William Pitcock
6f57a957b0
libratbox: prepare build system for mbed tls backend
2015-12-03 18:37:32 -06:00
William Pitcock
7f2cc0eacb
Revert "supported: remove TARGMAX, nothing really uses it, and the information conveyed is useless anyway"
...
This reverts commit ff2f68e617
.
2015-11-19 23:10:36 -06:00
William Pitcock
4a5330bb4d
cap: implement ircv3.2 chghost cap
2015-11-19 22:53:55 -06:00
William Pitcock
583f064fef
send: add negation argument to sendto_common_channels_local() and friends
2015-11-19 22:43:45 -06:00
William Pitcock
8e9e22b4d3
parse: handle_encap(): remove parv[0] initialization, anything using parv[0] should crash the ircd
2015-11-19 17:13:04 -06:00
William Pitcock
e77879b0f6
modules/m_resv: update comments since parv[0] is not used anymore
2015-11-19 17:12:07 -06:00
William Pitcock
ff2f68e617
supported: remove TARGMAX, nothing really uses it, and the information conveyed is useless anyway
2015-11-16 15:01:57 -06:00
Jilles Tjoelker
439bf4db58
monitor: Show 005 entry only if m_monitor.so is actually loaded.
...
This only affects the MONITOR=<max> entry, not TARGMAX=...,MONITOR:
which is harder to modify from a module.
2015-11-15 22:57:23 +01:00
Aaron Jones
0b05d1aad5
[libratbox] Remove an unused random function
...
Nothing in the Charybdis or libratbox code calls rb_get_pseudo_random
and under OpenSSL it uses RAND_pseudo_bytes() which is both dangerous
and removed in OpenSSL version 1.1.0.
2015-10-25 16:04:57 +00:00
Aaron Jones
25f7ee7dd6
Improve the versions of TLS used for server to server linking
...
When building against current OpenSSL (<= 1.0.2) or old LibreSSL
(< 2.2.2) the server will use TLSv1.0 only when connecting to other
servers.
This patch corrects that.
2015-10-23 16:08:15 +00:00
Aaron Jones
3ae24413ca
Use new TLS method APIs with new LibreSSL
...
OpenBSD 5.8 includes LibreSSL 2.2.2, which finally brings the API up to
what they claim it is by implementing the new TLS client and server
method APIs. Therefore, in furtherance of commits a4c8c827
and 1a4e224a
we can build with the new APIs if building against (real) OpenSSL 1.1.0
or LibreSSL 2.2.2.
Reported-by: Juuso Lapinlampi <wub@partyvan.eu>
2015-10-23 16:05:33 +00:00
William Pitcock
172b58fee9
Merge pull request #106 from awilfox/master
...
Fix MONITOR C
2015-10-15 18:05:38 -05:00
Andrew Wilcox
7a40c9a5b4
monitor: don't use already-freed pointer, unlike the moronic atheme developers
2015-10-15 17:32:02 -05:00
Andrew Wilcox
5f8fb56d02
Revert "remove MONITOR for now pending a complete rewrite"
...
This reverts commit 87fa262fec
.
2015-10-15 17:31:55 -05:00
William Pitcock
87fa262fec
remove MONITOR for now pending a complete rewrite
2015-10-15 09:39:48 -05:00
William Pitcock
d09bde15a1
monitor: additional cleanup pointed out by mr_flea
2015-10-11 19:32:31 -05:00
William Pitcock
7485e86073
monitor: additional cleanups, and add a missing free_monitor() in m_monitor
2015-10-11 19:11:01 -05:00
William Pitcock
d5f856c68e
monitor: fix the resource leak properly, unlike the moronic elemental-ircd developers
2015-10-11 18:48:53 -05:00
Jilles Tjoelker
dd64bf8dad
Fix build on glibc (no strlcpy).
2015-10-01 22:55:07 +02:00
Jilles Tjoelker
0e17ce0612
Use new info when sending away-notify after QJM.
2015-09-20 15:20:05 +02:00
Jilles Tjoelker
b4a7304c94
s_conf: Split out a function.
2015-09-13 22:59:03 +02:00
Jilles Tjoelker
df3de4e913
kqueue: Remove unnecessary cast.
2015-09-13 22:59:03 +02:00
Jilles Tjoelker
2125182293
Remove the unneeded username parameter to register_local_user().
2015-09-13 22:59:03 +02:00
Jilles Tjoelker
83e5941c87
Check CIDR ban IP address for validity.
...
Otherwise, we compare to uninitialized stack data. This is wrong but seems
harmless.
Closes #103
2015-09-13 22:59:03 +02:00
William Pitcock
00fda7b7bd
Merge pull request #101 from Elizafox/master
...
Relocate report_Klines to proper home
2015-08-08 18:41:32 -04:00
Elizabeth Myers
34c10ca8b7
Relocate report_Klines to proper home
...
This function is not used anywhere else but m_stats, so should be put
there.
2015-08-08 17:25:29 -05:00
Mantas Mikulėnas
61815bf932
Merge pull request #100 from Mkaysi/readme
...
Update NEWS & README.md
2015-07-14 12:50:37 +03:00
Mikaela Suomalainen
61f156ba67
Update NEWS & README.md
...
