0
0
Fork 0
mirror of https://github.com/matrix-construct/construct synced 2024-11-09 03:21:15 +01:00
Commit graph

131 commits

Author SHA1 Message Date
Aaron Jones
8a5fb52836
reference.conf: Document fingerprint generation
[ci skip]
2016-07-16 05:42:58 +00:00
William Pitcock
be2447b850 config: document websocket options 2016-05-14 17:24:20 -05:00
James Lu
cdc31cc55f doc: add extensions/chm_nonotice to example confs 2016-05-11 21:39:42 -07:00
Aaron Jones
9d6b870d7b
[Documentation] Increase bitlength recommendation for DH parameters
Also clarify the behaviour of TLS backends and the consequences for
not providing any parameters at all.

[ci skip]
2016-05-05 04:20:16 +00:00
Aaron Jones
70a70462e5
[Documentation] Reflect that ssl_private_key is now optional
[ci skip]
2016-05-05 04:20:07 +00:00
Simon Arlott
7380ded584
ircd.conf.example: use certfp_method = spki_sha256
SHA1 is insecure. SHA2-512 is a bit long. Hashes of the full certificate
are really impractical and people need to stop using them.
2016-04-25 23:52:18 +01:00
Simon Arlott
dc986b5468
sslproc: prefix SPKI certfp types to distinguish them from CERT 2016-04-25 20:12:27 +01:00
Simon Arlott
d4214e9445
ircd: server connection configuration
Fix the server connection configuration so that it can simultaneously
handle a hostname/IPv4/IPv6 for connecting and a hostname/IPv4/IPv6
for binding. Maintains backwards compatibility for matching a hostname
with a mask.

Multiple host/vhost entries can be specified and the last value for
each address family is stored. Hostnames that resolve automatically
overwrite the IP address.

Server connections can now be made to either IPv4 or IPv6 at random
as well as preferring a specific address family.
2016-04-24 17:06:24 +01:00
Simon Arlott
cf430c1a40
ssld: Add new certfp_methods spki_sha256 and spki_sha512
These operate on the SubjectPublicKeyInfo of the certificate, which does
change unless the private key is changed. This allows the fingerprint to
stay constant even if the certificate is reissued.

(The same fingerprint is also used by DANE)
2016-04-23 22:51:05 +01:00
Mantas Mikulėnas
3bb3dcf7f5
doc: fix whitespace in example configs [ci skip] 2016-04-23 17:57:07 +03:00
Elizabeth Myers
a2b7ef92a1 Make directions more clear for disabling OPM 2016-04-11 11:26:15 -05:00
Elizabeth Myers
cfb9253671 Update warnings in the opm default configs [ci skip] 2016-04-02 23:42:23 -05:00
Elizabeth Myers
4dbed1ed61 conf: in OPM, it's listen_port, not port. [ci skip] 2016-04-02 19:53:24 -05:00
Elizabeth Myers
eb0814b3cb opm: add support for HTTPS CONNECT proxies.
TBD: do we need an SSL listener for these?
2016-04-02 18:38:21 -05:00
Elizabeth Myers
0ed0a9fe0a Move m_locops module to extensions.
Many networks do not use local ops and therefore should not be required
to have this around all the time.
2016-04-02 05:20:30 -05:00
Elizabeth Myers
9bba0f6143 opm: add adjustable timeout values 2016-04-02 03:33:27 -05:00
Elizabeth Myers
fabe8b94c5 Add HTTP CONNECT proxy scanning 2016-04-02 03:11:30 -05:00
Elizabeth Myers
81a05933bf add proxy_exempt to conf files 2016-04-02 02:49:38 -05:00
Elizabeth Myers
51fa2ab8a3 opm: allow scanners to be configurable 2016-04-02 02:29:48 -05:00
Elizabeth Myers
8275e2700d Add opm stuff to default configs 2016-04-01 04:11:04 -05:00
Elizabeth Myers
f105844aad StaticBox is dead, so let's not reference it in the conf files. 2016-04-01 03:45:45 -05:00
Matt Ullman
5c0df0e743 doc: Cleanup trailing whitespace 2016-03-29 10:09:52 -04:00
Aaron Jones
ed2efe7664
Add extb_usermode module to example configuration files
[ci skip]
2016-03-28 03:29:57 +01:00
Aaron Jones
6c5fa2f6b3
Document extb_usermode module
[ci skip]
2016-03-28 03:28:12 +01:00
William Pitcock
1859e9d7d7 ircd: remove basically entirely pointless ServerInfo.hub (closes #167) 2016-03-19 23:05:07 -05:00
Elizabeth Myers
0e1f366732 reference.conf: fix me being an incompetent fuckwit.
Blind search and replace ruined this file. Remember to check your
regexes, people.
2016-03-12 20:27:37 -06:00
Elizabeth Myers
9abdcf1c64 modules: can .la suffix.
.la archives are prohibited by most Linux distributions because they
clutter up the linker. They may get caught up as victims in scripts that
purge .la files. Besides, .la files don't matter for simple loadable
modules on most systems.

