Aaron Jones
b8cf4b3bf2
[sslproc] Various fixes
...
* Properly allow no DH parameters (some backends come with defaults)
* If no private key is given, assume it's in the certificate file
* Use correct length calculation in buffer for TLS options
* Fix compiler warnings regarding uint64_t stats counters
2016-05-03 23:19:06 +00:00
Aaron Jones
1ea72c8f86
[ssld] Fix possible crash when DH parameters are not provided
...
This has ssld calling strlen() on a NULL value
[ci skip]
2016-05-03 17:48:04 +00:00
Aaron Jones
5c8da48264
Backport more TLS backend and ssld fixes & improvements from 3.6
...
openssl:
* Don't manually initialise libssl 1.1.0 -- it does this automatically
* SSL_library_init() should be called first otherwise
* Move SSL_CTX construction to rb_setup_ssl_server()
* Test for all required files (certificate & key) before doing anything
* Free the old CTX before constructing a new one (Fixes #186 )
* Properly abort rb_setup_ssl_server() on CTX construction failures
* Support ECDHE on more than one curve on OpenSSL 1.0.2 and above
* Clean up ifdef indentation
* Fix DH parameters memory leak
mbedtls:
* Fix certificate fingerprint generation
* Fix library linking order
* Fix incorrect printf()-esque argument count
* Return digest length for fingerprints instead of 1, consistent
with the other backends
sslproc / ssld:
* Fingerprint methods have no assocated file descriptors
* Send TLS information (cipher, fingerprint) before data
* Use correct header length for fingerprint method
Authored-by: Aaron Jones <aaronmdjones@gmail.com>
Authored-by: William Pitcock <nenolod@dereferenced.org>
Authored-by: Simon Arlott <sa.me.uk>
2016-04-30 21:39:05 +00:00
William Pitcock
1d2ba176ea
ircd: Channel.bants is not a serial but a timestamp.
...
Previously, the IRCd would increment bants instead of resyncing the timestamp, causing the potential of
false negatives from the bancache system.
2016-04-30 00:14:06 +00:00
Valerii Iatsko
bf9e0a6ed5
Fixed compilation w/ gnutls v3
2016-04-02 17:28:37 -05:00
William Pitcock
558bca8608
news for 3.5.1.
2016-04-02 17:22:14 -05:00
William Pitcock
db1b744e41
charybdis 3.5.1.
2016-04-02 17:21:06 -05:00
William Pitcock
18244e32f3
more ssld ipc improvements from 3.6
2016-04-02 17:20:15 -05:00
William Pitcock
987fa43982
sslproc: partial backport of 3.6 connid changes
2016-04-02 17:16:09 -05:00
William Pitcock
f76b0cee90
s_serv: ensure we use the actual assigned connid on an outbound connection
2016-04-02 17:15:01 -05:00
William Pitcock
d5ff7a9c3c
ssld: do not shadow openssl-internal symbol "ssl_ok" (yeah, i know)
2016-04-02 17:12:28 -05:00
William Pitcock
1533b40304
ssld: we use uint8_t for IPC buffers, not char
2016-04-02 17:11:21 -05:00
Simon Arlott
b7cca0143d
ssld: change_connid may be called with an unknown ID
...
If change_connid is called with an unknown ID, conn will be
NULL, check this with an assert and then respond by reporting
the new ID as closed instead of dereferencing a NULL pointer.
2016-04-02 17:11:08 -05:00
Valerii Iatsko
b1f028e5d4
ssld: fix memleak
...
same as r29199 ircd-ratbox:
free zlib_stream_t with the rest of the conn_t
2016-04-02 17:10:42 -05:00
Aaron Jones
56f1d769bd
Document extb_usermode module in reference.conf
...
Also add it to the example configuration files
[ci skip]
2016-03-28 03:34:36 +01:00
Aaron Jones
604ab13778
extensions: Fix duplicate extban character usage
...
extb_usermode and extb_hostmask both use the same extban character
('m'), resulting in only one of the modules being usable (depending
on module load order) and neither one functioning if one of them
is unloaded.
This changes the character for extb_usermode from 'm' to 'u'.
[ci skip]
2016-03-28 03:33:24 +01:00
William Pitcock
e3af723d23
m_cap: ensure that CAP parameters are properly initialized to zero
2016-02-28 19:08:03 -06:00
William Pitcock
e253d010ed
libratbox: gnutls: add gnutls 3.4 support ( closes #123 )
2016-01-24 14:52:40 -05:00
William Pitcock
1ce6270904
charybdis 3.5.0.
