Commit graph

2951 commits

Author SHA1 Message Date
William Pitcock
b5b4a0e79b client: use sequential connection ids for ssld connections in ssld RPC, instead of the file descriptor
this avoids race conditions when a file descriptor is reused and an ssld worker has not acked that the previous
connection was closed, which results in the new client being kicked.
2015-12-12 05:20:51 -06:00
William Pitcock
94356462c0 ssld: use uint64_t explicitly when we want 64-bit counters 2015-12-12 04:51:43 -06:00
William Pitcock
74ff144d33 ssld: fix a type warning pointed out by clang 2015-12-12 04:50:35 -06:00
William Pitcock
6cd1aca7f1 ssld: take inbuf/outbuf out of global scope, since its unnecessary 2015-12-12 04:50:15 -06:00
William Pitcock
4952e40b7e newconf: fix error message on channel::autochanmodes 2015-12-12 00:33:46 -06:00
William Pitcock
5225f83df1 libratbox: import zstring functions 2015-12-11 15:56:33 -06:00
William Pitcock
63eb8567cb implement configurable channel modes (closes #31)
While functionally compatible with the implementation in ElementalIRCd, our approach is different,
specifically pre-calculating the bitmask at config load time.  This is more efficient, and allows us
to report errors as part of the configuration phase.
2015-12-11 15:36:53 -06:00
William Pitcock
bac8c4829f config.h.dist: resync with config.h (closes #14) 2015-12-11 12:14:34 -06:00
William Pitcock
7c16cc9085 libratbox: implement nossl variants of rb_get_ssl_certfp() and rb_get_ssl_cipher() 2015-12-11 08:36:21 -06:00
William Pitcock
42dbc23943 ssld: enable sending SSL cipher information if available 2015-12-11 08:32:19 -06:00
William Pitcock
833b2f9cbf libratbox: implement rb_get_ssl_cipher() 2015-12-11 08:32:02 -06:00
William Pitcock
427a8d5dbb WHOIS: use cipher string if available 2015-12-11 08:20:11 -06:00
William Pitcock
ebe33dbfab sslproc: set Client.localClient.cipher_string if sent by ssld 2015-12-11 08:19:50 -06:00
William Pitcock
196740c42b sslproc: likewise 2015-12-10 23:44:31 -06:00
William Pitcock
408a29c65a ssld: integrate some cleanups from ratbox 3.1 2015-12-10 23:40:24 -06:00
William Pitcock
d44660305f update NEWS documenting availability of combination extbans 2015-12-10 02:28:52 -06:00
William Pitcock
98c645cadb document extb_combi and extb_hostmask bans (closes #74) 2015-12-10 02:27:08 -06:00
William Pitcock
e2a9fa9cab extenions: add a $m: extban (ref #74) 2015-12-10 02:25:22 -06:00
William Pitcock
4ef511ebb8 import marienz's extb_combi module (ref #74) 2015-12-10 02:20:58 -06:00
William Pitcock
7801d174d7 Revert "extban: implement helper functions for stackable extbans (part 1) (ref #74)"
This reverts commit 304bd0d095.
2015-12-10 02:19:21 -06:00
William Pitcock
304bd0d095 extban: implement helper functions for stackable extbans (part 1) (ref #74) 2015-12-10 01:33:30 -06:00
William Pitcock
202d496644 override: only engage override code if we're needing to authorize a WRITE to a channel's state (closes #65) 2015-12-10 01:00:32 -06:00
William Pitcock
c7708a0994 ssld: update for protocol changes 2015-12-08 14:26:26 -06:00
William Pitcock
509088aaee update NEWS to note that CertFP methods are now configurable 2015-12-07 01:52:16 -06:00
William Pitcock
13d8f0edba allow certfp method to be configured 2015-12-07 01:49:30 -06:00
William Pitcock
772c95cc7a ssld: we only will continue supporting one fingerprint method at a time 2015-12-07 01:21:26 -06:00
William Pitcock
fced7b416b Merge branch 'master' of github.com:atheme/charybdis 2015-12-07 01:15:00 -06:00
