diff --git a/Makefile.in b/Makefile.in index c8d7a59a7..a9427bc36 100644 --- a/Makefile.in +++ b/Makefile.in @@ -212,7 +212,7 @@ install: all ln -s "@CONFDIR@/tls" "@CONFDIR@/ssl" ; \ fi $(INSTALL) -m 0700 -d @CONFDIR@/tls - $(INSTALL) -m 0600 doc/conf/ssl/curl-ca-bundle.crt @CONFDIR@/ssl + $(INSTALL) -m 0600 doc/conf/tls/curl-ca-bundle.crt @CONFDIR@/tls @# delete modules/cap directory, to avoid confusing with U4 to U5 upgrades: rm -rf @MODULESDIR@/cap $(INSTALL) -m 0700 -d @MODULESDIR@/third @@ -224,10 +224,10 @@ install: all $(INSTALL) -m 0700 -d @CACHEDIR@ $(INSTALL) -m 0700 -d @PERMDATADIR@ $(INSTALL) -m 0700 -d @LOGDIR@ - -@if [ ! -f "@CONFDIR@/ssl/server.cert.pem" ] ; then \ - $(INSTALL) -m 0600 server.req.pem @CONFDIR@/ssl ; \ - $(INSTALL) -m 0600 server.key.pem @CONFDIR@/ssl ; \ - $(INSTALL) -m 0600 server.cert.pem @CONFDIR@/ssl ; \ + -@if [ ! -f "@CONFDIR@/tls/server.cert.pem" ] ; then \ + $(INSTALL) -m 0600 server.req.pem @CONFDIR@/tls ; \ + $(INSTALL) -m 0600 server.key.pem @CONFDIR@/tls ; \ + $(INSTALL) -m 0600 server.cert.pem @CONFDIR@/tls ; \ fi @echo '' @echo '* UnrealIRCd is now installed.' @@ -254,12 +254,12 @@ install: all echo 'Again, be sure to change to the @SCRIPTDIR@ directory!' ; \ fi -pem: extras/ssl.cnf +pem: extras/tls.cnf @echo "Generating server key..." $(OPENSSLPATH) ecparam -out server.key.pem -name secp384r1 -genkey @echo "Generating certificate request..." $(OPENSSLPATH) req -new \ - -config extras/ssl.cnf -sha256 -out server.req.pem \ + -config extras/tls.cnf -sha256 -out server.req.pem \ -key server.key.pem -nodes @echo "Generating self-signed certificate..." $(OPENSSLPATH) req -x509 -days 3650 -sha256 -in server.req.pem \ diff --git a/Makefile.windows b/Makefile.windows index 574bc507b..959a3ba6f 100644 --- a/Makefile.windows +++ b/Makefile.windows @@ -45,14 +45,14 @@ MT=mt # ### END REMOTE INCLUDES ## -####### SSL SUPPORT ###### +####### SSL/TLS SUPPORT (MANDATORY) ###### #Use LibreSSL or OpenSSL. Define paths and libraries: #LIBRESSL_INC_DIR="c:\dev\libressl\include" #LIBRESSL_LIB_DIR="c:\dev\libressl\lib" #SSLLIB=libcrypto-38.lib libssl-39.lib libtls-11.lib #The version numbers of the 3 libraries in the last line change #every libressl release. So be sure to update after any libressl upgrade. -######### END SSL ######## +######### END SSL/TLS ######## ###### _EXTRA_ DEBUGGING ##### # We always build releases with debugging information, since otherwise @@ -156,7 +156,7 @@ EXP_OBJ_FILES=SRC/CHANNEL.OBJ SRC/SEND.OBJ SRC/SOCKET.OBJ \ SRC/SERV.OBJ SRC/USER.OBJ \ SRC/VERSION.OBJ SRC/KLINE.OBJ SRC/EXTRA.OBJ SRC/IRCSPRINTF.OBJ \ SRC/SCACHE.OBJ SRC/RES.OBJ SRC/MODULES.OBJ \ - SRC/ALIASES.OBJ SRC/EVENTS.OBJ SRC/UMODES.OBJ SRC/AUTH.OBJ SRC/SSL.OBJ \ + SRC/ALIASES.OBJ SRC/EVENTS.OBJ SRC/UMODES.OBJ SRC/AUTH.OBJ SRC/TLS.OBJ \ SRC/RANDOM.OBJ SRC/EXTCMODES.OBJ SRC/MODDATA.OBJ SRC/UID.OBJ SRC/MEMPOOL.OBJ \ SRC/DISPATCH.OBJ SRC/MD5.OBJ SRC/API-ISUPPORT.OBJ SRC/API-COMMAND.OBJ \ SRC/API-CLICAP.OBJ SRC/API-MTAG.OBJ SRC/API-HISTORY-BACKEND.OBJ \ @@ -504,8 +504,8 @@ src/api-mtag.obj: src/api-mtag.c $(INCLUDES) src/api-history-backend.obj: src/api-history-backend.c $(INCLUDES) $(CC) $(CFLAGS) src/api-history-backend.c -src/ssl.obj: src/ssl.c $(INCLUDES) - $(CC) $(CFLAGS) src/ssl.c +src/tls.obj: src/tls.c $(INCLUDES) + $(CC) $(CFLAGS) src/tls.c src/crypt_blowfish.obj: src/crypt_blowfish.c $(INCLUDES) $(CC) $(CFLAGS) src/crypt_blowfish.c diff --git a/doc/conf/ssl/curl-ca-bundle.crt b/doc/conf/tls/curl-ca-bundle.crt similarity index 100% rename from doc/conf/ssl/curl-ca-bundle.crt rename to doc/conf/tls/curl-ca-bundle.crt diff --git a/extras/ssl.cnf b/extras/tls.cnf similarity index 100% rename from extras/ssl.cnf rename to extras/tls.cnf diff --git a/include/ssl.h b/include/ssl.h deleted file mode 100644 index 906dc39f1..000000000 --- a/include/ssl.h +++ /dev/null @@ -1,22 +0,0 @@ -extern MODVAR SSL_CTX *ctx; -extern MODVAR SSL_CTX *ctx_server; -extern MODVAR SSL_CTX *ctx_client; - -extern SSL_METHOD *meth; -extern int early_init_ssl(); -extern int init_ssl(); -extern int ssl_handshake(aClient *); /* Handshake the accpeted con.*/ -extern int ssl_client_handshake(aClient *, ConfigItem_link *); /* and the initiated con.*/ -extern int ircd_SSL_accept(aClient *acptr, int fd); -extern int ircd_SSL_connect(aClient *acptr, int fd); -extern int SSL_smart_shutdown(SSL *ssl); -extern void ircd_SSL_client_handshake(int, int, void *); -extern void SSL_set_nonblocking(SSL *s); -extern SSL_CTX *init_ctx(TLSOptions *tlsoptions, int server); - -#define TLS_PROTOCOL_TLSV1 0x0001 -#define TLS_PROTOCOL_TLSV1_1 0x0002 -#define TLS_PROTOCOL_TLSV1_2 0x0004 -#define TLS_PROTOCOL_TLSV1_3 0x0008 - -#define TLS_PROTOCOL_ALL 0xffff diff --git a/include/struct.h b/include/struct.h index 9c5587ea3..303081b67 100644 --- a/include/struct.h +++ b/include/struct.h @@ -1784,7 +1784,28 @@ extern MODVAR char *gnulicense[]; #define isexcept void -#include "ssl.h" +extern MODVAR SSL_CTX *ctx; +extern MODVAR SSL_CTX *ctx_server; +extern MODVAR SSL_CTX *ctx_client; + +extern SSL_METHOD *meth; +extern int early_init_ssl(); +extern int init_ssl(); +extern int ssl_handshake(aClient *); /* Handshake the accpeted con.*/ +extern int ssl_client_handshake(aClient *, ConfigItem_link *); /* and the initiated con.*/ +extern int ircd_SSL_accept(aClient *acptr, int fd); +extern int ircd_SSL_connect(aClient *acptr, int fd); +extern int SSL_smart_shutdown(SSL *ssl); +extern void ircd_SSL_client_handshake(int, int, void *); +extern void SSL_set_nonblocking(SSL *s); +extern SSL_CTX *init_ctx(TLSOptions *tlsoptions, int server); + +#define TLS_PROTOCOL_TLSV1 0x0001 +#define TLS_PROTOCOL_TLSV1_1 0x0002 +#define TLS_PROTOCOL_TLSV1_2 0x0004 +#define TLS_PROTOCOL_TLSV1_3 0x0008 + +#define TLS_PROTOCOL_ALL 0xffff struct Command { aCommand *prev, *next; diff --git a/src/Makefile.in b/src/Makefile.in index 469752ef8..5dc59e633 100644 --- a/src/Makefile.in +++ b/src/Makefile.in @@ -26,7 +26,7 @@ OBJS=res.o bsd.o auth.o channel.o cloak.o crule.o dbuf.o \ match.o modules.o packet.o parse.o mempool.o operclass.o \ conf_preprocessor.o conf.o debug.o dispatch.o err.o extra.o kline.o \ misc.o numeric.o serv.o aliases.o $(STRTOUL) socket.o \ - ssl.o user.o scache.o send.o support.o umodes.o \ + tls.o user.o scache.o send.o support.o umodes.o \ version.o whowas.o random.o extcmodes.o moddata.o uid.o \ extbans.o api-isupport.o api-command.o api-clicap.o api-mtag.o \ api-history-backend.o md5.o crypt_blowfish.o updconf.o crashreport.o \ @@ -47,7 +47,7 @@ INCLUDES = ../include/auth.h ../include/channel.h \ ../include/modules.h ../include/modversion.h ../include/msg.h \ ../include/numeric.h ../include/proto.h \ ../include/resource.h ../include/setup.h \ - ../include/ssl.h ../include/struct.h ../include/sys.h \ + ../include/struct.h ../include/sys.h \ ../include/types.h ../include/url.h \ ../include/version.h ../include/whowas.h \ ../include/openssl_hostname_validation.h @@ -98,8 +98,8 @@ auth.o: auth.c $(INCLUDES) send.o: send.c $(INCLUDES) $(CC) $(CFLAGS) $(BINCFLAGS) -c send.c -ssl.o: ssl.c $(INCLUDES) - $(CC) $(CFLAGS) $(BINCFLAGS) -c ssl.c +tls.o: tls.c $(INCLUDES) + $(CC) $(CFLAGS) $(BINCFLAGS) -c tls.c match.o: match.c $(INCLUDES) $(CC) $(CFLAGS) $(BINCFLAGS) -c match.c diff --git a/src/modules/Makefile.in b/src/modules/Makefile.in index ae21399df..8f3d88590 100644 --- a/src/modules/Makefile.in +++ b/src/modules/Makefile.in @@ -30,7 +30,7 @@ INCLUDES = ../include/auth.h ../include/channel.h \ ../include/modules.h ../include/modversion.h ../include/msg.h \ ../include/numeric.h ../include/proto.h ../include/res.h \ ../include/resource.h ../include/setup.h \ - ../include/ssl.h ../include/struct.h ../include/sys.h \ + ../include/struct.h ../include/sys.h \ ../include/types.h ../include/url.h \ ../include/version.h ../include/whowas.h diff --git a/src/modules/chanmodes/Makefile.in b/src/modules/chanmodes/Makefile.in index bdf01f1a2..b008633eb 100644 --- a/src/modules/chanmodes/Makefile.in +++ b/src/modules/chanmodes/Makefile.in @@ -27,7 +27,7 @@ INCLUDES = ../../include/auth.h ../../include/channel.h \ ../../include/modules.h ../../include/modversion.h ../../include/msg.h \ ../../include/numeric.h ../../include/proto.h ../../include/res.h \ ../../include/resource.h ../../include/setup.h \ - ../../../include/ssl.h ../../include/struct.h ../../include/sys.h \ + ../../include/struct.h ../../include/sys.h \ ../../include/types.h ../../include/url.h \ ../../include/version.h ../../include/whowas.h diff --git a/src/modules/extbans/Makefile.in b/src/modules/extbans/Makefile.in index 740f49a57..5b8033fa0 100644 --- a/src/modules/extbans/Makefile.in +++ b/src/modules/extbans/Makefile.in @@ -27,7 +27,7 @@ INCLUDES = ../../include/auth.h ../../include/channel.h \ ../../include/modules.h ../../include/modversion.h ../../include/msg.h \ ../../include/numeric.h ../../include/proto.h ../../include/res.h \ ../../include/resource.h ../../include/setup.h \ - ../../../include/ssl.h ../../include/struct.h ../../include/sys.h \ + ../../include/struct.h ../../include/sys.h \ ../../include/types.h ../../include/url.h \ ../../include/version.h ../../include/whowas.h diff --git a/src/modules/snomasks/Makefile.in b/src/modules/snomasks/Makefile.in index febafc77e..c6eba0d70 100644 --- a/src/modules/snomasks/Makefile.in +++ b/src/modules/snomasks/Makefile.in @@ -27,7 +27,7 @@ INCLUDES = ../../include/auth.h ../../include/channel.h \ ../../include/modules.h ../../include/modversion.h ../../include/msg.h \ ../../include/numeric.h ../../include/proto.h ../../include/res.h \ ../../include/resource.h ../../include/setup.h \ - ../../../include/ssl.h ../../include/struct.h ../../include/sys.h \ + ../../include/struct.h ../../include/sys.h \ ../../include/types.h ../../include/url.h \ ../../include/version.h ../../include/whowas.h diff --git a/src/modules/third/Makefile.in b/src/modules/third/Makefile.in index 9f3f5bb9d..c41187cfd 100644 --- a/src/modules/third/Makefile.in +++ b/src/modules/third/Makefile.in @@ -27,7 +27,7 @@ INCLUDES = ../../include/auth.h ../../include/channel.h \ ../../include/modules.h ../../include/modversion.h ../../include/msg.h \ ../../include/numeric.h ../../include/proto.h ../../include/res.h \ ../../include/resource.h ../../include/setup.h \ - ../../../include/ssl.h ../../include/struct.h ../../include/sys.h \ + ../../include/struct.h ../../include/sys.h \ ../../include/types.h ../../include/url.h \ ../../include/version.h ../../include/whowas.h diff --git a/src/modules/usermodes/Makefile.in b/src/modules/usermodes/Makefile.in index 9f0fcf2be..be6768784 100644 --- a/src/modules/usermodes/Makefile.in +++ b/src/modules/usermodes/Makefile.in @@ -27,7 +27,7 @@ INCLUDES = ../../include/auth.h ../../include/channel.h \ ../../include/modules.h ../../include/modversion.h ../../include/msg.h \ ../../include/numeric.h ../../include/proto.h ../../include/res.h \ ../../include/resource.h ../../include/setup.h \ - ../../../include/ssl.h ../../include/struct.h ../../include/sys.h \ + ../../include/struct.h ../../include/sys.h \ ../../include/types.h ../../include/url.h \ ../../include/version.h ../../include/whowas.h diff --git a/src/ssl.c b/src/tls.c similarity index 99% rename from src/ssl.c rename to src/tls.c index 109a2bd03..54e2be641 100644 --- a/src/ssl.c +++ b/src/tls.c @@ -1,5 +1,5 @@ /************************************************************************ - * Unreal Internet Relay Chat Daemon, src/ssl.c + * Unreal Internet Relay Chat Daemon, src/tls.c * (C) 2000 hq.alert.sk (base) * (C) 2000 Carsten V. Munk * diff --git a/src/windows/makecert.bat b/src/windows/makecert.bat index caa412814..32e9f80b5 100755 --- a/src/windows/makecert.bat +++ b/src/windows/makecert.bat @@ -1,6 +1,6 @@ @title Certificate Generation -SET OPENSSL_CONF=ssl.cnf +SET OPENSSL_CONF=tls.cnf openssl ecparam -out server.key.pem -name secp384r1 -genkey -openssl req -new -config ssl.cnf -out conf/tls/server.req.pem -key conf/tls/server.key.pem -nodes -openssl req -x509 -config ssl.cnf -days 3650 -sha256 -in conf/tls/server.req.pem -key conf/tls/server.key.pem -out conf/tls/server.cert.pem +openssl req -new -config tls.cnf -out conf/tls/server.req.pem -key conf/tls/server.key.pem -nodes +openssl req -x509 -config tls.cnf -days 3650 -sha256 -in conf/tls/server.req.pem -key conf/tls/server.key.pem -out conf/tls/server.cert.pem diff --git a/src/windows/unrealinst.iss b/src/windows/unrealinst.iss index 0df18ae56..e984e79ce 100644 --- a/src/windows/unrealinst.iss +++ b/src/windows/unrealinst.iss @@ -24,7 +24,7 @@ SourceDir=../../ UninstallDisplayIcon={app}\UnrealIRCd.exe