Commit graph

53 commits

Author SHA1 Message Date
Aaron Jones
1187d61128
ssld: remove unused macros, avoid sign overflow in integer function argument 2016-06-01 20:17:09 +00:00
Aaron Jones
f5960b830b
[sslproc] Use certificate file if key file is not present 2016-05-05 04:10:57 +00:00
Aaron Jones
f831e92603
Fix possible crash when DH parameters are not provided
This has ssld calling strlen() on a NULL value

[ci ckip]
2016-05-03 17:49:00 +00:00
Simon Arlott
dc986b5468
sslproc: prefix SPKI certfp types to distinguish them from CERT 2016-04-25 20:12:27 +01:00
Simon Arlott
19d1853f71
ssld: remove init_prng command
This is no longer configurable so it's redundant.
2016-04-25 19:02:03 +01:00
Simon Arlott
4fbb736202
ssld: add a callback when the connection is opened
This allows us to wait until we have the fingerprint information before
continuing with a server connect process.
2016-04-24 11:48:35 +01:00
Simon Arlott
fbbc6aeb00
ssld: send cipher/certfp before proxying any plaintext traffic 2016-04-24 10:39:16 +01:00
Simon Arlott
cf430c1a40
ssld: Add new certfp_methods spki_sha256 and spki_sha512
These operate on the SubjectPublicKeyInfo of the certificate, which does
change unless the private key is changed. This allows the fingerprint to
stay constant even if the certificate is reissued.

(The same fingerprint is also used by DANE)
2016-04-23 22:51:05 +01:00
Simon Arlott
9e98a842e3
ssld: cipher commands don't have any fds 2016-04-23 22:46:25 +01:00
Simon Arlott
5a9fa2e2fa
ssld: certfp change commands don't have any fds 2016-04-23 20:46:26 +01:00
Matt Ullman
909346edb7 ssld: Remove left over function 2016-03-27 06:13:11 -04:00
William Pitcock
de7cf7e009 ircd: client: substantially rework the connid registry system
now connid's are allocated on demand and clients may have as many connid's as necessary.
this allows us to build chains of helpers while ensuring the ircd properly tracks and GCs the resources.
2016-03-25 19:50:29 -05:00
Matt Ullman
25a899651d ssld: Move plain_check_cork() to a boolean 2016-03-24 13:52:16 -04:00
William Pitcock
d35870ee36 ssld: do not shadow openssl-internal symbol "ssl_ok" (yeah, i know) 2016-03-19 00:58:15 -05:00
Elizabeth Myers
503727d1ee More bool conversions 2016-03-09 02:19:31 -06:00
Elizabeth Myers
1b7a47417b Remove more $Id tags. 2016-03-06 02:58:32 -06:00
Elizabeth Myers
4dbb75ee84 Remove some leftover ircd-ratbox references. 2016-03-05 21:39:51 -06:00
Simon Arlott
e9ffc3c153
ssld: provide version in stats S output 2016-03-03 22:14:50 +00:00
Simon Arlott
26b83fa09d
ssld: fix format string warnings for statistics
Cast the uint64_t format arguments to unsigned long long as
that's what the format string specifies.
2016-02-11 21:58:44 +00:00
William Pitcock
c84003aeb5 ssld: we use uint8_t for IPC buffers, not char 2016-02-10 21:03:09 -06:00
Simon Arlott
7beaee5239
ssld: change_connid may be called with an unknown ID
If change_connid is called with an unknown ID, conn will be
NULL, check this with an assert and then respond by reporting
the new ID as closed instead of dereferencing a NULL pointer.
2016-02-10 21:22:50 +00:00
Valerii Iatsko
5203cba5ce Remove libratbox's snprintf.c, update related ircd code 2016-02-10 02:25:32 +01:00
Valerii Iatsko
84b49742ad ssld: fix memleak
same as r29199 ircd-ratbox:
free zlib_stream_t with the rest of the conn_t
2016-02-09 10:41:36 -06:00
William Pitcock
a5ddb7df2e ssld: check conn->plain_fd when setting conn->plain_fd type to RB_FD_SOCKET 2015-12-16 07:32:12 -06:00
William Pitcock
c1725bda3c ssl: allow cipher list to be overridden (closes #67) 2015-12-12 07:50:48 -06:00
William Pitcock
94356462c0 ssld: use uint64_t explicitly when we want 64-bit counters 2015-12-12 04:51:43 -06:00
William Pitcock
74ff144d33 ssld: fix a type warning pointed out by clang 2015-12-12 04:50:35 -06:00
William Pitcock
6cd1aca7f1 ssld: take inbuf/outbuf out of global scope, since its unnecessary 2015-12-12 04:50:15 -06:00
William Pitcock
42dbc23943 ssld: enable sending SSL cipher information if available 2015-12-11 08:32:19 -06:00
William Pitcock
408a29c65a ssld: integrate some cleanups from ratbox 3.1 2015-12-10 23:40:24 -06:00
William Pitcock
c7708a0994 ssld: update for protocol changes 2015-12-08 14:26:26 -06:00
William Pitcock
772c95cc7a ssld: we only will continue supporting one fingerprint method at a time 2015-12-07 01:21:26 -06:00
Elizabeth Myers
e6bbb41030 Add ability to change CertFP hash.
Presently this only supports SHA1, as the machinery to actually change
the cipher is not hooked up to anything yet.
2015-12-07 01:14:02 -06:00
Jail Bird
29c92cf95f Spring cleaning redux:
- Implemented changes suggested by Jilles
- Remove some unused parameters in functions
- Remove some unused ssl procs
- 63-bit time_t support in TS deltas
- const char * vs char * cleanup
- struct alignment (void *) casts
- signed vs unsigned fixes
- bad memset() call
- Bad LT_MAIN in libratbox
- char -> unsigned char casts for isdigit/isspace/etc calls

