If there are holes in the auth_providers ID numbers, the array allocated
based on list length won't be large enough to handle all the IDs.
(auth->data could be converted to a dlink_list)
* long is too small on 32-bit systems, use unsigned long long if we want
to check for out of range values
* UINT32_MAX is a valid cid, and 0 isn't
* make auth->cid a uint32_t not uint16_t
There are two important caveats here, however:
1) Aliased commands have more than 8 parameters will be truncated;
there's nothing I can do about this.
2) Parameters with colons will not be handled as you expect. Again,
nothing I can do about this.
Iteration is the primary thing done on these, so using a dictionary
doesn't help a lot. Furthermore (and most importantly), they are not
safe to delete from.
* Don't manually initialise libssl 1.1.0 -- it does this automatically
* SSL_library_init() should be called first otherwise
* Move SSL_CTX construction to rb_setup_ssl_server()
* Test for all required files (certificate & key) before doing anything
* Free the old CTX before constructing a new one (Fixes#186)
* Don't try to set options / ciphers etc on a NULL CTX
* Clean up ifdef indentation
* Fix DH parameters memory leak
The OpenSSL backend is the only one that assigns a non-constant
value to the length variable. Use the correct type for its
pointer and cast instead.
[ci skip]
* Certificate fingerprint length functions return an "int", so use an
int when calculating the length
* Clean up the OpenSSL certificate fingerprint if() and indentation mess
This will allow service process monitoring to recognise the difference
between a shutdown and an error of a -foreground ircd, because only
/DIE (or SIGINT) will exit with return code 0.
It's useful to allow authd to run in parallel with ssl negotiation,
but if the ssld connection has plaintext data ready for reading
there's a race condition between authd calling read_packet() and
ssl_process_certfp() storing the certificate fingerprint. This
scenario would be bad for a server connecting because fingerprint
verification will fail.
Allow either operation to complete first, but wait until
ssl_process_open_fd() calls the ssl open callback before calling
read_packet().
Don't use the librb callback type as we're always passing client_p.
Provide a return value so that the connect handler can exit_client()
and the accept handler can opt to use the default dead handler.