mirror of
https://github.com/weechat/weechat.git
synced 2026-07-03 16:23:14 +02:00
relay: add option relay.network.ssl_priorities (closes #234)
This commit is contained in:
@@ -29,6 +29,7 @@ http://weechat.org/files/releasenotes/ReleaseNotes-devel.html[release notes]
|
||||
* irc: display own nick changes in server buffer (closes #188)
|
||||
* irc: disable creation of temporary servers by default with command /connect,
|
||||
new option irc.look.temporary_servers
|
||||
* relay: add option relay.network.ssl_priorities (closes #234)
|
||||
* relay: add host in sender for IRC backlog PRIVMSG messages sent to clients
|
||||
* trigger: evaluate and replace regex groups at same time, new format for regex
|
||||
option in triggers (incompatible with version 1.0) (closes #224)
|
||||
|
||||
@@ -118,6 +118,11 @@
|
||||
** Typ: Zeichenkette
|
||||
** Werte: beliebige Zeichenkette (Standardwert: `"%h/ssl/relay.pem"`)
|
||||
|
||||
* [[option_relay.network.ssl_priorities]] *relay.network.ssl_priorities*
|
||||
** Beschreibung: `Zeichenkette mit Prioritäten für gnutls (für die korrekte Syntax siehe gnutls Dokumentation unter Funktion gnutls_priority_init. Gebräuchliche Zeichenketten sind: "PERFORMANCE", "NORMAL", "SECURE128", "SECURE256", "EXPORT", "NONE")`
|
||||
** Typ: Zeichenkette
|
||||
** Werte: beliebige Zeichenkette (Standardwert: `"PERFORMANCE"`)
|
||||
|
||||
* [[option_relay.network.websocket_allowed_origins]] *relay.network.websocket_allowed_origins*
|
||||
** Beschreibung: `erweiterter regulärer POSIX Ausdruck für Origins in WebSockets (Groß- und Kleinschreibung wird ignoriert, um Groß- und Kleinschreibung zu nutzen muss "(?-i)" dem Origin vorangestellt werden), Beispiele: "^http://(www\.)?example\.(com|org)"`
|
||||
** Typ: Zeichenkette
|
||||
|
||||
@@ -118,6 +118,11 @@
|
||||
** type: string
|
||||
** values: any string (default value: `"%h/ssl/relay.pem"`)
|
||||
|
||||
* [[option_relay.network.ssl_priorities]] *relay.network.ssl_priorities*
|
||||
** description: `string with priorities for gnutls (for syntax, see documentation of function gnutls_priority_init in gnutls manual, common strings are: "PERFORMANCE", "NORMAL", "SECURE128", "SECURE256", "EXPORT", "NONE")`
|
||||
** type: string
|
||||
** values: any string (default value: `"PERFORMANCE"`)
|
||||
|
||||
* [[option_relay.network.websocket_allowed_origins]] *relay.network.websocket_allowed_origins*
|
||||
** description: `POSIX extended regular expression with origins allowed in websockets (case insensitive, use "(?-i)" at beginning to make it case sensitive), example: "^http://(www\.)?example\.(com|org)"`
|
||||
** type: string
|
||||
|
||||
@@ -118,6 +118,11 @@
|
||||
** type: chaîne
|
||||
** valeurs: toute chaîne (valeur par défaut: `"%h/ssl/relay.pem"`)
|
||||
|
||||
* [[option_relay.network.ssl_priorities]] *relay.network.ssl_priorities*
|
||||
** description: `chaîne avec les priorités pour gnutls (pour la syntaxe, voir la documentation de la fonction gnutls_priority_init du manuel gnutls, les chaînes courantes sont : "PERFORMANCE", "NORMAL", "SECURE128", "SECURE256", "EXPORT", "NONE")`
|
||||
** type: chaîne
|
||||
** valeurs: toute chaîne (valeur par défaut: `"PERFORMANCE"`)
|
||||
|
||||
* [[option_relay.network.websocket_allowed_origins]] *relay.network.websocket_allowed_origins*
|
||||
