i
006b7e5a7c
Hide serveropts from normal users.
2019-07-12 01:09:33 +03:00
i
ca094f0a75
New set::ping-warning option (how fast the server should reply to PING before sending a warning to opers).
2019-07-11 16:47:02 +03:00
i
876758b73e
Fix Custom OpenSSL binary path was ignored.
2019-07-11 14:20:01 +03:00
i
a601f565e1
Do not override all libs.
2019-07-11 03:06:28 +03:00
i
57f6718086
Update configure script for previous commit.
2019-07-11 02:36:51 +03:00
i
4feba3edd5
Check whether linking with OpenSSL functions requires -ldl or -lpthread or both
2019-07-11 02:33:11 +03:00
i
dbbcc6918a
Fix Custom OpenSSL library path was ignored
2019-07-11 00:53:41 +03:00
i
60ebc1375e
Support channel status prefixes for SAJOIN.
2019-07-10 17:42:46 +03:00
Bram Matthys
769955eab5
Require at least one SSL/TLS port to be open. In other words, change
...
https://www.unrealircd.org/docs/FAQ#Your_server_is_not_listening_on_any_SSL_ports
from a warning to an error.
2019-07-10 06:53:01 +02:00
Bram Matthys
3cff80ad8d
Use SSL_CTX_set_min_proto_version() in a more inteligent way.
...
It shouldn't matter now, but if OpenSSL some day deprecates the old
way then at least it won't have silent disastrous effects.
2019-07-09 20:24:00 +02:00
Bram Matthys
dc2c2c3f89
Re-indent ssl.c
2019-07-09 20:13:02 +02:00
Bram Matthys
d09b9d53a4
Make SSL/TLS mandatory for UnrealIRCd to run. Previously you could get
...
around this by simply having no certs etc. I doubt anyone used it and
that was not a recommended configuration.
(More to come)
2019-07-09 20:06:11 +02:00
Bram Matthys
657985bf53
Make Debian 10 compile with -Werror. Add -Wno-cast-function-type
2019-07-07 18:17:32 +02:00
Bram Matthys
efe73de70d
-Wno-unused-but-set-parameter
...
[skip ci]
2019-07-07 18:11:54 +02:00
Bram Matthys
79bd78c0f3
Make it so UnrealIRCd has full control over the SSL/TLS versions in use
...
and not just the operating system.
This makes us use SSL_CTX_set_min_proto_version(), which unfortunately is
a less fine-grained control for disabling specific SSL/TLS versions.
However, after that we use SSL_CTX_set_options with SSL_OP_NO_xxx.
The latter is deprecated though. Will revisit this change before U5 release..
2019-07-07 10:22:29 +02:00
Bram Matthys
73bbf10170
Build tests: --enable-werror
2019-07-07 09:54:40 +02:00
Bram Matthys
fa39bafe99
tls-tests: Check not only against baseline but against all
...
[skip ci]
2019-07-07 09:34:30 +02:00
Bram Matthys
6a44b002da
Add cipherscan profile for openssl 1.0.1, as used by Debian 8 (jessie).
...
Main difference is that the curve used for ECDHE is fixed at prime256v1
rather than a list of multiple choices (this due to an openssl 1.0.1
limitation).
[skip ci]
2019-07-07 09:27:57 +02:00
Bram Matthys
0235c6f233
Remove 2 cipherscan profiles (only to reintroduce them later)
...
[skip ci]
2019-07-07 09:24:33 +02:00
Bram Matthys
3b3f63b990
Add HAVE_EXPLICIT_BZERO. Fix compile problems on Debian and other older
...
systems without explicit_bzero. Current usage is only in the PRNG which
is not very important anyway. We can re-visit later by attempting to
provide a fallback portable version, but from what I've seen this is
pretty ugly.
2019-07-07 09:18:34 +02:00
Bram Matthys
7ac11973d0
Fix crash in TOPIC with certain remote server traffic.
...
And make sure we don't change topic text if it comes from a remote link.
2019-07-06 17:48:44 +02:00
Bram Matthys
74325280dd
Due to new defaults, the baseline for the SSL/TLS changed as well.
2019-07-01 07:45:48 +02:00
Bram Matthys
74cf811759
Failed to initialize a variable in changes last week.
...
Not caught by tests due to lack of -O2, we should add a buildbot for that..
2019-07-01 07:40:49 +02:00
Bram Matthys
fea09b6659
Switch from RSA 4096 to ECC secp384r1
2019-06-30 10:53:58 +02:00
Bram Matthys
d3d9b499a7
Move src/ssl.cnf -> extras/ssl.cnf
...
[skip ci]
2019-06-30 10:25:19 +02:00
Bram Matthys
e90f6e0446
Remove 'make encpem'. Nobody uses this as it would mean you always need
...
to enter the private key password when UnrealIRCd is (re)started.
