Aaron Jones
759835cf46
ssld: remove unused macros, avoid sign overflow in integer function argument
2016-06-01 20:54:12 +00:00
Aaron Jones
f5960b830b
[sslproc] Use certificate file if key file is not present
2016-05-05 04:10:57 +00:00
Aaron Jones
f831e92603
Fix possible crash when DH parameters are not provided
...
This has ssld calling strlen() on a NULL value
[ci ckip]
2016-05-03 17:49:00 +00:00
Simon Arlott
dc986b5468
sslproc: prefix SPKI certfp types to distinguish them from CERT
2016-04-25 20:12:27 +01:00
Simon Arlott
19d1853f71
ssld: remove init_prng command
...
This is no longer configurable so it's redundant.
2016-04-25 19:02:03 +01:00
Simon Arlott
4fbb736202
ssld: add a callback when the connection is opened
...
This allows us to wait until we have the fingerprint information before
continuing with a server connect process.
2016-04-24 11:48:35 +01:00
Simon Arlott
fbbc6aeb00
ssld: send cipher/certfp before proxying any plaintext traffic
2016-04-24 10:39:16 +01:00
Simon Arlott
cf430c1a40
ssld: Add new certfp_methods spki_sha256 and spki_sha512
...
These operate on the SubjectPublicKeyInfo of the certificate, which does
change unless the private key is changed. This allows the fingerprint to
stay constant even if the certificate is reissued.
(The same fingerprint is also used by DANE)
2016-04-23 22:51:05 +01:00
Simon Arlott
9e98a842e3
ssld: cipher commands don't have any fds
2016-04-23 22:46:25 +01:00
Simon Arlott
5a9fa2e2fa
ssld: certfp change commands don't have any fds
2016-04-23 20:46:26 +01:00
Matt Ullman
909346edb7
ssld: Remove left over function
2016-03-27 06:13:11 -04:00
William Pitcock
de7cf7e009
ircd: client: substantially rework the connid registry system
...
now connid's are allocated on demand and clients may have as many connid's as necessary.
this allows us to build chains of helpers while ensuring the ircd properly tracks and GCs the resources.
2016-03-25 19:50:29 -05:00
Matt Ullman
25a899651d
ssld: Move plain_check_cork() to a boolean
2016-03-24 13:52:16 -04:00
William Pitcock
d35870ee36
ssld: do not shadow openssl-internal symbol "ssl_ok" (yeah, i know)
2016-03-19 00:58:15 -05:00
Elizabeth Myers
503727d1ee
More bool conversions
2016-03-09 02:19:31 -06:00
Elizabeth Myers
1b7a47417b
Remove more $Id tags.
2016-03-06 02:58:32 -06:00
Elizabeth Myers
4dbb75ee84
Remove some leftover ircd-ratbox references.
2016-03-05 21:39:51 -06:00
Simon Arlott
e9ffc3c153
ssld: provide version in stats S output
2016-03-03 22:14:50 +00:00
Simon Arlott
26b83fa09d
ssld: fix format string warnings for statistics
...
Cast the uint64_t format arguments to unsigned long long as
that's what the format string specifies.
2016-02-11 21:58:44 +00:00
William Pitcock
c84003aeb5
ssld: we use uint8_t for IPC buffers, not char
2016-02-10 21:03:09 -06:00
Simon Arlott
7beaee5239
ssld: change_connid may be called with an unknown ID
...
If change_connid is called with an unknown ID, conn will be
NULL, check this with an assert and then respond by reporting
the new ID as closed instead of dereferencing a NULL pointer.
2016-02-10 21:22:50 +00:00
Valerii Iatsko
5203cba5ce
Remove libratbox's snprintf.c, update related ircd code
2016-02-10 02:25:32 +01:00
Valerii Iatsko
84b49742ad
ssld: fix memleak
...