** description: `expression régulière POSIX étendue avec les origines autorisées dans les websockets (insensible à la casse, utilisez "(?-i)" en début de chaîne pour la rendre insensible à la casse), exemple : "^http://(www\.)?example\.(com|org)"`
|
||||
** type: chaîne
|
||||
|
||||
@@ -118,6 +118,11 @@
|
||||
** tipo: stringa
|
||||
** valori: qualsiasi stringa (valore predefinito: `"%h/ssl/relay.pem"`)
|
||||
|
||||
* [[option_relay.network.ssl_priorities]] *relay.network.ssl_priorities*
|
||||
** descrizione: `stringa con le priorità per gnutls (per la sintassi, consultare la documentazione per la funzione gnutls_priority_init nel manuale di gnutls, stringhe comuni sono: "PERFORMANCE", "NORMAL", "SECURE128", "SECURE256", "EXPORT", "NONE")`
|
||||
** tipo: stringa
|
||||
** valori: qualsiasi stringa (valore predefinito: `"PERFORMANCE"`)
|
||||
|
||||
* [[option_relay.network.websocket_allowed_origins]] *relay.network.websocket_allowed_origins*
|
||||
** descrizione: `POSIX extended regular expression with origins allowed in websockets (case insensitive, use "(?-i)" at beginning to make it case sensitive), example: "^http://(www\.)?example\.(com|org)"`
|
||||
** tipo: stringa
|
||||
|
||||
@@ -118,6 +118,11 @@
|
||||
** タイプ: 文字列
|
||||
** 値: 未制約文字列 (デフォルト値: `"%h/ssl/relay.pem"`)
|
||||
|
||||
* [[option_relay.network.ssl_priorities]] *relay.network.ssl_priorities*
|
||||
** 説明: `gnutls の優先度を示した文字列 (構文は、gnutls マニュアルの gnutls_priority_init 関数のドキュメントを参照、通例: "PERFORMANCE", "NORMAL", "SECURE128", "SECURE256", "EXPORT", "NONE")`
|
||||
** タイプ: 文字列
|
||||
** 値: 未制約文字列 (デフォルト値: `"PERFORMANCE"`)
|
||||
|
||||
* [[option_relay.network.websocket_allowed_origins]] *relay.network.websocket_allowed_origins*
|
||||
** 説明: `ウェブソケットに使うことを許可する origin の "POSIX 拡張正規表現 (大文字小文字を区別しない、"(?-i)" を先頭に置くと大文字小文字を区別する)、例: "^http://(www\.)?example\.(com|org)"`
|
||||
** タイプ: 文字列
|
||||
|
||||
@@ -118,6 +118,11 @@
|
||||
** typ: ciąg
|
||||
** wartości: dowolny ciąg (domyślna wartość: `"%h/ssl/relay.pem"`)
|
||||
|
||||
* [[option_relay.network.ssl_priorities]] *relay.network.ssl_priorities*
|
||||
** opis: `ciąg z priorytetami dla gnutls (składnię można znaleźć w dokumentacji gnutls dla funkcji gnutls_priority_init, często używane ciągi to: "PERFORMANCE", "NORMAL", "SECURE128", "SECURE256", "EXPORT", "NONE")`
|
||||
** typ: ciąg
|
||||
** wartości: dowolny ciąg (domyślna wartość: `"PERFORMANCE"`)
|
||||
|
||||
* [[option_relay.network.websocket_allowed_origins]] *relay.network.websocket_allowed_origins*
|
||||
** opis: `rozszerzone wyrażenia regularne POSIX ze źródłami dozwolonymi dla gniazd webowych (nie wrażliwe na wielkość znaków, umieszczenie "(?-i)" na początku sprawi, że wielość znaków będzie miała znaczenie), przykład: "^http://(www\.)?przykład\.(com|org)"`
|
||||
** typ: ciąg
|
||||
|
||||
@@ -217,6 +217,7 @@ relay_client_handshake_timer_cb (void *data, int remaining_calls)
|
||||
/* handshake OK, set status to "connected" */
|
||||
weechat_unhook (client->hook_timer_handshake);
|
||||
client->hook_timer_handshake = NULL;
|
||||
client->gnutls_handshake_ok = 1;
|
||||
relay_client_set_status (client, RELAY_STATUS_CONNECTED);
|
||||
return WEECHAT_RC_OK;
|
||||
}
|
||||
@@ -1062,6 +1063,7 @@ relay_client_new (int sock, const char *address, struct t_relay_server *server)
|
||||
new_client->ssl = server->ssl;
|
||||
#ifdef HAVE_GNUTLS
|
||||
new_client->hook_timer_handshake = NULL;
|
||||
new_client->gnutls_handshake_ok = 0;
|
||||
#endif
|
||||