So, what we do now instead is just use the platform suffix detected by
libtool.
2016-03-12 20:10:46 -06:00
Elizabeth Myers
a5c46d31e4 Ginormous docs cleanup.
Purge a lot of really old and obsolete documents, and merge some together
where possible. Lots of efnet docs and the old ircd-ratbox manpage (lol)
was purged.

Reorganise everything nice and neatly as possible. Things describing
features can be found in features/, and some more technical documents
were moved to techinical/.

Old credits file was consolidated into credits-past.txt, and a reference
was added to it in the credits.
2016-03-05 22:39:50 -06:00
William Pitcock
71c955336e ircd: add general::hide_opers_in_whois to simulate ircd-seven operhide 2016-01-15 13:38:40 -06:00
William Pitcock
4d21f1e8e0 extensions/helpops: new module, implementing a helpops system.
if loaded, this module takes over /stats p, and displays people who are umode +H.
to get umode +H, one must have the "usermode:helpops" permission.
2016-01-14 08:08:40 -06:00
William Pitcock
14482679ce ircd: channel: implement an option to strip color codes from channel topics 2016-01-13 17:05:41 -06:00
William Pitcock
e118f2d431 extensions/chm_operpeace: new module which disallows kicking of operators on select channels 2016-01-13 16:52:56 -06:00
William Pitcock
88c48be58c extensions/sno_globalnickchange: import from ircd-seven 2016-01-12 07:10:39 -06:00
William Pitcock
15feac531c ircd: implement support for remote module load/unload/etc commands 2016-01-12 00:37:54 -06:00
William Pitcock
cc7ae51cdc Allow remote DIE and RESTART (from ircd-seven) 2016-01-12 00:04:54 -06:00
William Pitcock
a4721f5e9f ircd: implement EXTENDCHANS, based on ircd-seven (with some improvements from chatircd) 2016-01-11 23:32:23 -06:00
William Pitcock
fe749d3709 ircd: implement GRANT subsystem based on ircd-seven 2016-01-11 23:02:03 -06:00
William Pitcock
d76258f559 modules: revert lt_dlopenext() change 2016-01-06 01:57:24 -06:00
William Pitcock
30da589e9e modules: use lt_dlopenext() to make the config look nicer 2016-01-06 01:33:33 -06:00
William Pitcock
0fa09b8024 documentation updates for libltdl 2016-01-05 21:41:03 -06:00
William Pitcock
d513218a9e LIST: allow channel display threshold to be configured (closes #109) 2015-12-26 22:23:28 -06:00
William Pitcock
c1725bda3c ssl: allow cipher list to be overridden (closes #67) 2015-12-12 07:50:48 -06:00
William Pitcock
63eb8567cb implement configurable channel modes (closes #31)
While functionally compatible with the implementation in ElementalIRCd, our approach is different,
specifically pre-calculating the bitmask at config load time.  This is more efficient, and allows us
to report errors as part of the configuration phase.
2015-12-11 15:36:53 -06:00
William Pitcock
98c645cadb document extb_combi and extb_hostmask bans (closes #74) 2015-12-10 02:27:08 -06:00
William Pitcock
13d8f0edba allow certfp method to be configured 2015-12-07 01:49:30 -06:00
Andrew Wilcox
5f8fb56d02 Revert "remove MONITOR for now pending a complete rewrite"
This reverts commit 87fa262fec.
2015-10-15 17:31:55 -05:00
William Pitcock
87fa262fec remove MONITOR for now pending a complete rewrite 2015-10-15 09:39:48 -05:00
Aaron Jones
c9b5cd623b Remove network_desc configuration option, never actually used anywhere 2015-03-26 14:46:54 -05:00
William Pitcock
bb2a50509a config: further EGD removal 2015-03-01 01:06:58 -06:00
Max Teufel
7d33cce8ef m_sasl: add configuration option for the nick of the SASL agent
This allows multiple improvements to m_sasl. With this change, the SASL
authentication gets aborted immediately when services are offline.
Additionally, we send the SASL ENCAP messages directly to the specified
SASL agent.
2015-02-14 20:31:25 +01:00