same as r29199 ircd-ratbox:
free zlib_stream_t with the rest of the conn_t
2016-02-09 10:41:36 -06:00
William Pitcock
a5ddb7df2e
ssld: check conn->plain_fd when setting conn->plain_fd type to RB_FD_SOCKET
2015-12-16 07:32:12 -06:00
William Pitcock
c1725bda3c
ssl: allow cipher list to be overridden ( closes #67 )
2015-12-12 07:50:48 -06:00
William Pitcock
94356462c0
ssld: use uint64_t explicitly when we want 64-bit counters
2015-12-12 04:51:43 -06:00
William Pitcock
74ff144d33
ssld: fix a type warning pointed out by clang
2015-12-12 04:50:35 -06:00
William Pitcock
6cd1aca7f1
ssld: take inbuf/outbuf out of global scope, since its unnecessary
2015-12-12 04:50:15 -06:00
William Pitcock
42dbc23943
ssld: enable sending SSL cipher information if available
2015-12-11 08:32:19 -06:00
William Pitcock
408a29c65a
ssld: integrate some cleanups from ratbox 3.1
2015-12-10 23:40:24 -06:00
William Pitcock
c7708a0994
ssld: update for protocol changes
2015-12-08 14:26:26 -06:00
William Pitcock
772c95cc7a
ssld: we only will continue supporting one fingerprint method at a time
2015-12-07 01:21:26 -06:00
Elizabeth Myers
e6bbb41030
Add ability to change CertFP hash.
...
Presently this only supports SHA1, as the machinery to actually change
the cipher is not hooked up to anything yet.
2015-12-07 01:14:02 -06:00
Jail Bird
29c92cf95f
Spring cleaning redux:
...
- Implemented changes suggested by Jilles
- Remove some unused parameters in functions
- Remove some unused ssl procs
- 63-bit time_t support in TS deltas
- const char * vs char * cleanup
- struct alignment (void *) casts
- signed vs unsigned fixes
- bad memset() call
- Bad LT_MAIN in libratbox
- char -> unsigned char casts for isdigit/isspace/etc calls
Thanks Jilles!
2015-04-20 00:55:20 -05:00
Keith Buck
55abcbb20a
Remove trailing whitespace from all .c and .h files.
...
3134 bytes were removed.
2014-03-03 04:25:47 +00:00
William Pitcock
85e9bf4151
ssld: force the control buffer to be unsigned bytes except in special circumstances
...
This has the side effect of fixing GnuTLS.
2014-02-08 18:40:35 +00:00
William Pitcock
a7675ed255
ssld: Request fingerprint when connecting to the server, not just on inbound connections.
2010-12-14 21:28:35 -06:00
Jilles Tjoelker
7247337afa
Add certfp support to libratbox and ssld.
...
This lets a user connect with a client certificate, and
passes the certificate's fingerprint to ircd, which
currently just notices it to the user.
A new ssld->ircd message 'F' is used to pass on the
fingerprint.
This is only for OpenSSL for now, not GNUTLS.
2010-01-31 19:04:20 +01:00
Jilles Tjoelker
e99f612205
ssld: Fix an fd leak when closing connections.
...
Lightly tested.
2009-11-15 23:11:18 +01:00
Jilles Tjoelker
c03677e9be
ssld: Do not crash if not all fds in a message could be received.
...
Actually fill the mod_ctl_buf_t.nfds field.
2009-11-15 22:41:02 +01:00
Jilles Tjoelker
07c2bb757d
Fix close detection with ssl+zip, porting more code from ircd-ratbox.
...
This tells the SSL ssld to report connection closure to ircd
using the new fd.
2009-03-07 03:23:17 +01:00
Jilles Tjoelker
464b7606a8
ssld: Do not do redundant rb_setselect().
...
Apparently solaris devpoll/ports may have a problem
with this.
from ircd-ratbox (androsyn)
2009-03-03 22:32:18 +01:00
androsyn
0bd120ed48
[svn r26332] get rid of the zip ready stuff
2009-01-01 14:50:21 +03:00
Valeriy Yatsko
3202e24921
Copied libratbox and related stuff from shadowircd upstream.
2008-12-03 02:49:39 +03:00
Jilles Tjoelker
e27ac6024d
ssld: un #if 0 the /dev/null stuff out
2008-08-25 18:48:30 +02:00
Valery Yatsko
7edb4f163f
ssld synced with ircd-ratbox3 svn
2008-07-30 02:57:01 +04:00
Jilles Tjoelker
a444bb7837
Show reason for failed outgoing SSL handshakes to opers.
...
Also add a comment that ircd does not care about the
reason for failed incoming SSL handshakes.
ircd-ratbox r25651
2008-06-29 21:56:31 +02:00
Valery V Yatsko
4b6a4d479c
sync ssld with ratbox3 repository: now r25594 + charybdis related changes
2008-06-26 21:21:46 +04:00
Valery V Yatsko
21192997c1
Fix compilation without zlib headers present, from the ratbox3 upstream
2008-06-26 21:19:19 +04:00
Valery Yatsko
73d6283cfc
Importing r25217, r25219 and r25221 from ratbox3
2008-04-10 20:37:42 +04:00