Travis McArthur
aea09603a4
Remove USE_SSL macro and associated code
...
We no longer support non-SSL builds, remove related code
2015-05-20 02:48:34 -04:00
Bram Matthys
8f7886d9c7
init_ctx_client() was accidentally setting options on ctx_server. Reported by Jobe ( #4346 ).
2015-05-18 12:12:24 +02:00
Bram Matthys
94a6305880
Added config_report_ssl_error() which is now used when we failed to (re)initialize
...
SSL, may print a bit more meaningful errors (though rather long and obscure).
2014-07-20 17:45:58 +02:00
Bram Matthys
a51479b614
Win32: Fix SSL error not showing up in dialog box (was logged to ircd.log, though..)
2014-07-20 17:31:15 +02:00
Bram Matthys
7ba2e3214c
First attempt at allowing server to boot if SSL is enabled but the
...
server/client SSL context failed to load (eg: no cert/key file).
2014-07-20 16:50:29 +02:00
Bram Matthys
d7c198cc82
Secure server to server links were previously hardcoded at SSLv3. This has
...
been fixed to be 'SSLv3 or later'. In practice this means that you will now
see a lot more server-to-server links using TLSv1.2.
2014-01-09 21:39:36 +01:00
Bram Matthys
101d2dd6a3
Big 3.4.x commit containing bug fixes and enhancements. Modularizing
...
user & channel modes. Fixing Windows build. Etc..
2014-05-11 20:56:02 +02:00
William Pitcock
f5cfafb94e
- ssl: include prototype for start_of_normal_client_handshake().
2013-05-24 23:16:37 +00:00
William Pitcock
afdf5d780a
- Replace ircsprintf() with bounds-checking ircsnprintf(), patch from FalconKirtaran. ( #4208 )
2013-05-21 06:26:52 +00:00
William Pitcock
61fe014771
- Remove sendto_server_butone() and friends, now everything uses sendto_server(). ( #4202 )
...
Patch from FalconKirtaran.
2013-05-20 01:21:45 +00:00
William Pitcock
95370c6420
- ssl: Clean up no longer needed debug messages.
2013-05-06 02:42:26 +00:00
William Pitcock
595afafd28
- Finish up SSL linking support for evented I/O.
2013-05-06 02:39:18 +00:00
William Pitcock
5bbc40438f
- Initial work at making SSL connects work with the evented I/O.
2013-05-06 02:14:31 +00:00
William Pitcock
0b5fb5903e
- SSL: fix some bitrot left over from evented i/o rewrite
2013-01-14 06:23:53 -06:00
William Pitcock
f768abc2c2
- Fix typo in previous patch, pointed out by Wolfwood. ( #4147 )
2012-12-26 13:18:27 -06:00
William Pitcock
614a006900
- Do not attempt to set up DH params if not requested.
2012-12-01 23:11:44 -06:00
William Pitcock
501d93d6ea
- Add support for providing a DH parameters file. ( #4147 )
...
DH parameters files must be encoded in PEM format, and the path is
set using the ssl::dh config setting. This is based on a patch
submitted by wolfwood, with some modifications to avoid using stdio
unnecessarily and to avoid code duplication.
2012-12-01 22:49:19 -06:00
William Pitcock
ab5e766d9c
- Replace calls to strncpyzt() macro with more secure strlcpy().
...
This was done using Coccinelle, the semantic patch was:
@@
expression src, dst, len;
@@
- strncpyzt(src, dst, len);
+ strlcpy(src, dst, len);
2012-11-21 03:22:29 +00:00
William Pitcock
25318ec24b
- Port the SSL code over to the evented I/O subsystem.
2012-10-05 14:19:54 +00:00
Bram Matthys
63dd326113
- SSL errors are now more descriptive. 'Underlying syscall error' is now
...
gone and shows the actual (surprise!) underlying syscall error.
Reported by vonitsanet, patch from ohnobinki (#0003157 ).
2010-09-19 14:26:47 +00:00
Bram Matthys
17c97c8442
- Fixed notices to opers about server delinks not being broadcasted to all
...
other servers if they were on SSL links. Reported by chotaire (#0003957 ).
2010-09-19 14:10:43 +00:00
binki
94c2b58366
- Fix a few compiler warnings with some double-casting and another const. ( #3939 )
2010-08-03 23:57:44 +00:00
Bram Matthys
5a0a71de03
- Added support for STARTTLS. This allows users to switch to SSL without
...
having to use a special SSL-only port, they can simply switch to SSL on
any port. This is currently only supported by few clients (such as KVIrc 4).
This functionality can be disabled by setting set::ssl::options::no-starttls,
for example if you don't want to offer SSL to your users and only want it
to be used for server to server links.
Naturally, the IRCd must be compiled with SSL support for STARTTLS to work.
- Fixed SSL_ERROR_WANT_READ in IRCd_ssl_write()
2009-12-06 16:52:52 +00:00
Bram Matthys
ebf40ab6e6
- Added set::ssl::server-cipher-list, #002368 requested by Beastie
...
[Backport, sts]
- Added set::ssl::renegotiate-bytes, set::ssl:renegotiate-timeout, #0002971
suggested by tabrisnet. Gets activated when >0. Please set sane values.
[Backport, sts]
2008-08-11 13:54:35 +00:00
Bram Matthys
ef8ffdda04
- Showing even more SSL server errors now, hopefully all of them, also changed the
...
error notice a bit so it's much more like non-SSL server link errors. Reported by
vonitsanet (#0003150 ).
