William Pitcock
7aa40f6d2c
libratbox/gnutls: add gnutls v3 api compatibility without breaking v2
2014-02-08 18:34:49 +00:00
Jilles Tjoelker
362ef2d9ee
openssl: Improve security using options recommanded by Argure.
...
Note that these are not available in old versions of OpenSSL (like FreeBSD
9.x base OpenSSL), so allow them to be missing.
A side effect may be slightly higher CPU consumption and network traffic.
2014-01-15 22:25:26 +01:00
Jilles Tjoelker
9799bea4a1
openssl: Use cipher list suggested by Argure.
2014-01-15 22:13:47 +01:00
Jilles Tjoelker
cee842a829
openssl: Fix compiler warning.
2014-01-15 22:09:57 +01:00
Jilles Tjoelker
fabc3174fe
openssl: Set some sort of session id context.
...
Without a session id context and if client certificates are used, OpenSSL
fails the handshake if an attempt is made to reuse an old session. Various
clients could not reconnect after a disconnection because of this.
See https://bugzilla.mozilla.org/show_bug.cgi?id=858394#c34 for a bug
report.
2014-01-15 22:04:12 +01:00
William Pitcock
b6e799f5df
libratbox/openssl: check that ECDHE is really available on redhat derivatives ( closes #43 )
2013-11-30 19:55:01 +00:00
Mantas Mikulėnas
320d34a606
libratbox/crypt: fix difference from glibc in sha256_crypt()
...
rb_crypt() was generating different SHA256 ($5$) hashes than glibc,
making hashes generated with charybdis unusable in ratbox and other
software, and vice versa.
2013-10-23 15:47:28 +03:00
Patrick Godschalk
31d2201519
Have OpenSSL version check use cpp
2013-09-06 20:05:49 +02:00
Patrick Godschalk
81998134b7
Set ECDHE on OpenSSL 1.00+.
2013-09-03 14:16:57 +02:00
Quora Dodrill
97b0e99e2a
libratbox/openssl: Fix possible memory leak with SSL certificate fingerprints
2013-08-14 09:54:57 -07:00
Quora Dodrill
f997930e7c
Revert "libratbox/openssl: Fix possible memory leak with SSL dertificate fingerprints"
...
This reverts commit 6ecd598ec0
.
2013-08-14 09:54:18 -07:00
Quora Dodrill
6ecd598ec0
libratbox/openssl: Fix possible memory leak with SSL dertificate fingerprints
2013-08-14 09:50:12 -07:00
Antoine Beaupré
2bd29df9e1
Revert "libratbox: Remove broken gnutls support."
...
This reverts commit f2d58c6d72
.
2013-06-10 12:19:02 -04:00
Antoine Beaupré
608e20b4fa
Revert "Remove more gnutls references."
...
This reverts commit 6a25507e90
.
2013-06-10 12:18:43 -04:00
William Pitcock
373d6d79e3
libratbox/crypt: remove blowfish support since it has the stupid advertising clause
2012-09-29 17:28:04 -05:00
William Pitcock
a85566b151
sigio: use siginfo_t instead of struct siginfo, per glibc commit r4efeffc1d5
2012-07-25 10:34:50 -05:00
Aaron Sethman
21acd0961c
Disable timerfd/signalfd on openvz, it seems broken
...
(imported from libratbox r27395 by nenolod)
2012-05-18 21:16:13 -05:00
Jilles Tjoelker
6a25507e90
Remove more gnutls references.
2012-04-18 00:38:44 +02:00
Jilles Tjoelker
271a98feb1
libratbox: Run autoreconf.
2012-04-17 22:35:56 +02:00
Jilles Tjoelker
f2d58c6d72
libratbox: Remove broken gnutls support.
2012-04-17 22:34:11 +02:00
Keith Buck
77444dcc1f
gnutls: Fix certfp server link auth.
2012-04-07 21:51:31 +00:00
Keith Buck
3d7890b99c
gnutls: Fix ssld crash when executing a SSL connection to another server.
2012-04-07 17:40:22 +00:00
Elly Fong-Jones
2682bc3053
libratbox: use rb_listen(), not listen().
...
Signed-off-by: Elly Fong-Jones <elly@leptoquark.net>
2012-04-03 01:19:07 -04:00
Jilles Tjoelker
797a29f353
libratbox: Allow defer_accept on FreeBSD.
...
Note that you must have options ACCEPT_FILTER_DATA in your kernel
configuration or load the accf_data kernel module. The functionality is
not in the GENERIC kernel.
2012-03-20 00:33:31 +01:00
William Pitcock
aa4737a049
libratbox: make defer_accept optional.
2012-03-17 09:48:25 -05:00
William Pitcock
77cb59b319
libratbox: add support for TCP_DEFER_ACCEPT on linux
...
