0
0
Fork 0
mirror of https://github.com/matrix-construct/construct synced 2024-11-16 06:51:08 +01:00
Commit graph

65 commits

Author SHA1 Message Date
Aaron Jones
f5960b830b
[sslproc] Use certificate file if key file is not present 2016-05-05 04:10:57 +00:00
Aaron Jones
f831e92603
Fix possible crash when DH parameters are not provided
This has ssld calling strlen() on a NULL value

[ci ckip]
2016-05-03 17:49:00 +00:00
Simon Arlott
dc986b5468
sslproc: prefix SPKI certfp types to distinguish them from CERT 2016-04-25 20:12:27 +01:00
Simon Arlott
19d1853f71
ssld: remove init_prng command
This is no longer configurable so it's redundant.
2016-04-25 19:02:03 +01:00
Simon Arlott
4fbb736202
ssld: add a callback when the connection is opened
This allows us to wait until we have the fingerprint information before
continuing with a server connect process.
2016-04-24 11:48:35 +01:00
Simon Arlott
fbbc6aeb00
ssld: send cipher/certfp before proxying any plaintext traffic 2016-04-24 10:39:16 +01:00
Simon Arlott
cf430c1a40
ssld: Add new certfp_methods spki_sha256 and spki_sha512
These operate on the SubjectPublicKeyInfo of the certificate, which does
change unless the private key is changed. This allows the fingerprint to
stay constant even if the certificate is reissued.

(The same fingerprint is also used by DANE)
2016-04-23 22:51:05 +01:00
Simon Arlott
9e98a842e3
ssld: cipher commands don't have any fds 2016-04-23 22:46:25 +01:00
Simon Arlott
5a9fa2e2fa
ssld: certfp change commands don't have any fds 2016-04-23 20:46:26 +01:00
Matt Ullman
909346edb7 ssld: Remove left over function 2016-03-27 06:13:11 -04:00
William Pitcock
de7cf7e009 ircd: client: substantially rework the connid registry system
now connid's are allocated on demand and clients may have as many connid's as necessary.
this allows us to build chains of helpers while ensuring the ircd properly tracks and GCs the resources.
2016-03-25 19:50:29 -05:00
Matt Ullman
25a899651d ssld: Move plain_check_cork() to a boolean 2016-03-24 13:52:16 -04:00
William Pitcock
d35870ee36 ssld: do not shadow openssl-internal symbol "ssl_ok" (yeah, i know) 2016-03-19 00:58:15 -05:00
Elizabeth Myers
503727d1ee More bool conversions 2016-03-09 02:19:31 -06:00
Elizabeth Myers
1b7a47417b Remove more $Id tags. 2016-03-06 02:58:32 -06:00
William Pitcock
c83f2f5e12 rename libratbox to librb, since its pretty modified anyway 2016-03-06 02:30:20 -06:00
Elizabeth Myers
4dbb75ee84 Remove some leftover ircd-ratbox references. 2016-03-05 21:39:51 -06:00
William Pitcock
9ea48ec30a remove presupplied autotools files 2016-03-05 17:47:48 -06:00
Simon Arlott
e9ffc3c153
ssld: provide version in stats S output 2016-03-03 22:14:50 +00:00
William Pitcock
c678fbc08b ircd: remove broken USE_IODEBUG_HOOKS knob and related code 2016-02-20 12:02:49 -06:00
Simon Arlott
26b83fa09d
ssld: fix format string warnings for statistics
Cast the uint64_t format arguments to unsigned long long as
that's what the format string specifies.
2016-02-11 21:58:44 +00:00
William Pitcock
c84003aeb5 ssld: we use uint8_t for IPC buffers, not char 2016-02-10 21:03:09 -06:00
Simon Arlott
7beaee5239
ssld: change_connid may be called with an unknown ID
If change_connid is called with an unknown ID, conn will be
NULL, check this with an assert and then respond by reporting
the new ID as closed instead of dereferencing a NULL pointer.
2016-02-10 21:22:50 +00:00
Valerii Iatsko
5203cba5ce Remove libratbox's snprintf.c, update related ircd code 2016-02-10 02:25:32 +01:00
Valerii Iatsko
84b49742ad ssld: fix memleak
same as r29199 ircd-ratbox:
free zlib_stream_t with the rest of the conn_t
2016-02-09 10:41:36 -06:00
William Pitcock
9e45a5ca19 buildsystem: further cleanup 2016-01-08 07:01:00 -06:00
William Pitcock
f0718c93d5 configure: use correct path for libltdl 2016-01-08 06:50:01 -06:00
William Pitcock
5164a68650 buildsystem: update Makefile.in's 2016-01-08 05:20:32 -06:00
Aaron Jones
d8c4154da2 Fix LTDL conditional, remove some unnecessary and/or ugly configure tests 2016-01-07 17:15:55 +00:00
Aaron Jones
eec2776c6c Fix some autotools discrepancies, disable SQLite threading code 2016-01-07 16:58:28 +00:00
William Pitcock
2a19fc3f57 general: remove last vestiges of static modules support (this hasn't ever actually worked...) 2016-01-06 01:28:20 -06:00
William Pitcock
c52df12552 buildsystem: convert to automake + libtool 2016-01-05 21:20:25 -06:00
William Pitcock
a5ddb7df2e ssld: check conn->plain_fd when setting conn->plain_fd type to RB_FD_SOCKET 2015-12-16 07:32:12 -06:00
William Pitcock
c1725bda3c ssl: allow cipher list to be overridden (closes #67) 2015-12-12 07:50:48 -06:00
William Pitcock
94356462c0 ssld: use uint64_t explicitly when we want 64-bit counters 2015-12-12 04:51:43 -06:00
William Pitcock
74ff144d33 ssld: fix a type warning pointed out by clang 2015-12-12 04:50:35 -06:00
William Pitcock
6cd1aca7f1 ssld: take inbuf/outbuf out of global scope, since its unnecessary 2015-12-12 04:50:15 -06:00
William Pitcock
42dbc23943 ssld: enable sending SSL cipher information if available 2015-12-11 08:32:19 -06:00
William Pitcock
408a29c65a ssld: integrate some cleanups from ratbox 3.1 2015-12-10 23:40:24 -06:00
William Pitcock
c7708a0994 ssld: update for protocol changes 2015-12-08 14:26:26 -06:00
William Pitcock
772c95cc7a ssld: we only will continue supporting one fingerprint method at a time 2015-12-07 01:21:26 -06:00
Elizabeth Myers
e6bbb41030 Add ability to change CertFP hash.
Presently this only supports SHA1, as the machinery to actually change
the cipher is not hooked up to anything yet.
2015-12-07 01:14:02 -06:00
Jail Bird
29c92cf95f Spring cleaning redux:
- Implemented changes suggested by Jilles
- Remove some unused parameters in functions
- Remove some unused ssl procs
- 63-bit time_t support in TS deltas
- const char * vs char * cleanup
- struct alignment (void *) casts
- signed vs unsigned fixes
- bad memset() call
- Bad LT_MAIN in libratbox
- char -> unsigned char casts for isdigit/isspace/etc calls