2006-12-19 19:37:41 +00:00
Bram Matthys
0537a49be6
- Fixed SSL bug where an outgoing connect (either autoconnect, or /connect), would not
...
show any error message when it failed. Error information has also been slightly
improved. Reported by vonitsanet (#0003138 ).
2006-12-06 14:33:42 +00:00
Bram Matthys
fe77be7070
- Win32: SSL private key prompt should now no longer crash. Patch provided by Alexey
...
Markevich (#0002866 ).
2006-11-04 13:23:37 +00:00
Bram Matthys
25684239fa
- Fixed some unitialized pointer things for win32 w/ssl on keyprompt, no idea if it
...
helps, though. Would appreciate it if another code looks into this. -- Syzop
2006-11-03 19:31:21 +00:00
Bram Matthys
601eb71ba7
- Fixed SSL crash problem due to previous SSL change.
2006-08-23 10:43:02 +00:00
Bram Matthys
05f5cfe02b
- The server SSL certificate and private key can now be reloaded without requiring a server
...
restart, simply use: /REHASH -ssl
2006-08-20 23:05:55 +00:00
Bram Matthys
ae03d2e4e8
- Added chained SSL certificates support, patch provided by justdave ( #0002848 ).
2006-04-09 16:51:04 +00:00
Bram Matthys
b30301ecfe
- Sometimes if an oper was connected trough SSL and had the junk snomask (+s +j) set it
...
would cause a crash. Reported by chasingsol (#0002777 ).
2006-01-27 15:25:31 +00:00
codemastr
e5f16b777a
Made the win32 version use a dynamically linked libc
2004-05-30 00:59:05 +00:00
Bram Matthys
f58c46a334
- Updated SSL error for underlying syscall error a bit ( #0001615 ).
2004-03-03 21:27:05 +00:00
codemastr
829a3c8a1f
Made remote includes work with SSL protocols
2003-12-26 00:51:25 +00:00
Bram Matthys
632e0cbf88
- Improved SSL error msg sent to junk snomask.
2003-09-07 18:14:19 +00:00
Bram Matthys
f13b9b539e
- Fixed a compile error with openssl enabled at redhat 9.
2003-04-16 22:28:19 +00:00
Bram Matthys
7c9ba1feda
- Added SSL quit error messages
2003-04-10 19:58:30 +00:00
codemastr
27928952dd
Possibly fixed an SSL crash
2003-04-08 23:49:01 +00:00
Bram Matthys
5a1bdba209
- Removed some debugging messages
2003-02-17 19:03:34 +00:00
Bram Matthys
0c12e70d59
- Fixed compile warning in ssl.c.
2003-02-15 18:16:57 +00:00
Bram Matthys
84596e0fc5
Redesigned "Dead socket" error msg thing. Added a error_str to client struct,
...
which is set if dead_link is called. You will now see "Write error",
"Max SendQ exceeded" etc error messages in the quit reason instead of just
the "Dead socket" message. Changed "notice" parameter of dead_link, now just
the reason and not a format string, maybe rename that var.
2003-02-02 00:48:02 +00:00
Bram Matthys
e333890b0f
Fixed SSL session cache bug, symptoms were: stunnel can only connect the 1st time,
...
reconnecting etc fails with (in stunnel log) "SSL_connect: Peer suddenly disconnected".
This happends with OpenSSL 0.9.7.
2003-01-23 17:03:53 +00:00
stskeeps
4bc07b8789
+- Added set::ssl::options, with three options:
...
+ fail-if-no-clientcert - If SSL client connects and doesn't provide a client certificate, abort connection immediately
+ verify-certificate - Check the certificate's validity using X509 methods, check if we trust CA's, etc.
+ It however does slip self signed certificates through UNLESS
+ no-self-signed - Don't allow self-signed certificates through (requires verify-certificate)
+- Made conf parser mention if we make a link->options with CONNECT_SSL if we don't support SSL (and remove the CONNECT_SSL flag)
+- Made conf parser mention if we make a SSL listener and we don't support SSL
+- Added set::ssl::trusted-ca-file, if enabled, it will point the SSL stuff to use that file as trusted CA's (for verify-certificate)
+- Made conf _not_ bitch that it doesn't know set::ssl
+- Removed some leftover client certificate stuff
2002-09-28 11:02:05 +00:00
stskeeps
282cc51768
- Changed auth method sslpubkey into sslclientcert, which means it will check the X509 certificate of the
...
user using X509_cmp. Also needing is some policy/conf setting to adjust if to reject invalid client certificates or whatever..
2002-09-27 16:08:03 +00:00
stskeeps
6926cca1bb
- Added Syzop's various zero-terminate patches and fixes for crashes when
...
you send commands like JOIN from a server directly
2002-09-07 01:32:00 +00:00
codemastr
ff14d5d0bf
Compile warning cleanups
2002-09-01 18:33:47 +00:00
stskeeps
4aff4a0376
- More SSL debugging stuff..
2002-08-27 12:34:43 +00:00
stskeeps
a15ce8eb54
bah
2002-08-26 14:55:14 +00:00
stskeeps
275d304475
- Added set::ssl::certificate and set::ssl::key to point to where we got the certificat
...
PEM and the private key PEM
2002-08-21 17:10:46 +00:00