Commit graph

31 commits

Author SHA1 Message Date
Simon Arlott
1cdf323be9
sslproc: don't send updated config to dead/shutdown sslds
They might be running older versions of the SSL library that
doesn't support the key type or ciphers being configured.
2016-04-29 07:35:43 +01:00
Simon Arlott
036cafaaaf
sslproc: reset ssld_wait/spin_count when explicitly requested to restart ssld 2016-04-28 22:25:36 +01:00
Simon Arlott
f018ed844d
certfp: Move method name/prefix strings to a separate header file 2016-04-26 20:33:18 +01:00
Simon Arlott
53789fddda
sslproc: simplify ssl open callback
Don't use the librb callback type as we're always passing client_p.

Provide a return value so that the connect handler can exit_client()
and the accept handler can opt to use the default dead handler.
2016-04-25 21:12:44 +01:00
Simon Arlott
dc986b5468
sslproc: prefix SPKI certfp types to distinguish them from CERT 2016-04-25 20:12:27 +01:00
Simon Arlott
93ad89b232
sslproc: send the certftp method on rehash 2016-04-25 19:25:45 +01:00
Simon Arlott
f7b0c4b3d8
sslproc: use global ServerInfo configuration
There's no need to pass information around that sslproc already has access
to, so use ServerInfo directly. Remove the extra NULL checks as these are
already performed before setting ircd_ssl_ok = true.
2016-04-25 19:20:45 +01:00
Simon Arlott
90fd6ede1b
sslproc: include ssl_cipher_list in length check before sending configuration to ssld 2016-04-25 19:12:47 +01:00
Simon Arlott
19d1853f71
ssld: remove init_prng command
This is no longer configurable so it's redundant.
2016-04-25 19:02:03 +01:00
Simon Arlott
4fbb736202
ssld: add a callback when the connection is opened
This allows us to wait until we have the fingerprint information before
continuing with a server connect process.
2016-04-24 11:48:35 +01:00
Simon Arlott
0ae7a89d78
ircd: sslproc: certfp commands have a 9 byte header, not 5 bytes
SHA512 hashes were being ignored because the message was too large
2016-04-23 20:52:20 +01:00
Matt Ullman
de8b3b7174 sslproc: Remove unused variable 2016-03-26 16:41:36 -04:00
William Pitcock
de7cf7e009 ircd: client: substantially rework the connid registry system
now connid's are allocated on demand and clients may have as many connid's as necessary.
this allows us to build chains of helpers while ensuring the ircd properly tracks and GCs the resources.
2016-03-25 19:50:29 -05:00
William Pitcock
4d8cfacd95 ircd: start staging for relocatable paths 2016-03-24 18:45:28 -05:00
Matt Ullman
66769bc1f8 More cleanup 2016-03-23 00:11:26 -04:00
William Pitcock
43f06d8d8c ircd/sslproc: same for zlib_ok 2016-03-19 00:58:57 -05:00
William Pitcock
bfc44622c8 ircd: do not shadow internal openssl symbol "ssl_ok" (yeah, i know) 2016-03-19 00:57:32 -05:00
William Pitcock
7cc67225cb sslproc: return after calling free_ssl_daemon() when in sandbox ipc service routine 2016-03-19 00:04:38 -05:00
Elizabeth Myers
503727d1ee More bool conversions 2016-03-09 02:19:31 -06:00
Elizabeth Myers
fe037171d6 Change all leftover libratbox stuff to librb. 2016-03-06 03:49:27 -06:00
Elizabeth Myers
cbeab4bc34 Remove $Id tags from everything.
These are obsolete and none have changed since 10 years gao...
2016-03-06 02:47:27 -06:00
Simon Arlott
e9ffc3c153
ssld: provide version in stats S output 2016-03-03 22:14:50 +00:00
William Pitcock
1b6568f6d0 sslproc: compile fix 2016-03-01 20:24:12 -06:00
William Pitcock
a0130f9daf sslproc: properly use zconnid's for ziplinks 2016-03-01 20:02:55 -06:00
Simon Arlott
035d9143bd ircd: add missing sslproc function ssld_foreach_info()
Iterate through the ssl daemons and report their status.
2016-03-01 21:30:51 +00:00
Simon Arlott
eb1b303d56 ircd: support restarting ssld processes
Add REHASH SSLD (admins only) that starts new sslds and marks the
existing ones as inactive until all their clients disconnect.

Very useful whenever the SSL library has a vulnerability because
new connections can use a new version of the library without
disconnecting existing clients/servers.

Add STATS S (admins only) to list ssld processes, status, and client
count.
2016-02-10 19:03:30 -06:00
Simon Arlott
5e270e7d89
ircd: Handle which_ssld failure
It's possible for which_ssld to fail and return NULL, handle this in
start_ssld_connect and start_ssld_accept by returning NULL. The NULL
return value is already handled in all calls to start_ssld_accept,
so handle this for start_ssld_connect by reporting an error connecting.

Handle it in start_zlib_session by exiting the client.
2016-02-10 22:45:38 +00:00
Simon Arlott
b9ff4868a9
ircd: add missing rb_free in start_zlib_session 2016-02-10 22:45:35 +00:00
Valerii Iatsko
5203cba5ce Remove libratbox's snprintf.c, update related ircd code 2016-02-10 02:25:32 +01:00
William Pitcock
b697c3296a sslproc: process title of ssld seemed gramatically weird (nitpicking) 2016-01-06 02:15:23 -06:00
William Pitcock
ff12cc9479 rename src to ircd, libcore to libircd 2016-01-06 01:16:08 -06:00
Renamed from src/sslproc.c (Browse further)