Commit graph

2250 commits

Author SHA1 Message Date
William Pitcock
94356462c0 ssld: use uint64_t explicitly when we want 64-bit counters 2015-12-12 04:51:43 -06:00
William Pitcock
74ff144d33 ssld: fix a type warning pointed out by clang 2015-12-12 04:50:35 -06:00
William Pitcock
6cd1aca7f1 ssld: take inbuf/outbuf out of global scope, since its unnecessary 2015-12-12 04:50:15 -06:00
William Pitcock
4952e40b7e newconf: fix error message on channel::autochanmodes 2015-12-12 00:33:46 -06:00
William Pitcock
5225f83df1 libratbox: import zstring functions 2015-12-11 15:56:33 -06:00
William Pitcock
63eb8567cb implement configurable channel modes (closes #31)
While functionally compatible with the implementation in ElementalIRCd, our approach is different,
specifically pre-calculating the bitmask at config load time.  This is more efficient, and allows us
to report errors as part of the configuration phase.
2015-12-11 15:36:53 -06:00
William Pitcock
bac8c4829f config.h.dist: resync with config.h (closes #14) 2015-12-11 12:14:34 -06:00
William Pitcock
7c16cc9085 libratbox: implement nossl variants of rb_get_ssl_certfp() and rb_get_ssl_cipher() 2015-12-11 08:36:21 -06:00
William Pitcock
42dbc23943 ssld: enable sending SSL cipher information if available 2015-12-11 08:32:19 -06:00
William Pitcock
833b2f9cbf libratbox: implement rb_get_ssl_cipher() 2015-12-11 08:32:02 -06:00
William Pitcock
427a8d5dbb WHOIS: use cipher string if available 2015-12-11 08:20:11 -06:00
William Pitcock
ebe33dbfab sslproc: set Client.localClient.cipher_string if sent by ssld 2015-12-11 08:19:50 -06:00
William Pitcock
196740c42b sslproc: likewise 2015-12-10 23:44:31 -06:00
William Pitcock
408a29c65a ssld: integrate some cleanups from ratbox 3.1 2015-12-10 23:40:24 -06:00
William Pitcock
d44660305f update NEWS documenting availability of combination extbans 2015-12-10 02:28:52 -06:00
William Pitcock
98c645cadb document extb_combi and extb_hostmask bans (closes #74) 2015-12-10 02:27:08 -06:00
William Pitcock
e2a9fa9cab extenions: add a $m: extban (ref #74) 2015-12-10 02:25:22 -06:00
William Pitcock
4ef511ebb8 import marienz's extb_combi module (ref #74) 2015-12-10 02:20:58 -06:00
William Pitcock
7801d174d7 Revert "extban: implement helper functions for stackable extbans (part 1) (ref #74)"
This reverts commit 304bd0d095.
2015-12-10 02:19:21 -06:00
William Pitcock
304bd0d095 extban: implement helper functions for stackable extbans (part 1) (ref #74) 2015-12-10 01:33:30 -06:00
William Pitcock
202d496644 override: only engage override code if we're needing to authorize a WRITE to a channel's state (closes #65) 2015-12-10 01:00:32 -06:00
William Pitcock
c7708a0994 ssld: update for protocol changes 2015-12-08 14:26:26 -06:00
William Pitcock
509088aaee update NEWS to note that CertFP methods are now configurable 2015-12-07 01:52:16 -06:00
William Pitcock
13d8f0edba allow certfp method to be configured 2015-12-07 01:49:30 -06:00
William Pitcock
772c95cc7a ssld: we only will continue supporting one fingerprint method at a time 2015-12-07 01:21:26 -06:00
William Pitcock
fced7b416b Merge branch 'master' of github.com:atheme/charybdis 2015-12-07 01:15:00 -06:00
Elizabeth Myers
e6bbb41030 Add ability to change CertFP hash.
Presently this only supports SHA1, as the machinery to actually change
the cipher is not hooked up to anything yet.
2015-12-07 01:14:02 -06:00
Elizabeth Myers
c33349ec21 Add ability to change CertFP hash.
Presently this only supports SHA1, as the machinery to actually change
the cipher is not hooked up to anything yet.
