9f21f1b353
the [manpage][] says: > unsigned int * cert_max > Initially must hold the maximum number of certs. It will be updated > with the number of certs available. ratbox doesn't actually initialize that variable, so gnutls naturally fails. i would also recommend considering dynamically allocating the cert list to deal with that error in other ways than failing to configured SSL completely in GnuTLS. the apache gnutls module has a similar problem and came up with a [patch][] to do exactly this which you may want to consider. but since our cert chain is only (!) 5 certs long, our itched is scratch by this particular patch. [manpage]: https://manpages.debian.org/jessie/gnutls-doc/gnutls_x509_crt_list_import.3.en.html [patch]: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=511573#35 |
||
---|---|---|
bandb | ||
doc | ||
extensions | ||
help | ||
include | ||
libratbox | ||
m4 | ||
modules | ||
scripts | ||
src | ||
ssld | ||
testsuite | ||
tools | ||
.gitignore | ||
.indent.pro | ||
.mailmap | ||
.travis.yml | ||
aclocal.m4 | ||
appveyor.yml | ||
configure | ||
configure.ac | ||
CREDITS | ||
GIT-Access | ||
INSTALL | ||
install-sh | ||
LICENSE | ||
Makefile.in | ||
NEWS.md | ||
README.md | ||
TODO |
charybdis
Charybdis is a reference implementation of the IRCv3.1 server component. It is meant to be used with an IRCv3-capable services implementation such as Atheme or Anope.
necessary requirements
- A supported platform
- A working dynamic load library.
- A working lex. Solaris /usr/ccs/bin/lex appears to be broken, on this system flex should be used.
feature specific requirements
-
For SSL/TLS client and server connections, one of:
- OpenSSL 1.0.0 or newer (--enable-openssl)
- LibreSSL (--enable-openssl)
- MbedTLS (--enable-mbedtls)
- GnuTLS (--enable-gnutls)
-
For certificate-based oper CHALLENGE, OpenSSL 1.0.0 or newer. (Using CHALLENGE is not recommended for new deployments, so if you want to use a different TLS library, feel free.)
-
For ECDHE under OpenSSL, on Solaris and RHEL/Fedora (and its derivatives such as CentOS) you will need to compile your own OpenSSL on these systems, as they have removed support for ECC/ECDHE. Alternatively, consider using another library (see above).
tips
-
To report bugs in charybdis, visit us at irc.charybdis.io #charybdis
-
Please read doc/index.txt to get an overview of the current documentation.
-
The files, /etc/services, /etc/protocols, and /etc/resolv.conf, SHOULD be readable by the user running the server in order for ircd to start with the correct settings. If these files are wrong, charybdis will try to use 127.0.0.1 for a resolver as a last-ditch effort.
-
FREEBSD USERS: if you are compiling with ipv6 you may experience problems with ipv4 due to the way the socket code is written. To fix this you must: "sysctl net.inet6.ip6.v6only=0"
-
SOLARIS USERS: this code appears to tickle a bug in older gcc and egcs ONLY on 64-bit Solaris7. gcc-2.95 and SunPro C on 64bit should work fine, and any gcc or SunPro compiled on 32bit.
-
SUPPORTED PLATFORMS: this code should compile without any warnings on:
- FreeBSD 10
- Gentoo & Gentoo Hardened ~x86/~amd64/~fbsd
- RHEL 6 / 7
- Debian Jessie
- OpenSuSE 11/12
- OpenSolaris 2008.x?
- Solaris 10 sparc.
Please let us know if you find otherwise.
It probably does not compile on AIX, IRIX or libc5 Linux.
-
Please read NEWS for information about what is in this release.
-
Other files recommended for reading: BUGS, INSTALL