Elizabeth Myers
e6bbb41030 Add ability to change CertFP hash.
Presently this only supports SHA1, as the machinery to actually change
the cipher is not hooked up to anything yet.
2015-12-07 01:14:02 -06:00
Elizabeth Myers
c33349ec21 Add ability to change CertFP hash.
Presently this only supports SHA1, as the machinery to actually change
the cipher is not hooked up to anything yet.
2015-12-07 01:11:12 -06:00
William Pitcock
653e3ca512 update copyright on NEWS (haha) 2015-12-05 07:18:35 -06:00
William Pitcock
354fd35126 update README 2015-12-05 07:09:52 -06:00
William Pitcock
6a49a3432f update NEWS a little more 2015-12-05 07:07:01 -06:00
William Pitcock
a7433e330a m_message: use same behaviour for +R users as +g users (closes #96) 2015-12-05 06:48:38 -06:00
William Pitcock
677d3cb1a3 mbedtls: implement rb_get_ssl_certfp() 2015-12-05 06:37:04 -06:00
William Pitcock
bbccb09a90 newconf: TLS listener ports should always be defer_accept
TLS clients are required to send ClientHello upon connection, the server may not reply with ServerHello until this has happened
2015-12-04 22:53:04 -06:00
William Pitcock
493897d67c mbedtls: use server certificate for client mode too 2015-12-04 22:42:10 -06:00
William Pitcock
162a91d6ed mbedtls: make client mode work too 2015-12-04 22:41:02 -06:00
William Pitcock
539d912b95 libratbox: fix up mbedtls backend 2015-12-04 00:01:40 -06:00
William Pitcock
fab6f9e80e libratbox: gnutls: we want to pass F, not F->fd to rb_listen() 2015-12-03 22:38:54 -06:00
William Pitcock
cd492e44b5 libratbox: initial cut at an mbedtls implementation, which will replace openssl and gnutls backends in charybdis 3.6
notably, it presently is lacking CertFP support, but everything else is implemented
2015-12-03 22:32:33 -06:00
William Pitcock
6f57a957b0 libratbox: prepare build system for mbed tls backend 2015-12-03 18:37:32 -06:00
William Pitcock
7f2cc0eacb Revert "supported: remove TARGMAX, nothing really uses it, and the information conveyed is useless anyway"
This reverts commit ff2f68e617.
2015-11-19 23:10:36 -06:00
William Pitcock
4a5330bb4d cap: implement ircv3.2 chghost cap 2015-11-19 22:53:55 -06:00
William Pitcock
583f064fef send: add negation argument to sendto_common_channels_local() and friends 2015-11-19 22:43:45 -06:00
William Pitcock
8e9e22b4d3 parse: handle_encap(): remove parv[0] initialization, anything using parv[0] should crash the ircd 2015-11-19 17:13:04 -06:00
William Pitcock
e77879b0f6 modules/m_resv: update comments since parv[0] is not used anymore 2015-11-19 17:12:07 -06:00
William Pitcock
ff2f68e617 supported: remove TARGMAX, nothing really uses it, and the information conveyed is useless anyway 2015-11-16 15:01:57 -06:00
Jilles Tjoelker
439bf4db58 monitor: Show 005 entry only if m_monitor.so is actually loaded.
This only affects the MONITOR=<max> entry, not TARGMAX=...,MONITOR:
which is harder to modify from a module.
2015-11-15 22:57:23 +01:00
Aaron Jones
0b05d1aad5
[libratbox] Remove an unused random function
Nothing in the Charybdis or libratbox code calls rb_get_pseudo_random
and under OpenSSL it uses RAND_pseudo_bytes() which is both dangerous
and removed in OpenSSL version 1.1.0.
2015-10-25 16:04:57 +00:00
Aaron Jones
25f7ee7dd6
Improve the versions of TLS used for server to server linking
When building against current OpenSSL (<= 1.0.2) or old LibreSSL
(< 2.2.2) the server will use TLSv1.0 only when connecting to other
servers.

This patch corrects that.
2015-10-23 16:08:15 +00:00