* Point to irc.freenode.net instead of irc.atheme.org. I know that it's
CNAME to chat, but I think it's preferable to use the irc. subdomain
to make it clear that it's IRC.
* Point to GitHub issue tracker instead of bugs-meta.atheme.org that
doesn't exist
* Remove mentioning of BUGS file and change README.FIRST to README.md as
the first doesn't exist and I think they are the same file.
2015-07-14 12:40:24 +03:00
William Pitcock
23e6a59007
Merge pull request #95 from jailbird777/master
...
Spring cleaning redux
2015-07-06 17:13:50 -05:00
William Pitcock
98c8a3e987
Merge pull request #89 from prgmrbill/add-channel-mode-s-help-cmode
...
Adds extension channel modes to help/opers/cmode
2015-07-06 17:13:12 -05:00
Aaron Jones
1a4e224a4e
LibreSSL have far advanced OPENSSL_VERSION_NUMBER beyond the
...
feature set they support (2.0 even!), deliberately breaking
backward compatibility. Therefore, in order to fix a regression
introduced by commit a4c8c827
with regard to LibreSSL's stupidity,
unconditionally use the old TLS API if building against LibreSSL.
2015-06-25 13:57:07 +00:00
Aaron Jones
cb266283f8
libratbox/openssl: Set explicit cipher list for the client context aswell
...
This is in furtherance of commits 9799bea4
and 1f384464
and addresses
any potential vulnerability to LogJam <https://weakdh.org/ >
2015-05-20 16:41:34 +00:00
Aaron Jones
c86f11da1c
Fix regression introduced by previous commit
...
I really shouldn't copy and paste code.
2015-05-20 10:39:04 +00:00
Aaron Jones
a4c8c82703
Tidy up OpenSSL options code, support new version-agnostic client and server APIs
2015-05-20 02:27:59 +00:00
Jail Bird
29c92cf95f
Spring cleaning redux:
...
- Implemented changes suggested by Jilles
- Remove some unused parameters in functions
- Remove some unused ssl procs
- 63-bit time_t support in TS deltas
- const char * vs char * cleanup
- struct alignment (void *) casts
- signed vs unsigned fixes
- bad memset() call
- Bad LT_MAIN in libratbox
- char -> unsigned char casts for isdigit/isspace/etc calls
Thanks Jilles!
2015-04-20 00:55:20 -05:00
Aaron Jones
32fb589528
Misc code cleanups
...
* src/packet.c: Remove a dead store
* src/res.c: Remove a dead store
* src/sslproc.c: Remove a dead store
* src/sslproc.c: Don't call the same accessor twice
These silence some fairly harmless compiler warnings
2015-03-27 23:07:20 +00:00
Aaron Jones
cf3b152547
INFO: Be easier on human eyes
2015-03-26 14:47:36 -05:00
Aaron Jones
c9b5cd623b
Remove network_desc configuration option, never actually used anywhere
2015-03-26 14:46:54 -05:00
William Pitcock
c7e38ca917
Merge pull request #92 from aaronmdjones/master
...
Use accessor function for certificate fingerprint, allow fingerprint generation for chained unknown roots
2015-03-24 12:31:24 -05:00
Aaron Jones
614502a63c
Generate fingerprints for chained certificates with an unknown root
2015-03-24 05:25:38 +00:00
Aaron Jones
d3806d0503
Use X509_digest() instead of memcpy() to obtain cert fingerprint
...
This will continue to work even if the OpenSSL developers make the
X509* structure opaque, the current approach will not.
2015-03-24 05:22:25 +00:00
William Pitcock
7dade6a811
cap: missed a spot on =sticky caps removal
2015-03-22 21:08:05 -05:00
William Pitcock
c021aafd66
ircd manpage: remove references to ircd.conf(5) ( closes #91 )
2015-03-22 16:42:11 -05:00
William Pitcock
a8b4d6d6b5
Merge pull request #90 from aaronmdjones/master
...
Update ciphersuite string to prohibit RC4
2015-03-22 16:36:04 -05:00
Aaron Jones
1f384464fa
Update ciphersuite string to prohibit RC4
...
This is in accordance with RFC 7465
<https://tools.ietf.org/html/rfc7465 >
Also correct the key exchange mechanism strings; these should be
prefixed with 'k'.
2015-03-22 06:14:39 +00:00
PrgmrBill
bba82e6026
Updates format to match help/users/umode
...
Instead of adding a new section I made it look like the example from help/users/umode.
2015-03-17 16:39:25 -04:00
PrgmrBill
027c425c78
Adds a new section for extension channel modes
...
Adds new section - "FROM EXTENSIONS". These channel modes may not be available if the related extension is not loaded.
2015-03-17 15:19:14 -04:00
PrgmrBill
4e358381fb
Wraps long lines + adds TLS
...
- Fixes long line by wrapping
- Adds TLS as charybdis now has SSL_OP_NO_SSLv3
2015-03-17 15:06:56 -04:00
PrgmrBill
0ab8263ff0
Adds SSL only channel mode
...
Adds +S channel mode - Only users connected via SSL may join the channel while this mode is set. Users already in the channel are not affected.
2015-03-17 14:57:55 -04:00
William Pitcock
aaaf9faf1d
cap: sasl is now enforced as sticky again
2015-03-10 08:21:46 -05:00