Otherwise we'd send the * on to services as actual data, which is likely
to fail to decode it (it's not valid Base-64) and reply with an SASL ...
D F which will result in us sending a 904 numeric instead of a 906.
cf. https://github.com/ircv3/ircv3-specifications/pull/298#issuecomment-271336287
Reported-By: James Wheare
ratbox_lib.c:159:1: warning: function 'rb_lib_restart' could be declared
with attribute 'noreturn' [-Wmissing-noreturn]
ratbox_lib.c:220:1: warning: function 'rb_lib_loop' could be declared
with attribute 'noreturn' [-Wmissing-noreturn]
restart.c:55:1: warning: function 'server_reboot' could be declared with
attribute 'noreturn' [-Wmissing-noreturn]
core/m_server.c:138:3: warning: 'break' will never be executed
[-Wunreachable-code-break]
(... and 3 more of the same)
Why put an unreachable comment in the code *and then write a
statement following it* ? O_o
m_stats.c:181:22: warning: this function declaration is not a prototype
[-Wstrict-prototypes]
m_stats.c:1502:24: warning: format string is not a string literal
[-Wformat-nonliteral]
(... and 2 more of the same)
When certificate validation fails, the certificate fingerprint won't be
calculated, resulting in an attempt to format NULL into a log line
showing the fingerprint. Instead, add a different error message for
missing fingerprint (i.e. validation failed).
Add REHASH SSLD (admins only) that starts new sslds and marks the
existing ones as inactive until all their clients disconnect.
Very useful whenever the SSL library has a vulnerability because
new connections can use a new version of the library without
disconnecting existing clients/servers.
Add STATS S (admins only) to list ssld processes, status, and client
count.
The CHALLENGE functionality will set opername but not privset --
if an oper performs a WHOIS on someone currently half-way through
a challenge we will perform a NULL dereference.
Related to ircd-seven commit d7b05f7583babf6
This is a FIX FOR A SECURITY VULNERABILITY. All Charybdis users must
apply this fix if you support SASL on your servers, or unload m_sasl.so
in the meantime.
While functionally compatible with the implementation in ElementalIRCd, our approach is different,
specifically pre-calculating the bitmask at config load time. This is more efficient, and allows us
to report errors as part of the configuration phase.