2016-01-05 19:49:18 -06:00
William Pitcock
25eeb5ed55
last pass at NEWS
2016-01-05 19:49:13 -06:00
William Pitcock
947d2bba47
extb_oper: allow matching $o:<privset> as well as $o:<permission> as in 3.4
2016-01-05 19:12:38 -06:00
William Pitcock
2daf18131c
chmode: sscanf(3) returns the number of items matched, so might as well use it
2016-01-05 19:06:05 -06:00
William Pitcock
90552e214c
chmode: properly validate chm_throttle mode parameters
2016-01-05 19:02:44 -06:00
William Pitcock
5810d36e0a
whois: privset disclosure: we do not need to check if source user is the same as target, because they will always be opered
2016-01-05 18:55:23 -06:00
William Pitcock
32d5702869
extensions: add the ability to hide uncommon channels in WHOIS, like in ircd-seven ( closes #6 )
2016-01-05 18:45:07 -06:00
William Pitcock
9e07c8f70b
whois: add a hook allowing for ShowChannel() behaviour to be overridden for channel visibility
2016-01-05 18:45:07 -06:00
Aaron Jones
5499771f0e
Fix erroneous comment
2016-01-01 09:31:55 +00:00
Juuso Lapinlampi
6eb0267a90
messages.h: Remove 900-902 IRCv3.1 SASL trailing period
...
The IRCv3.1 SASL specification [1] has been updated today, and brings a
level of consistency with the trailing periods (or the lack of).
This implements the change made in
ircv3/ircv3-specifications@6d2ca77ffd .
[1]: http://ircv3.net/specs/extensions/sasl-3.1.html
2015-12-30 12:51:48 +02:00
Aaron Jones
0e06053c33
Fix erroneous use of wrong string concatenation function
...
Avoids warning:
m_map.c:203:3: warning: implicit declaration of function ‘strlcat’
[-Wimplicit-function-declaration]
2015-12-30 08:34:27 +00:00
Aaron Jones
63b120e53f
Merge pull request #114 from grawity/tlstls
...
m_starttls: reject "STARTTLS" use over an existing TLS connection
2015-12-30 08:28:48 +00:00
Mantas Mikulėnas
2b17787939
m_starttls: reject "STARTTLS" use over an existing TLS connection
2015-12-30 09:28:53 +02:00
Jilles Tjoelker
f8d9a4c289
list: Remove a now obsolete comment.
2015-12-29 13:55:16 +01:00
William Pitcock
7e5f0af686
markdownify NEWS.md
2015-12-28 21:34:57 -06:00
Juuso Lapinlampi
e0160ec5a4
messages.h: Standardize 256 (RPL_ADMINME) with RFC 1459
...
RPL_ADMINME is a response the client receives using the ADMIN command.
Charybdis used to implement a non-standard version of this.
The RFC 1459 standard [1] says in section "6.2 Command responses.":
256 RPL_ADMINME
"<server> :Administrative info"
This commit corrects the behavior to follow the standard.
[1]: https://tools.ietf.org/html/rfc1459
2015-12-28 21:19:47 -06:00
JD Horelick
7d2c91e767
Update Git repo references to new organization
2015-12-28 16:01:07 -08:00
William Pitcock
4d38dd60ed
whois: bring permissions check in line with the same one in m_privs
2015-12-28 14:55:59 -06:00
William Pitcock
fb01429969
Merge pull request #112 from ProgVal/trailing-space
...
Remove trailing space in CAP ACK.
2015-12-28 11:14:37 -06:00
Valentin Lorentz
d855e13e01
Remove trailing space in CAP ACK.
...
Fixes https://github.com/atheme/charybdis/issues/110
2015-12-28 10:57:17 +01:00
William Pitcock
e00552d5ce
whois: cosmetic improvement to opered-as numeric
2015-12-28 01:38:13 -06:00
William Pitcock
0817ad4cd0
messages.h: fix numeric 320
2015-12-28 01:36:40 -06:00
William Pitcock
72ad5c04fe
whois: list active operator block and privset when appropriate
2015-12-28 01:33:09 -06:00
William Pitcock
c7b2fd3d66
MODE: allow 'q' banlist queries to bypass flood limits too
2015-12-28 00:48:46 -06:00
William Pitcock
0950390c77
version: update general copyright to 2016 since we will probably release later this week
2015-12-28 00:39:38 -06:00
William Pitcock
9603d01164
CREDITS: cosmetic updates
2015-12-28 00:31:03 -06:00
William Pitcock
6dedd21279
NEWS: last pass at updates for 3.5.0
2015-12-28 00:17:15 -06:00
William Pitcock
6dcf35b167
libratbox: don't build arc4random support if mbedtls is present. libratbox r29245
2015-12-27 21:21:33 -06:00
William Pitcock
5cc7ba2577
libratbox: fix scoping issue with alloca()'d buffer which could result in undefined behaviour.
...
this is ported from upstream libratbox r29267
2015-12-27 21:19:17 -06:00
William Pitcock
340b2512d4
sno_whois: fix resource leak, pointed out by mniip
2015-12-27 17:08:57 -06:00
William Pitcock
0b904d91bf
supported: move ISUPPORT tokens provided by modules to their specific modules:
...
- m_cmessage: CPRIVMSG/CNOTICE
- m_etrace: ETRACE
- m_knock: KNOCK
- m_services: FNC
- m_who: WHOX
2015-12-26 22:41:09 -06:00
William Pitcock
d513218a9e
LIST: allow channel display threshold to be configured ( closes #109 )
2015-12-26 22:23:28 -06:00