DisableWelcomePage=no -; !!! Make sure to update SSL validation (WizardForm.TasksList.Checked[9]) if tasks are added/removed !!! +; !!! Make sure to update SSL/TLS validation (WizardForm.TasksList.Checked[9]) if tasks are added/removed !!! [Tasks] Name: "desktopicon"; Description: "Create a &desktop icon"; GroupDescription: "Additional icons:" Name: "quicklaunchicon"; Description: "Create a &Quick Launch icon"; GroupDescription: "Additional icons:"; Flags: unchecked @@ -32,7 +32,7 @@ Name: "installservice"; Description: "Install as a &service (not for beginners)" Name: "installservice/startboot"; Description: "S&tart UnrealIRCd when Windows starts"; GroupDescription: "Service support:"; MinVersion: 0,4.0; Flags: exclusive unchecked Name: "installservice/startdemand"; Description: "Start UnrealIRCd on &request"; GroupDescription: "Service support:"; MinVersion: 0,4.0; Flags: exclusive unchecked Name: "installservice/crashrestart"; Description: "Restart UnrealIRCd if it &crashes"; GroupDescription: "Service support:"; Flags: unchecked; MinVersion: 0,5.0; -Name: "makecert"; Description: "&Create certificate"; GroupDescription: "SSL options:"; +Name: "makecert"; Description: "&Create certificate"; GroupDescription: "SSL/TLS options:"; Name: "fixperm"; Description: "Make UnrealIRCd folder writable by current user"; [Files] @@ -59,7 +59,7 @@ Source: "doc\conf\aliases\*"; DestDir: "{app}\conf\aliases"; Flags: ignoreversio Source: "unrealsvc.exe"; DestDir: "{app}"; Flags: ignoreversion; MinVersion: 0,4.0 Source: "src\windows\makecert.bat"; DestDir: "{app}"; Flags: ignoreversion -Source: "extras\ssl.cnf"; DestDir: "{app}"; Flags: ignoreversion +Source: "extras\tls.cnf"; DestDir: "{app}"; Flags: ignoreversion Source: "src\modules\*.dll"; DestDir: "{app}\modules"; Flags: ignoreversion Source: "src\modules\chanmodes\*.dll"; DestDir: "{app}\modules\chanmodes"; Flags: ignoreversion @@ -75,7 +75,7 @@ Source: "c:\dev\libressl\bin\*.dll"; DestDir: "{app}"; Flags: ignoreversion Source: "c:\dev\setacl.exe"; DestDir: "{app}\tmp"; Flags: ignoreversion #ifdef USE_CURL -; curl with ssl support +; curl with SSL/TLS support Source: "C:\dev\curl-ssl\builds\libcurl-vc-x86-release-dll-ssl-dll-ipv6-sspi-obj-lib\libcurl.dll"; DestDir: "{app}"; Flags: ignoreversion Source: "doc\conf\ssl\curl-ca-bundle.crt"; DestDir: "{app}\conf\ssl"; Flags: ignoreversion #endif @@ -85,7 +85,7 @@ Name: "{app}\tmp" Name: "{app}\cache" Name: "{app}\logs" Name: "{app}\conf" -Name: "{app}\conf\ssl" +Name: "{app}\conf\tls" Name: "{app}\data" Name: "{app}\modules\third" @@ -147,14 +147,14 @@ if CurStep = ssPostInstall then end; //********************************************************************************* -// Checks if ssl cert file exists +// Checks if SSL/TLS cert file exists //********************************************************************************* procedure CurPageChanged(CurPage: Integer); begin if (CurPage = wpSelectTasks)then begin - if FileExists(ExpandConstant('{app}\conf\ssl\server.cert.pem')) then + if FileExists(ExpandConstant('{app}\conf\tls\server.cert.pem')) then begin WizardForm.TasksList.Checked[9]:=false; end