Thanks Jilles!
2015-04-20 00:55:20 -05:00
Keith Buck
55abcbb20a Remove trailing whitespace from all .c and .h files.
3134 bytes were removed.
2014-03-03 04:25:47 +00:00
William Pitcock
85e9bf4151 ssld: force the control buffer to be unsigned bytes except in special circumstances
This has the side effect of fixing GnuTLS.
2014-02-08 18:40:35 +00:00
Nathan Phillip Brink
634d4aad72 Fix inconsistency between --sysconfdir and --with-confdir, deprecate --with-confdir.
The inconsistency was created in
c74836dc4a where genssl.sh.in was made
to use sysconfdir while the IRCd and buildsystem still used confdir.
2012-03-02 01:11:42 +00:00
Nathan Phillip Brink
c74836dc4a Add explicit support for being installed into a system triggered with --enable-fhs-paths.
Add two mechanism for avoiding name-collisions in a system-wide
installation of charybdis. The ssld and bandb daemons, intended to be
directly used by ircd and not the user, install into libexec when
--enable-fhs-paths is set. For binaries which are meant to be in PATH
(bindir), such as ircd and viconf, there is now an option
--with-program-prefix=progprefix inspired by automake. If the user
specifies --with-program-prefix=charybdis, the ircd binary is named
charybdisircd when installed.

Add support for saving the pidfile to a rundir and storing the ban
database in localstatedir instead of in sysconfdir. This is, again,
conditional on --enable-fhs-paths.

Fix(?) genssl.sh to always write created SSL key/certificate/dh
parameters to the sysconfdir specified during ./configure. The
previous behavior was to assume that the user ran genssl.sh after
ensuring that his current working directory was either sysconfdir or a
sibling directory of sysconfdir.
2012-03-01 02:41:09 +00:00
William Pitcock
a7675ed255 ssld: Request fingerprint when connecting to the server, not just on inbound connections. 2010-12-14 21:28:35 -06:00
Jilles Tjoelker
7247337afa Add certfp support to libratbox and ssld.
This lets a user connect with a client certificate, and
passes the certificate's fingerprint to ircd, which
currently just notices it to the user.

A new ssld->ircd message 'F' is used to pass on the
fingerprint.

This is only for OpenSSL for now, not GNUTLS.
2010-01-31 19:04:20 +01:00
Jilles Tjoelker
e99f612205 ssld: Fix an fd leak when closing connections.
Lightly tested.
2009-11-15 23:11:18 +01:00