This allows for some further hardening against synflooding and connection flooding
where no data is actually sent, as the kernel will simply ignore those connections
(well, as far as the ircd is concerned anyway).
2012-03-17 09:16:39 -05:00
William Pitcock
a949ab1a1c
configure: set version to charybdis 3.4.0-dev
2012-02-04 04:14:20 -06:00
William Pitcock
b6d0720c1c
configure: Add --with-custom-branding and --with-custom-version options.
2011-05-08 08:55:32 -05:00
Jilles Tjoelker
e732a57bd1
Cope with OPENSSL_VERSION_NUMBER not being a long.
...
Contrary to the documentation, this is the case on recent FreeBSD at least.
2011-03-20 18:46:32 +01:00
Elizabeth Jennifer Myers
f171dafb59
Add endian test to autoconf and convert crypt to use it.
2011-01-24 21:03:00 -05:00
Elizabeth Jennifer Myers
48dc39f771
Add blowfish to libratbox crypt.
...
Also change u_int*_t to uint*_t whilst I'm here.
2011-01-17 05:01:11 -05:00
Jilles Tjoelker
af9e5b5ef7
Fix compiler warnings.
2011-01-08 17:40:12 +01:00
Elizabeth Jennifer Myers
08c2568cb9
Add SHA256/SHA512 support to crypt.c and fix up the MD5 component (it seemed to have been broken). In addition, unconditionally use the libratbox crypt.
2011-01-06 01:29:22 -05:00
Jilles Tjoelker
86510a73f9
libratbox: Unbreak compile.
2010-12-15 21:48:26 +01:00
William Pitcock
07e14084eb
libratbox: Use the server SSL certificate on outgoing connections.
2010-12-13 22:58:09 -06:00
William Pitcock
56c1612ff3
libratbox: Clean up uses of strcpy().
2010-11-23 08:52:18 -06:00
Jilles Tjoelker
918d73d562
openssl: Avoid cutting off OpenSSL errors at 119 chars.
...
ERR_error_string() is just broken, as it returns at most 119 chars
which means error messages are frequently truncated.
Allow for 511 chars using ERR_error_string_n().
2010-05-09 00:30:51 +02:00
Jilles Tjoelker
74178a388e
Fix --disable-balloc.
...
libratbox r26769
2010-03-05 17:28:47 +01:00
Jilles Tjoelker
2cb7175cfa
gnutls: I guess a gnutls_x509_crt_deinit() is needed to avoid memory leak.
2010-02-22 19:16:37 +01:00
William Pitcock
3fe59c99c7
gnutls: Add support for certfp gathering.
2010-02-22 11:13:59 -06:00
Jilles Tjoelker
b2d64e51f0
Fix a memory leak with client certificates.
2010-02-19 16:55:15 +01:00
William Pitcock
96f4052b50
Run autoreconf.
2010-02-17 23:12:45 -06:00
Jilles Tjoelker
033d16bd2d
Add new function rb_get_ssl_certfp() to export-syms.txt.
2010-02-07 20:38:37 +01:00
Jilles Tjoelker
7247337afa
Add certfp support to libratbox and ssld.
...
This lets a user connect with a client certificate, and
passes the certificate's fingerprint to ircd, which
currently just notices it to the user.
A new ssld->ircd message 'F' is used to pass on the
fingerprint.
This is only for OpenSSL for now, not GNUTLS.
2010-01-31 19:04:20 +01:00
Jilles Tjoelker
dcb22e07b9
Fix memory leak and bad error reporting with posix_spawn():
...
* an initialized posix_spawnattr_t must be destroyed
* posix_spawn() returns an error number instead of setting errno
libratbox trunk r26730
2010-01-22 00:09:56 +01:00
William Pitcock
7083c02121
Run autoreconf.
2010-01-07 16:51:32 -06:00
Jilles Tjoelker
90e960f061
Fix fd passing on FreeBSD/amd64 and possibly Solaris/sparc.
...
The number of file descriptors in the message was not
determined correctly.
2009-07-10 00:27:01 +02:00
Valeriy Yatsko
030272f378
Update libratbox.
2008-12-22 12:49:01 +03:00
Valeriy Yatsko
34f76fdd0f
Forgot version.c.SH for libratbox/.
2008-12-03 02:54:08 +03:00
Valeriy Yatsko
3202e24921
Copied libratbox and related stuff from shadowircd upstream.
2008-12-03 02:49:39 +03:00
Jilles Tjoelker
25bf728581
fix a crash in the rb_bh_gc code
...
from libratbox svn r25871 (androsyn)
2008-08-12 22:37:29 +02:00
Valery V Yatsko
ce1c921c95
sync with libratbox upstream - r25870
2008-08-11 23:20:24 +04:00
William Pitcock
041d07b3d0
Automated merge with ssh://hg.atheme.org//hg/charybdis
2008-08-01 17:00:41 -05:00
William Pitcock
72cedbce85
rb_setup_fd_ports(): use correct prototype.
