we do this by removing the uname usage everywhere: it is not actually
used at runtime at all.
we keep the timestamp, because it is actually used in user_welcome()
but allow it to be overriden.
ideally, that timestamp would be completely removed, but I am not sure
what to put in its place, or if it would break some mysterious RFC (or
client!) if we remove that announcement.
When events are scheduled to run at a random +/- 1/3rd of the specified
frequency it can vary considerably for the longer timers (particularly
try_connections), so adjust the frequency to a different random interval
of the original frequency every time the event runs.
AC_LANG_PROGRAM needs to be quoted when used within AC_*_IFELSE:
https://lists.gnu.org/archive/html/bug-autoconf/2011-04/msg00017.html
This fixes the following warnings:
$ autoreconf
configure.ac:298: warning: AC_LANG_CONFTEST: no AC_LANG_SOURCE call detected in body
../../lib/autoconf/lang.m4:193: AC_LANG_CONFTEST is expanded from...
../../lib/autoconf/general.m4:2729: _AC_RUN_IFELSE is expanded from...
../../lib/m4sugar/m4sh.m4:639: AS_IF is expanded from...
../../lib/autoconf/general.m4:2748: AC_RUN_IFELSE is expanded from...
configure.ac:298: the top level
configure.ac:593: warning: AC_LANG_CONFTEST: no AC_LANG_SOURCE call detected in body
../../lib/autoconf/lang.m4:193: AC_LANG_CONFTEST is expanded from...
../../lib/autoconf/general.m4:2661: _AC_LINK_IFELSE is expanded from...
../../lib/autoconf/general.m4:2678: AC_LINK_IFELSE is expanded from...
configure.ac:593: the top level
...
configure.ac:309: warning: AC_LANG_CONFTEST: no AC_LANG_SOURCE call detected in body
../../lib/autoconf/lang.m4:193: AC_LANG_CONFTEST is expanded from...
../../lib/autoconf/general.m4:2729: _AC_RUN_IFELSE is expanded from...
../../lib/m4sugar/m4sh.m4:639: AS_IF is expanded from...
../../lib/autoconf/general.m4:2748: AC_RUN_IFELSE is expanded from...
configure.ac:309: the top level
...
Nothing in the Charybdis or libratbox code calls rb_get_pseudo_random
and under OpenSSL it uses RAND_pseudo_bytes() which is both dangerous
and removed in OpenSSL version 1.1.0.
When building against current OpenSSL (<= 1.0.2) or old LibreSSL
(< 2.2.2) the server will use TLSv1.0 only when connecting to other
servers.
This patch corrects that.
OpenBSD 5.8 includes LibreSSL 2.2.2, which finally brings the API up to
what they claim it is by implementing the new TLS client and server
method APIs. Therefore, in furtherance of commits a4c8c827 and 1a4e224a
we can build with the new APIs if building against (real) OpenSSL 1.1.0
or LibreSSL 2.2.2.
Reported-by: Juuso Lapinlampi <wub@partyvan.eu>
feature set they support (2.0 even!), deliberately breaking
backward compatibility. Therefore, in order to fix a regression
introduced by commit a4c8c827 with regard to LibreSSL's stupidity,
unconditionally use the old TLS API if building against LibreSSL.
- Implemented changes suggested by Jilles
- Remove some unused parameters in functions
- Remove some unused ssl procs
- 63-bit time_t support in TS deltas
- const char * vs char * cleanup
- struct alignment (void *) casts
- signed vs unsigned fixes
- bad memset() call
- Bad LT_MAIN in libratbox
- char -> unsigned char casts for isdigit/isspace/etc calls
Thanks Jilles!
This is in accordance with RFC 7465
<https://tools.ietf.org/html/rfc7465>
Also correct the key exchange mechanism strings; these should be
prefixed with 'k'.
