08bc61ec00
We now refuse to enable SSL/TLS with weak ciphers: DES, 3DES, RC4.
2017-09-06 08:21:14 +02:00
1faa91ed0e
Add helper function plaintextpolicy_valtochar().
2017-09-02 15:49:02 +02:00
199a7e162d
Make new functions more generic and use it from crash reporter so
...
people with older OpenSSL libraries (and LibreSSL) benefit from
the hostname validation code there as well.
2017-09-01 17:28:49 +02:00
aa829bce12
New option link::verify-certificate [yes|no]. This will cause UnrealIRCd
...
to validate the certificate of the link, making sure that:
1) The certificate is issued by a trusted Certificate Authority (CA).
2) The name on the certificate matches the name of the link block.
Some things still need to be done: documentation, more testing, and
using the X509_check_host() function when available.
2017-09-01 17:10:29 +02:00
ac66a0fe12
Add hostname verification code from ssl conservatory & curl
...
(will be used in next commit)
2017-09-01 17:02:36 +02:00
5ff4fb3f87
Remove old code.. this is already set in link->ssl_ctx by init_ctx().
...
(tested)
2017-09-01 09:32:51 +02:00
d53d46fce4
Add set::plaintext-policy block by which you can warn or deny user connections,
...
ircop /OPER attempts and incoming server linking attempts from connections
that are not encrypted with SSL/TLS.
Documentation: https://www.unrealircd.org/docs/Set_block#set::plaintext-policy
2017-08-16 19:39:28 +02:00
40e3e11b61
UnrealIRCd 4.0.13
2017-08-15 12:12:10 +02:00
0b5e46cd23
Fix extban_conv_param_nuh not marked as extern. Reported by Gottem ( #4975 )
2017-08-15 12:08:11 +02:00
74d5f380dd
A /REHASH from a WebSocket connection would cause a crash (requires
...
IRCOp privileges). This is a rather technical issue, we now simply
reject the rehash. See comments in code for more information.
2017-08-10 09:02:05 +02:00
8ccf5700f1
Prepare for 4.0.13-rc1
2017-08-10 07:46:17 +02:00
455420afc1
SNI-specific sts-policy is now possible. (As recommended by IRCv3 draft spec)
2017-08-09 15:39:52 +02:00
84776eeeb2
Add support for draft/sts http://ircv3.net/specs/core/sts-3.3.html
...
Docs: https://www.unrealircd.org/docs/Set_block#set::ssl::sts-policy::port
Example:
set {
ssl {
certificate "ssl/server.cert.pem";
key "ssl/server.key.pem";
sts-policy {
port 6697;
duration 180d;
};
};
};
IMPORTANT: Only use this if you know what STS is and what the
implications are. The most important things being A) set a correct
port and B) you need a 'real' SSL certificate and not a self-signed
certificate.
More documentation may follow at another place.
2017-08-09 14:16:03 +02:00
ea651384f8
Add groundwork for draft/sts (more to follow)
...
Module coders:
* The cap->visible(void) callback function is now cap->visible(aClient *)
* There is a new cap->parameter(aClient *) callback function.
* Various updates to subfunctions to pass 'sptr' (due to the above),
including clicap_find(sptr, ...)
* New CLICAP_FLAGS_UNREQABLE flag
Other:
* There is a new (src/)modules/cap directory containing the sts module,
well.. once I commit it :D
2017-08-09 13:21:36 +02:00
b2129205f9
Added support for the "Server Name Indication" (SNI) SSL/TLS extension.
...
See https://www.unrealircd.org/docs/Sni_block
Requested in #4380 by Eman.
2017-08-09 12:00:04 +02:00
7b092f7aeb
Verify certificate when submitting bug report.
2017-06-19 16:28:50 +02:00
0c1f299b0b
UnrealIRCd 4.0.12.1 release
2017-06-02 08:56:24 +02:00
01687486f0
Bump MAXCONNECTIONS for Windows. Due to FD number assignments this
...
value needs to be much higher than the number of clients the IRCd
should be able to hold. The new value is 10k which should allow
at least 1-2k clients.
2017-05-12 17:12:18 +02:00
3dc27370a1
Prepare for UnrealIRCd 4.0.12 release.
2017-05-12 11:24:36 +02:00
e62ea1dedd
Module coders: added two functions to search for user modes:
...
has_user_mode(acptr, 'i'): returns 1 / 0
find_user_mode('i'): returns the user mode (as 'long')
extern int has_user_mode(aClient *acptr, char mode);
extern long find_user_mode(char mode);
2017-03-26 15:40:36 +02:00
ec9db8fd5f
Move match_user() to module (efunc in m_tkl)
2017-03-18 15:00:34 +01:00
f65d5fce8b
Add new option: set { hide-list { deny-channel }; };
...