2008-08-01 17:00:00 -05:00
Valery Yatsko
a9fb3ed0f9
libratbox sync - r25796
2008-07-30 02:41:27 +04:00
Valery V Yatsko
c2ac22cc46
sync libratbox - r25599 + charybdis packaging patch
2008-06-25 09:28:30 +04:00
William Pitcock
c617c321a2
Set SONAME to libratbox.so.3. (Again, packaging. Yeah. We know.)
2008-06-10 22:06:54 -05:00
William Pitcock
f17c2ef84c
Make sure x509_cred and dh_params objects are allocated.
2008-06-10 21:24:49 -05:00
William Pitcock
fc8711d128
GNUTLS backend. Untested.
2008-06-10 20:33:15 -05:00
William Pitcock
709c19516d
Run autoreconf.
2008-06-10 13:45:43 -05:00
Jilles Tjoelker
ac48b7c300
libratbox: Remove static inline symbols from export-syms.txt.
2008-05-17 13:26:42 +02:00
Jilles Tjoelker
6770b968bc
Fix a mistake in kqueue 'overflow' handling.
...
If there is no space in the output buffer to report an
error adding to the kqueue, kevent(2) will abort and
return the error in errno (I was correct that it does
not tell you where it failed). So do not abort the loop
if kevent(2) fails and do not log (expected) EBADF.
2008-05-14 19:56:41 +02:00
Jilles Tjoelker
aec4c3cb6b
Save connect errno so that we get a correct connect failure reason
...
libratbox r25358 (androsyn)
2008-05-13 20:21:12 +02:00
Jilles Tjoelker
2142f6910e
Fix a possible crash with SSL connections closing early.
...
libratbox r25356 (jilles)
2008-05-12 19:54:24 +02:00
Jilles Tjoelker
3c95b6e72f
Fix kqueue sometimes dropping updates.
...
(ircd wouldn't read or write anymore to certain clients)
This happens because kqueue.c will often try to add
already closed file descriptors to the kqueue. The kernel
tries to report bad file descriptors in the eventlist; if
the eventlist has no space, processing of the changelist
is silently halted.
The fix:
1. allocate two kqlst things, one for what kqlst currently does
and one as output buffer
this ensures the kevent(2) call in rb_select_kqueue() never
drops updates
2. replace the kevent(2) call in kq_update_events() by a loop
that processes the updates one at a time
that doesn't happen much, and it's the only way to be sure
without also getting events out of the queue we cannot process
at that time
libratbox r25354 (jilles)
2008-05-12 18:54:20 +02:00
Jilles Tjoelker
365d91a86f
patricia: remove ugly abuse of K&R style function declaration
...
It left the argument types unspecified in a function
pointer, then called it using different numbers of
arguments.
libratbox r25229
2008-04-13 18:20:18 +02:00
Jilles Tjoelker
39930c6602
Remove linebuf's per-line flushing flag, as it's per-head state.
...
In rare cases, this sharing caused the ircd to skip
part of outgoing traffic, e.g. appearing as "not enough
parameters" errors on the other side.
The purpose of this flag can be fulfilled by the writeofs
in the bufhead.
libratbox r25227
2008-04-13 00:44:21 +02:00
Jilles Tjoelker
ba1721d144
read/write return type should be ssize_t, not int or size_t.
...
The writev emulation used size_t, which is unsigned,
preventing negative values to be seen.
libratbox r25225
2008-04-12 16:43:12 +02:00
Jilles Tjoelker
7b224e33b5
kqueue: also use EV_ONESHOT for read events
...
This makes the kernel's state agree with our handler pointer.
SSL may need to suspend selecting for reading to write
something, e.g. with renegotiation.
libratbox r25223
2008-04-11 11:08:37 +02:00
Valery Yatsko
73d6283cfc
Importing r25217, r25219 and r25221 from ratbox3
2008-04-10 20:37:42 +04:00
Valery Yatsko
715ffadfd9
Importing changes from ircd-ratbox revision r25203, this fixes libratbox/src/openssl.c a bit
2008-04-06 18:28:56 +04:00
Valery Yatsko
398b6a7372
ok, trying to work on blockheap's stuff
2008-04-02 04:28:05 +04:00
William Pitcock
a8f0b117ba
Make this link without OpenSSL. This patch should go upstream.
2008-04-01 14:57:52 -05:00
William Pitcock
b676ea3bd5
Run autoreconf.
2008-04-01 11:53:46 -05:00
William Pitcock
db13786793
Pull in libratbox from ircd-ratbox-3.0.0beta1 and integrate into the build system.
2008-04-01 11:52:26 -05:00