new_client->websocket = 0;
|
||||
new_client->http_headers = NULL;
|
||||
@@ -1230,6 +1232,7 @@ relay_client_new_with_infolist (struct t_infolist *infolist)
|
||||
#ifdef HAVE_GNUTLS
|
||||
new_client->gnutls_sess = NULL;
|
||||
new_client->hook_timer_handshake = NULL;
|
||||
new_client->gnutls_handshake_ok = 0;
|
||||
#endif
|
||||
new_client->websocket = weechat_infolist_integer (infolist, "websocket");
|
||||
new_client->http_headers = NULL;
|
||||
@@ -1321,6 +1324,14 @@ relay_client_set_status (struct t_relay_client *client,
|
||||
|
||||
relay_client_outqueue_free_all (client);
|
||||
|
||||
#ifdef HAVE_GNUTLS
|
||||
if (client->hook_timer_handshake)
|
||||
{
|
||||
weechat_unhook (client->hook_timer_handshake);
|
||||
client->hook_timer_handshake = NULL;
|
||||
}
|
||||
client->gnutls_handshake_ok = 0;
|
||||
#endif
|
||||
if (client->hook_fd)
|
||||
{
|
||||
weechat_unhook (client->hook_fd);
|
||||
@@ -1364,7 +1375,7 @@ relay_client_set_status (struct t_relay_client *client,
|
||||
if (client->sock >= 0)
|
||||
{
|
||||
#ifdef HAVE_GNUTLS
|
||||
if (client->ssl)
|
||||
if (client->ssl && client->gnutls_handshake_ok)
|
||||
gnutls_bye (client->gnutls_sess, GNUTLS_SHUT_WR);
|
||||
#endif
|
||||
close (client->sock);
|
||||
@@ -1528,6 +1539,8 @@ relay_client_add_to_infolist (struct t_infolist *infolist,
|
||||
#ifdef HAVE_GNUTLS
|
||||
if (!weechat_infolist_new_var_pointer (ptr_item, "hook_timer_handshake", client->hook_timer_handshake))
|
||||
return 0;
|
||||
if (!weechat_infolist_new_var_integer (ptr_item, "gnutls_handshake_ok", client->gnutls_handshake_ok))
|
||||
return 0;
|
||||
#endif
|
||||
if (!weechat_infolist_new_var_integer (ptr_item, "websocket", client->websocket))
|
||||
return 0;
|
||||
@@ -1604,6 +1617,7 @@ relay_client_print_log ()
|
||||
#ifdef HAVE_GNUTLS
|
||||
weechat_log_printf (" gnutls_sess . . . . . : 0x%lx", ptr_client->gnutls_sess);
|
||||
weechat_log_printf (" hook_timer_handshake. : 0x%lx", ptr_client->hook_timer_handshake);
|
||||
weechat_log_printf (" gnutls_handshake_ok . : 0x%lx", ptr_client->gnutls_handshake_ok);
|
||||
#endif
|
||||
weechat_log_printf (" websocket . . . . . . : %d", ptr_client->websocket);
|
||||
weechat_log_printf (" http_headers. . . . . : 0x%lx (hashtable: '%s')",
|
||||
|
||||
@@ -79,6 +79,7 @@ struct t_relay_client
|
||||
#ifdef HAVE_GNUTLS
|
||||
gnutls_session_t gnutls_sess; /* gnutls session (only if SSL used) */
|
||||
struct t_hook *hook_timer_handshake; /* timer for doing gnutls handshake*/
|
||||
int gnutls_handshake_ok; /* 1 if handshake was done and OK */
|
||||
#endif
|
||||
int websocket; /* 0=not a ws, 1=init ws, 2=ws ready */
|
||||
struct t_hashtable *http_headers; /* HTTP headers for websocket */
|
||||
|
||||
@@ -60,6 +60,7 @@ struct t_config_option *relay_config_network_ipv6;
|
||||
struct t_config_option *relay_config_network_max_clients;
|
||||
struct t_config_option *relay_config_network_password;
|
||||
struct t_config_option *relay_config_network_ssl_cert_key;
|
||||
struct t_config_option *relay_config_network_ssl_priorities;
|
||||
struct t_config_option *relay_config_network_websocket_allowed_origins;
|
||||
|
||||
/* relay config, irc section */
|
||||
@@ -192,6 +193,74 @@ relay_config_change_network_ssl_cert_key (void *data,
|
||||
relay_network_set_ssl_cert_key (1);
|
||||
}
|
||||
|
||||
/*
|
||||
* Callback for changes on option "relay.network.ssl_priorities".