This will hide channels in /LIST that are denied by deny channel blocks
(and not exempt via allow channel blocks).
2017-03-10 08:48:08 +01:00
176566962a
Add support for 'mask' in allow channel { } and deny channel { }.
...
This so you can easily add allow/deny channel blocks for IP ranges.
Possibly not so useful for services-networks (ban/akick is very similar)
but has some use on serviceless networks.
2017-03-08 17:28:15 +01:00
e44fb1d355
UnrealIRCd 4.0.11
2017-02-10 15:34:05 +01:00
e0130ab0b6
Fix silly crash issue.
2017-02-10 14:28:32 +01:00
e09da031cc
UnrealIRCd 4.0.10 release
2017-01-13 09:12:52 +01:00
90508c74ae
UnrealIRCd 4.0.10-rc2
2017-01-06 13:35:31 +01:00
6067202cdf
Rewrite SJOIN to fix a bug where modes were sometimes cut-off resulting
...
in incorrect bans being added.
2017-01-06 11:11:19 +01:00
5d390811fd
UnrealIRCd 4.0.10-rc1
2016-12-31 09:30:12 +01:00
d003f8bfe9
Merge pull request #64 from Adam-/unreal40+remove_unknown
...
remove_unknown: don't send squits for unknown uids and don't leak server ip in quit message
2016-12-29 21:44:51 +01:00
9da4c7e5d0
Added DNSBL check exemption: except blacklist { mask 1.2.3.4; };
2016-12-29 11:38:49 +01:00
aae0971cf4
Add the ability to set specific ssl options in listen blocks and link blocks.
...
This allows you to for example specify a specific certificate/key on an
serversonly port and in link block (a self-signed 10 year valid certificate)
and use a short-lived (XX day) Let's Encrypt certificate on the other ports.
And several other uses, of course.
2016-12-29 08:37:15 +01:00
1f1ac6c4ee
Less duplicate code: add internal function invisible_user_in_channel()
...
and remove many calls to HOOKTYPE_VISIBLE_IN_CHANNEL + flag checking.
2016-12-27 20:22:12 +01:00
99e087d50c
Remove temporary workaround and actually fix stuff in QUIT for delayjoin. Add new function user_can_see_member()...
2016-12-27 20:02:35 +01:00
9a8645973c
Added set::ssl::options::no-client-certificate
...
This is really NOT a recommended setting but may be necessary to work around
some browser issues for wss://.
2016-12-16 17:20:27 +01:00
10c038ffc0
remove_unknown: don't send squits for unknown uids, don't leak server ips in quit msg
2016-12-07 08:19:16 -05:00
41bd7ad4b9
UnrealIRCd 4.0.9
2016-12-03 10:58:49 +01:00
79ed5694b2
split part of read_packet() off to new function process_packet().
...
This will later be used by a new feature.
2016-11-30 08:18:56 +01:00
1e313b2e88
Make UnrealIRCd compile on Visual Studio 2015 (yes, 2012 also still works after this)
2016-11-18 21:00:16 +01:00
9763956f05
UnrealIRCd 4.0.8.4
2016-11-18 13:56:04 +01:00
0d554284e7
4.0.8.3 - a release a day, keeps the doctor away.
2016-11-17 10:12:26 +01:00
3326af498c
4.0.8.2 (more build fixes)
2016-11-16 11:00:57 +01:00
388497e592
Bump version to 4.0.8.1.
2016-11-14 11:03:42 +01:00
094dde3c70
UnrealIRCd 4.0.8
2016-11-11 08:47:36 +01:00
2f3c34fe9f
Lol. Duh :D
2016-10-30 13:16:45 +01:00
45545ac3d2
4.0.8-rc1
2016-10-30 13:04:03 +01:00
fd35f965a2
Use dynamic linking for our shipped private libraries (c-ares, tre, pcre2). Work in progress, may revert.
2016-10-20 19:02:55 +02:00
7e05a29aca
** 4.0.7 **
2016-10-09 09:25:12 +02:00
1cd0cdcd18
Use Windows' _stricmp/_strnicmp
2016-10-01 08:50:48 +02:00
f2d21943fe
Bump version to 4.0.7-rc1
2016-09-30 15:53:36 +02:00
Bram Matthys