Thanks Jilles!
2015-04-20 00:55:20 -05:00
Keith Buck
55abcbb20a Remove trailing whitespace from all .c and .h files.
3134 bytes were removed.
2014-03-03 04:25:47 +00:00
William Pitcock
85e9bf4151 ssld: force the control buffer to be unsigned bytes except in special circumstances
This has the side effect of fixing GnuTLS.
2014-02-08 18:40:35 +00:00
William Pitcock
a7675ed255 ssld: Request fingerprint when connecting to the server, not just on inbound connections. 2010-12-14 21:28:35 -06:00
Jilles Tjoelker
7247337afa Add certfp support to libratbox and ssld.
This lets a user connect with a client certificate, and
passes the certificate's fingerprint to ircd, which
currently just notices it to the user.

A new ssld->ircd message 'F' is used to pass on the
fingerprint.

This is only for OpenSSL for now, not GNUTLS.
2010-01-31 19:04:20 +01:00
Jilles Tjoelker
e99f612205 ssld: Fix an fd leak when closing connections.
Lightly tested.
2009-11-15 23:11:18 +01:00
Jilles Tjoelker
c03677e9be ssld: Do not crash if not all fds in a message could be received.
Actually fill the mod_ctl_buf_t.nfds field.
2009-11-15 22:41:02 +01:00
Jilles Tjoelker
07c2bb757d Fix close detection with ssl+zip, porting more code from ircd-ratbox.
This tells the SSL ssld to report connection closure to ircd
using the new fd.
2009-03-07 03:23:17 +01:00
Jilles Tjoelker
464b7606a8 ssld: Do not do redundant rb_setselect().
Apparently solaris devpoll/ports may have a problem
with this.
from ircd-ratbox (androsyn)
2009-03-03 22:32:18 +01:00
androsyn
0bd120ed48 [svn r26332] get rid of the zip ready stuff 2009-01-01 14:50:21 +03:00
Valeriy Yatsko
3202e24921 Copied libratbox and related stuff from shadowircd upstream. 2008-12-03 02:49:39 +03:00
Jilles Tjoelker
e27ac6024d ssld: un #if 0 the /dev/null stuff out 2008-08-25 18:48:30 +02:00
Valery Yatsko
7edb4f163f ssld synced with ircd-ratbox3 svn 2008-07-30 02:57:01 +04:00
Jilles Tjoelker
a444bb7837 Show reason for failed outgoing SSL handshakes to opers.
Also add a comment that ircd does not care about the
reason for failed incoming SSL handshakes.
ircd-ratbox r25651
2008-06-29 21:56:31 +02:00
Valery V Yatsko
4b6a4d479c sync ssld with ratbox3 repository: now r25594 + charybdis related changes 2008-06-26 21:21:46 +04:00
Valery V Yatsko
21192997c1 Fix compilation without zlib headers present, from the ratbox3 upstream 2008-06-26 21:19:19 +04:00
Valery Yatsko
73d6283cfc Importing r25217, r25219 and r25221 from ratbox3 2008-04-10 20:37:42 +04:00