Aaron Jones
3057f91d98
openssl: change how we load DH parameters
...
The code already assumes the presence of fopen(3) and errno, and, by
extension, fclose(3) and strerror(3), so just use those instead of the
BIO wrappers.
Additionally, don't fail to initialise if the DH file does exist but
parsing it fails, as per the pre-existing comment about them being
optional.
2016-05-25 21:46:34 +00:00
Aaron Jones
0982871a99
strcpy: mass-migrate to strlcpy where appropriate
2016-05-15 03:58:44 +00:00
Aaron Jones
8f961edc50
appveyor: correct version
...
[ci skip]
2016-05-15 01:14:08 +00:00
Aaron Jones
d539f22782
ircd_lexer: fix another crash with the same cause
2016-05-15 00:57:16 +00:00
Aaron Jones
401cb2bb17
ircd_lexer: fix crash with very large config option strings
2016-05-15 00:00:23 +00:00
Aaron Jones
b143df9ac4
minor spring cleaning: remove/relocate duplicate/unused includes & macros
...
[ci skip]
2016-05-14 23:29:33 +00:00
William Pitcock
be7c282296
makerelease: fix DATECODE output
2016-05-14 17:28:49 -05:00
William Pitcock
b28cccb704
NEWS: document websocket availability
2016-05-14 17:24:56 -05:00
William Pitcock
be2447b850
config: document websocket options
2016-05-14 17:24:20 -05:00
William Pitcock
dcf450702b
newconf: ensure wsock and defer_accept are default-to-disable for now, for consistency sake on rehashes
2016-05-14 17:23:51 -05:00
Aaron Jones
7de13f7e5e
starttls: Allow command usage with backends other than OpenSSL
2016-05-14 00:26:03 +00:00
Simon Arlott
4ad9738d7a
m_alias: correctly construct string to be sent
2016-05-12 19:45:27 +01:00
Simon Arlott
8dd5d185e8
bandb: sqlite3: use getpagesize() on FreeBSD
2016-05-12 12:43:18 +01:00
Simon Arlott
0e0d823a5d
wsockd: include stdinc.h so that sys/types.h is included on FreeBSD 4.8
2016-05-12 12:43:17 +01:00
Simon Arlott
7c7cf006ca
librb: define UINT32_MAX for FreeBSD 4.8
2016-05-12 12:43:16 +01:00
Simon Arlott
87f7632760
librb: support rb_path_to_self on FreeBSD 4.8
2016-05-12 12:43:15 +01:00
Simon Arlott
d2a4981ab2
client: call authd_abort_client with the client that is exiting, not the originator
2016-05-12 10:06:31 +01:00
William Pitcock
96bcbb5d56
Merge pull request #191 from GLolol/patch-1
...
doc: add extensions/chm_nonotice to example confs
2016-05-11 23:46:10 -05:00
James Lu
cdc31cc55f
doc: add extensions/chm_nonotice to example confs
2016-05-11 21:39:42 -07:00
Aaron Jones
9d6b870d7b
[Documentation] Increase bitlength recommendation for DH parameters
...
Also clarify the behaviour of TLS backends and the consequences for
not providing any parameters at all.
[ci skip]
2016-05-05 04:20:16 +00:00
Aaron Jones
70a70462e5
[Documentation] Reflect that ssl_private_key is now optional
...
[ci skip]
2016-05-05 04:20:07 +00:00
Aaron Jones
f5960b830b
[sslproc] Use certificate file if key file is not present
2016-05-05 04:10:57 +00:00
Aaron Jones
883f3833ed
Travis CI: Build against sqlite3 library
2016-05-05 03:54:38 +00:00
Aaron Jones
1e7342d0f4
[mbedtls] Various fixes and improvements
...
* Move certificate, key, DH parameters and configuration to heap
(Documentation states that setting new configuration, e.g.
during a rehash, is unsupported while connections using that
configuration are active)
This is the same approach as the fix for #186
Refcount these structures so as to not introduce a memory leak
On rehash, it will use new structures only if there are no
errors in constructing them
* Make fingerprint generation work for TLS connections
See the comments in the newly created file for an explanation
* Fix memory leak when generating a fingerprint from a file
* Add better error-reporting (strings in addition to numbers)
where possible
* Coalesce several connection memory allocations into one function
* Reduce boilerplate where possible (Charybdis targets C99)
* Support private key being in certificate file, and having no
DH parameters file
* Correct erroneous closing comment
2016-05-05 03:47:57 +00:00
Aaron Jones
c40eede13b
[TLS Backends] Make version strings more useful and consistent
2016-05-05 03:47:46 +00:00
Aaron Jones
0fe9dd4119
[TLS Backends] Allow absense of private key file
...