2015-12-07 01:11:12 -06:00
William Pitcock
653e3ca512 update copyright on NEWS (haha) 2015-12-05 07:18:35 -06:00
William Pitcock
354fd35126 update README 2015-12-05 07:09:52 -06:00
William Pitcock
6a49a3432f update NEWS a little more 2015-12-05 07:07:01 -06:00
William Pitcock
a7433e330a m_message: use same behaviour for +R users as +g users (closes #96) 2015-12-05 06:48:38 -06:00
William Pitcock
677d3cb1a3 mbedtls: implement rb_get_ssl_certfp() 2015-12-05 06:37:04 -06:00
William Pitcock
bbccb09a90 newconf: TLS listener ports should always be defer_accept
TLS clients are required to send ClientHello upon connection, the server may not reply with ServerHello until this has happened
2015-12-04 22:53:04 -06:00
William Pitcock
493897d67c mbedtls: use server certificate for client mode too 2015-12-04 22:42:10 -06:00
William Pitcock
162a91d6ed mbedtls: make client mode work too 2015-12-04 22:41:02 -06:00
William Pitcock
539d912b95 libratbox: fix up mbedtls backend 2015-12-04 00:01:40 -06:00
William Pitcock
fab6f9e80e libratbox: gnutls: we want to pass F, not F->fd to rb_listen() 2015-12-03 22:38:54 -06:00
William Pitcock
cd492e44b5 libratbox: initial cut at an mbedtls implementation, which will replace openssl and gnutls backends in charybdis 3.6
notably, it presently is lacking CertFP support, but everything else is implemented
2015-12-03 22:32:33 -06:00
William Pitcock
6f57a957b0 libratbox: prepare build system for mbed tls backend 2015-12-03 18:37:32 -06:00
William Pitcock
7f2cc0eacb Revert "supported: remove TARGMAX, nothing really uses it, and the information conveyed is useless anyway"
This reverts commit ff2f68e617.
2015-11-19 23:10:36 -06:00
William Pitcock
4a5330bb4d cap: implement ircv3.2 chghost cap 2015-11-19 22:53:55 -06:00
William Pitcock
583f064fef send: add negation argument to sendto_common_channels_local() and friends 2015-11-19 22:43:45 -06:00
William Pitcock
8e9e22b4d3 parse: handle_encap(): remove parv[0] initialization, anything using parv[0] should crash the ircd 2015-11-19 17:13:04 -06:00
William Pitcock
e77879b0f6 modules/m_resv: update comments since parv[0] is not used anymore 2015-11-19 17:12:07 -06:00
William Pitcock
ff2f68e617 supported: remove TARGMAX, nothing really uses it, and the information conveyed is useless anyway 2015-11-16 15:01:57 -06:00
Jilles Tjoelker
439bf4db58 monitor: Show 005 entry only if m_monitor.so is actually loaded.
This only affects the MONITOR=<max> entry, not TARGMAX=...,MONITOR:
which is harder to modify from a module.
2015-11-15 22:57:23 +01:00
Aaron Jones
0b05d1aad5
[libratbox] Remove an unused random function
Nothing in the Charybdis or libratbox code calls rb_get_pseudo_random
and under OpenSSL it uses RAND_pseudo_bytes() which is both dangerous
and removed in OpenSSL version 1.1.0.
2015-10-25 16:04:57 +00:00
Aaron Jones
25f7ee7dd6
Improve the versions of TLS used for server to server linking
When building against current OpenSSL (<= 1.0.2) or old LibreSSL
(< 2.2.2) the server will use TLSv1.0 only when connecting to other
servers.

This patch corrects that.
2015-10-23 16:08:15 +00:00
Aaron Jones
3ae24413ca
Use new TLS method APIs with new LibreSSL
OpenBSD 5.8 includes LibreSSL 2.2.2, which finally brings the API up to
what they claim it is by implementing the new TLS client and server
method APIs. Therefore, in furtherance of commits a4c8c827 and 1a4e224a
we can build with the new APIs if building against (real) OpenSSL 1.1.0
or LibreSSL 2.2.2.

Reported-by: Juuso Lapinlampi <wub@partyvan.eu>
2015-10-23 16:05:33 +00:00