mirror of
https://github.com/matrix-construct/construct
synced 2025-01-17 01:51:53 +01:00
No description
784ce5c1cc
SSL_OP_NO_COMPRESSION was presumably added in an attempt to prevent information leakage in a manner similar to recent attacks on HTTPS. However, assuming that IRC is vulnerable to the same class of attacks is incorrect: the behavior of the IRC protocol (a single long-running connection) is not the same as that of HTTPS (multiple ephemeral connections). HTTPS's use of ephemeral connections means that certain assumptions can be made about the contents of the compression algorithm's dictionaries and the content exchanged between the client and server (e.g. the content being nearly the same for each connection), which is not true for IRC. Additionally, they rely on the attacker being able to coerce the client into creating many HTTPS connections (and resending some secret token belonging to the user, along with attacker-controlled data) each time, none of which is possible with IRC. Lastly, since compression is no longer performed, this option will result in leaking the lengths of messages transmitted to and from the client. This option does reduce CPU utilization on Charybdis servers but also increases bandwidth consumed. |
||
|---|---|---|
| bandb | ||
| doc | ||
| extensions | ||
| help | ||
| include | ||
| libratbox | ||
| modules | ||
| scripts | ||
| src | ||
| ssld | ||
| testsuite | ||
| tools | ||
| .gitignore | ||
| .indent.pro | ||
| .mailmap | ||
| aclocal.m4 | ||
| configure | ||
| configure.ac | ||
| CREDITS | ||
| GIT-Access | ||
| INSTALL | ||
| install-sh | ||
| LICENSE | ||
| Makefile.in | ||
| NEWS | ||
| README.FIRST | ||
| TODO | ||
******************************* IMPORTANT *************************************
*********** Note for those who dont bother reading docs *****************
* - Reading INSTALL is now a must, as the old DPATH is now specified *
* when configure is run. *
* You now need to ./configure --prefix="/path/to/install/it" *
* to specify the path that will be installed with your ircd! *
*************************************************************************
ALSO, IF YOU ARE UPGRADING YOUR CURRENT SOURCE TREE, AND YOU TRY TO BUILD
IN IT WITHOUT PERFORMING AT LEAST 'make clean', THINGS _WILL_ BREAK. IT IS
RECOMMENDED THAT YOU RUN 'make distclean' AND THEN RERUN './configure'!
******************************* REQUIREMENTS **********************************
Necessary Requirements:
- A supported platform (look below)
- A working dynamic load library.
- A working lex. Solaris /usr/ccs/bin/lex
appears to be broken, on this system flex
should be used.
Feature Specific Requirements:
- For SSL Clients, SSL Challenge controlled OPER feature, and encrypted server links,
a working OpenSSL library or GnuTLS library. CHALLENGE is not supported on GnuTLS
yet.
- For encrypted oper and (optional) server passwords, a working DES, MD5, or SHA library
implementing crypt().
- For ECDHE, OpenSSL 1.0.0 or newer is required. RHEL/Fedora and derivatives like CentOS
will need to compile OpenSSL from source, as ECC/ECDHE-functionality is removed from
the OpenSSL package in these distributions.
*******************************************************************************
- To report bugs in charybdis, visit us at irc.atheme.org #charybdis
- See the INSTALL document for info on configuring and compiling
charybdis.
- Please read doc/index.txt to get an overview of the current documentation.
- The files, /etc/services, /etc/protocols, and /etc/resolv.conf, SHOULD be
readable by the user running the server in order for ircd to start with
the correct settings. If these files are wrong, charybdis will try to use
127.0.0.1 for a resolver as a last-ditch effort.
- FREEBSD USERS: if you are compiling with ipv6 you may experience
problems with ipv4 due to the way the socket code is written. To
fix this you must: "sysctl net.inet6.ip6.v6only=0"
- SOLARIS USERS: this code appears to tickle a bug in older gcc and
egcs ONLY on 64-bit Solaris7. gcc-2.95 and SunPro C on 64bit should
work fine, and any gcc or SunPro compiled on 32bit.
- DARWIN AND MACOS X USERS: You must be using at least the December 2001
Development Tools from Apple to build charybdis with shared modules.
Before then you MUST disable shared modules, as we do not have the proper
flags for cc(1) prior to that point to produce shared modules.
- SUPPORTED PLATFORMS: this code should compile without any warnings on:
FreeBSD 6.x/7.x,
Gentoo & Gentoo Hardened ~x86/~amd64/~fbsd
Fedora 8/9 / CentOS 4/5 / Redhat Enterprise 5
Debian Etch,
OpenSuSE 10/11,
OpenSolaris 2008.x?
Solaris 10 sparc.
Please let us know if you find otherwise.
It probably does not compile on AIX, IRIX or libc5 Linux.
- TESTED PLATFORMS: The code has been tested on the following platforms, and
is known to run properly.
FreeBSD 6.x/7.x
Linux glibc-2.6, glibc-2.7
Solaris 2.6/7/8
OpenBSD 2.8
NetBSD 1.4
- Please read NEWS for information about what is in this release.
- Other files recommended for reading: BUGS, INSTALL