Use the certificate file instead
2016-05-05 03:47:33 +00:00
Aaron Jones
4d83a4d92d
[sslproc] Allow absense of private key file
...
Backends can then assume that the private key is in the certificate file
2016-05-05 03:47:18 +00:00
Aaron Jones
f831e92603
Fix possible crash when DH parameters are not provided
...
This has ssld calling strlen() on a NULL value
[ci ckip]
2016-05-03 17:49:00 +00:00
Simon Arlott
da20854e83
random_ping: stop producing negative values that become 16 chars
2016-05-02 21:14:16 +01:00
Simon Arlott
84d0b55e76
authd: fix reference far off the end of the array on shutdown
...
When authd has no more input it tries to reject all current clients with
an id of UINT32_MAX.
2016-05-01 11:51:07 +01:00
Simon Arlott
2f598dacdd
authd: remove unused variable id from accept_client
2016-05-01 11:51:06 +01:00
Simon Arlott
075d4d569e
authd: allocate the correct size of auth_client_data
...
If there are holes in the auth_providers ID numbers, the array allocated
based on list length won't be large enough to handle all the IDs.
(auth->data could be converted to a dlink_list)
2016-05-01 11:51:05 +01:00
Simon Arlott
a5f52774bb
authd: Only use refcount for reference counting
...
Use providers_active for provider activity tracking.
2016-05-01 11:31:05 +01:00
Simon Arlott
2392770f4d
authd: fix auth->cid type sizes
...
* long is too small on 32-bit systems, use unsigned long long if we want
to check for out of range values
* UINT32_MAX is a valid cid, and 0 isn't
* make auth->cid a uint32_t not uint16_t
2016-05-01 11:12:34 +01:00
Simon Arlott
a4da4fe574
authd: fix memory leak in start_auth
2016-05-01 10:59:22 +01:00
Simon Arlott
9f928dc532
authd: don't call cancel_providers recursively
...
Also check that they haven't been cancelled while starting up.
2016-05-01 10:53:34 +01:00
Simon Arlott
d955cd9f97
authd: use a list for auth_providers
...
We only need to iterate over this small fixed size list, so
dictionary iteration will be less efficient.
2016-05-01 10:49:12 +01:00
Elizabeth Myers
f4d828ef96
m_alias: restore old behaviour of joining all parameters.
...
There are two important caveats here, however:
1) Aliased commands have more than 8 parameters will be truncated;
there's nothing I can do about this.
2) Parameters with colons will not be handled as you expect. Again,
nothing I can do about this.
2016-05-01 03:48:00 -05:00
William Pitcock
998b6ec513
stage for charybdis 4-beta1.
2016-04-30 19:58:14 -05:00
William Pitcock
9cd0063a2c
librb: fix commio build on win32
2016-04-30 19:33:31 -05:00
William Pitcock
b585278b32
authd: provider: make refcounting system less fragile
2016-04-30 19:26:02 -05:00
William Pitcock
a71b65b15c
Revert "authd: change to lists instead of dictionaries for various things"
...
This reverts commit 49fd293f20
.
2016-04-30 19:20:12 -05:00
Aaron Jones
92404a1a98
[openssl] Forward-port some more cleanups from fixes to 3.5
2016-04-30 21:45:16 +00:00
Simon Arlott
3b0b4037d0
authd: don't decrement refcount twice when accepting the client
2016-04-30 17:06:21 +01:00
Simon Arlott
896370cc3e
m_stats: don't try to access bl_stats if it doesn't exist
2016-04-30 13:18:48 +01:00
Simon Arlott
3c5f720c6f
authd_check: don't try to update bl_stats if it doesn't exist
...
This can happen if all the blacklists are removed and then authd
sends a blacklisted response for a client.
2016-04-30 13:18:06 +01:00
Simon Arlott
4573f8f2fb
authproc: don't try to delete bl_stats if it hasn't been created
2016-04-30 13:11:06 +01:00
Simon Arlott
8a29e7cd1e
librb: shutdown() listening sockets pending close() so that listeners can be reopened reliably
2016-04-30 11:36:28 +01:00
Elizabeth Myers
c767c58b2a
opm: use rb_dlinkDelete instead of rb_dlinkFindDelete.
2016-04-30 01:59:05 -05:00
Elizabeth Myers
49fd293f20
authd: change to lists instead of dictionaries for various things
...
Iteration is the primary thing done on these, so using a dictionary
doesn't help a lot. Furthermore (and most importantly), they are not
safe to delete from.
2016-04-30 01:59:05 -05:00