certificate is reissued.

(The same fingerprint is also used by DANE)
2016-04-23 22:51:05 +01:00
Simon Arlott
9e98a842e3
ssld: cipher commands don't have any fds 2016-04-23 22:46:25 +01:00
Simon Arlott
5a9fa2e2fa
ssld: certfp change commands don't have any fds 2016-04-23 20:46:26 +01:00
William Pitcock
d5ff7a9c3c ssld: do not shadow openssl-internal symbol "ssl_ok" (yeah, i know) 2016-04-02 17:12:28 -05:00
William Pitcock
1533b40304 ssld: we use uint8_t for IPC buffers, not char 2016-04-02 17:11:21 -05:00
Simon Arlott
b7cca0143d ssld: change_connid may be called with an unknown ID
If change_connid is called with an unknown ID, conn will be
NULL, check this with an assert and then respond by reporting
the new ID as closed instead of dereferencing a NULL pointer.
2016-04-02 17:11:08 -05:00
Valerii Iatsko
b1f028e5d4 ssld: fix memleak
same as r29199 ircd-ratbox:
free zlib_stream_t with the rest of the conn_t
2016-04-02 17:10:42 -05:00
Matt Ullman
909346edb7 ssld: Remove left over function 2016-03-27 06:13:11 -04:00
William Pitcock
de7cf7e009 ircd: client: substantially rework the connid registry system
now connid's are allocated on demand and clients may have as many connid's as necessary.
this allows us to build chains of helpers while ensuring the ircd properly tracks and GCs the resources.
2016-03-25 19:50:29 -05:00
Matt Ullman
25a899651d ssld: Move plain_check_cork() to a boolean 2016-03-24 13:52:16 -04:00
William Pitcock
d35870ee36 ssld: do not shadow openssl-internal symbol "ssl_ok" (yeah, i know) 2016-03-19 00:58:15 -05:00
Elizabeth Myers
503727d1ee More bool conversions 2016-03-09 02:19:31 -06:00
Elizabeth Myers
1b7a47417b Remove more $Id tags. 2016-03-06 02:58:32 -06:00
William Pitcock
c83f2f5e12 rename libratbox to librb, since its pretty modified anyway 2016-03-06 02:30:20 -06:00
Elizabeth Myers
4dbb75ee84 Remove some leftover ircd-ratbox references. 2016-03-05 21:39:51 -06:00
William Pitcock
9ea48ec30a remove presupplied autotools files 2016-03-05 17:47:48 -06:00
Simon Arlott
e9ffc3c153
ssld: provide version in stats S output 2016-03-03 22:14:50 +00:00
William Pitcock
c678fbc08b ircd: remove broken USE_IODEBUG_HOOKS knob and related code 2016-02-20 12:02:49 -06:00
Simon Arlott
26b83fa09d
ssld: fix format string warnings for statistics
Cast the uint64_t format arguments to unsigned long long as
that's what the format string specifies.
2016-02-11 21:58:44 +00:00
William Pitcock
c84003aeb5 ssld: we use uint8_t for IPC buffers, not char 2016-02-10 21:03:09 -06:00
Simon Arlott
7beaee5239
ssld: change_connid may be called with an unknown ID
If change_connid is called with an unknown ID, conn will be
NULL, check this with an assert and then respond by reporting
the new ID as closed instead of dereferencing a NULL pointer.
2016-02-10 21:22:50 +00:00
Valerii Iatsko
5203cba5ce Remove libratbox's snprintf.c, update related ircd code 2016-02-10 02:25:32 +01:00
Valerii Iatsko
84b49742ad ssld: fix memleak
same as r29199 ircd-ratbox:
free zlib_stream_t with the rest of the conn_t
2016-02-09 10:41:36 -06:00
William Pitcock
9e45a5ca19 buildsystem: further cleanup 2016-01-08 07:01:00 -06:00