Similarly, remove all references to it on Windows as well, where people
thought clicking "Encrypt private key" was a good idea. Can't blame them,
it sounds good on first sight :D
[skip ci]
2019-06-30 10:23:15 +02:00
Bram Matthys
696c06b6a6
Load authprompt module by default.
2019-06-29 19:17:52 +02:00
Bram Matthys
f0f69bfe48
Change set::ident::read-timeout from 30 to 15 seconds since otherwise
...
it exceeds set::handshake-timeout which would be very unfortunate for
those (few) poor users that are affected by this.
2019-06-29 18:51:02 +02:00
Bram Matthys
60a89b8c3f
Change set::outdated-tls-policy::server and ::oper to deny.
...
Both servers and IRCOps must not use outdated SSL/TLS protocols or ciphers.
2019-06-29 18:34:27 +02:00
Bram Matthys
94faf02c70
Change set::plaintext-policy::oper to deny. IRCOps really must use SSL/TLS.
2019-06-29 18:31:37 +02:00
Bram Matthys
375b03c132
Fix (just created) bug in extcmode unloading (with param).
...
Update slot/param mapping. Now unloading should work well...
otherwise it crashed after destroying the channel.
2019-06-29 09:51:23 +02:00
Bram Matthys
bbbdba1083
Make chanmodes/link module un-PERM. Thanks due to previous change.
2019-06-29 09:11:20 +02:00
Bram Matthys
b605b7fd86
Use delayed module unloading not only for modules with moddata but also
...
for modules which have extended channelmodes with parameters,
since they have the same problem.
2019-06-29 09:10:18 +02:00
Bram Matthys
96ad3e8f71
Nothing special. Add a comment to blacklist module, in case someone
...
things it would be wise to make it unPERM ;)
[skip ci]
2019-06-29 08:55:36 +02:00
Bram Matthys
5d6f0a79ad
Make jumpserver module non-PERM, thanks to LoadPersistentPointer etc.
2019-06-29 08:52:52 +02:00
Bram Matthys
fbf4946777
Update tkldb to use new LoadPersistentInt/SavePersistentInt functions.
...
And before that, I fixed these functions so they actually work :D
2019-06-29 08:44:12 +02:00
i
e03fa760ef
update makefile.win32 for extbans/partmsg
2019-06-29 00:53:41 +03:00
i
780d9e95a2
extbans/partmsg: remove unused leftovers
2019-06-29 00:41:23 +03:00
i
7c4bd691fe
fix modules.default loadmodule directive for partmsg
2019-06-29 00:39:23 +03:00
i
cf3d01da06
extban ~p for hiding part/quit message
2019-06-29 00:30:10 +03:00
Bram Matthys
5182c664d1
Easier API for just-commited persistent variables. Example:
...
LoadPersistentPointer(modinfo, removefld_list, floodprot_free_removefld_list);
SavePersistentPointer(modinfo, removefld_list);
The above example was for a pointer, there are also functions for int and long,
which are even more simple:
LoadPersistentInt(modinfo, somevar)
SavePersistentInt(modinfo, somevar)
and
LoadPersistentLong(modinfo, somevar)
SavePersistentLong(modinfo, somevar)
both are untested, but will be tested soon...
2019-06-28 22:08:45 +02:00
Bram Matthys
0920967cc4
New module_load_variable / module_save_variable functions
...
and made floodprot to use these functions.
TODO: 1) Different functions for pointer/int/long, 2) macro?
2019-06-28 21:02:29 +02:00
Bram Matthys
c720417487
MOD_UNLOAD() was always called with an invalid modinfo argument.
2019-06-28 21:01:43 +02:00
Bram Matthys
7fe1848340
Make floodprot no longer PERM so it can be reloaded. Useful if we ever
...
make a mistake in the module so we can upgrade it on-the-fly.
Or if someone wants to get rid of it.
TODO: consider abstracting the saving/restoring of vars.
2019-06-28 20:14:32 +02:00
Bram Matthys
8686bf978e
Support for unloading channel modes with parameters (w/o MOD_OPT_PERM)
2019-06-28 20:07:21 +02:00
Bram Matthys
1757abf31a
Duh..
2019-06-28 19:16:21 +02:00
Bram Matthys
1f5acd852b
Update tkldb to use (new) MODDATATYPE_LOCALVAR.
2019-06-28 19:11:34 +02:00
Bram Matthys
2a7fc8042d
Add new moddata types: MODDATA_LOCALVAR and MODDATA_GLOBALVAR. Untested.
...
Code using it will soon follow (and then it will be tested :D)
2019-06-28 18:35:37 +02:00
Bram Matthys
38e9c100d4
Get rid of include/threads.h (unused)
2019-06-26 17:27:45 +02:00
Bram Matthys
a2510a5dca
Delete sock.h, isn't even used anymore.
...
[skip ci]
2019-06-26 17:25:34 +02:00