|
||||
*/
|
||||
|
||||
int
|
||||
relay_config_check_network_ssl_priorities (void *data,
|
||||
struct t_config_option *option,
|
||||
const char *value)
|
||||
{
|
||||
#ifdef HAVE_GNUTLS
|
||||
gnutls_priority_t priority_cache;
|
||||
const char *pos_error;
|
||||
int rc;
|
||||
|
||||
/* make C compiler happy */
|
||||
(void) data;
|
||||
(void) option;
|
||||
|
||||
pos_error = value;
|
||||
|
||||
if (value && value[0])
|
||||
{
|
||||
rc = gnutls_priority_init (&priority_cache, value, &pos_error);
|
||||
if (rc == GNUTLS_E_SUCCESS)
|
||||
{
|
||||
gnutls_priority_deinit (priority_cache);
|
||||
return 1;
|
||||
}
|
||||
}
|
||||
|
||||
weechat_printf (NULL,
|
||||
_("%s%s: invalid priorities string, error "
|
||||
"at this position in string: \"%s\""),
|
||||
weechat_prefix ("error"), RELAY_PLUGIN_NAME,
|
||||
(pos_error) ? pos_error : value);
|
||||
|
||||
return 0;
|
||||
#else
|
||||
/* make C compiler happy */
|
||||
(void) data;
|
||||
(void) option;
|
||||
(void) value;
|
||||
|
||||
return 1;
|
||||
#endif
|
||||
}
|
||||
|
||||
/*
|
||||
* Callback for changes on option "relay.network.ssl_priorities".
|
||||
*/
|
||||
|
||||
void
|
||||
relay_config_change_network_ssl_priorities (void *data,
|
||||
struct t_config_option *option)
|
||||
{
|
||||
/* make C compiler happy */
|
||||
(void) data;
|
||||
(void) option;
|
||||
|
||||
#ifdef HAVE_GNUTLS
|
||||
if (relay_network_init_ok && relay_gnutls_priority_cache)
|
||||
{
|
||||
gnutls_priority_deinit (*relay_gnutls_priority_cache);
|
||||
relay_network_set_priority ();
|
||||
}
|
||||
#endif
|
||||
}
|
||||
|
||||
/*
|
||||
* Callback for changes on option "relay.network.websocker_allowed_origins".
|
||||
*/
|
||||
@@ -697,6 +766,16 @@ relay_config_init ()
|
||||
"with SSL)"),
|
||||
NULL, 0, 0, "%h/ssl/relay.pem", NULL, 0, NULL, NULL,
|
||||
&relay_config_change_network_ssl_cert_key, NULL, NULL, NULL);
|
||||
relay_config_network_ssl_priorities = weechat_config_new_option (
|
||||
relay_config_file, ptr_section,
|
||||
"ssl_priorities", "string",
|
||||
N_("string with priorities for gnutls (for syntax, see "
|
||||
"documentation of function gnutls_priority_init in gnutls "
|
||||
"manual, common strings are: \"PERFORMANCE\", \"NORMAL\", "
|
||||
"\"SECURE128\", \"SECURE256\", \"EXPORT\", \"NONE\")"),
|
||||
NULL, 0, 0, "PERFORMANCE", NULL, 0,
|
||||
&relay_config_check_network_ssl_priorities, NULL,
|
||||
&relay_config_change_network_ssl_priorities, NULL, NULL, NULL);
|
||||
relay_config_network_websocket_allowed_origins = weechat_config_new_option (
|
||||
relay_config_file, ptr_section,
|
||||
"websocket_allowed_origins", "string",
|
||||
|
||||
@@ -44,6 +44,7 @@ extern struct t_config_option *relay_config_network_ipv6;
|
||||
extern struct t_config_option *relay_config_network_max_clients;
|
||||
extern struct t_config_option *relay_config_network_password;
|
||||
extern struct t_config_option *relay_config_network_ssl_cert_key;
|
||||
extern struct t_config_option *relay_config_network_ssl_priorities;
|
||||
extern struct t_config_option *relay_config_network_websocket_allowed_origins;
|
||||
|
||||
extern struct t_config_option *relay_config_irc_backlog_max_minutes;
|
||||
|
||||
@@ -103,6 +103,28 @@ relay_network_set_ssl_cert_key (int verbose)
|
||||
#endif
|
||||
}
|
||||
|
||||
/*
|
||||
* Sets gnutls priority cache.
|
||||
*/
|
||||
|
||||
void
|
||||
relay_network_set_priority ()
|
||||
{
|
||||
#ifdef HAVE_GNUTLS
|
||||
if (gnutls_priority_init (relay_gnutls_priority_cache,
|
||||
weechat_config_string (
|
||||
relay_config_network_ssl_priorities),
|
||||
NULL) != GNUTLS_E_SUCCESS)
|
||||
{
|
||||
weechat_printf (NULL,
|
||||
_("%s%s: unable to initialize priority for SSL"),
|
||||
weechat_prefix ("error"), RELAY_PLUGIN_NAME);
|
||||
free (relay_gnutls_priority_cache);
|
||||
relay_gnutls_priority_cache = NULL;
|
||||
}
|
||||
#endif
|
||||
}
|
||||
|
||||
/*
|
||||
* Initializes network for relay.
|
||||
*/
|
||||
@@ -119,17 +141,7 @@ relay_network_init ()
|
||||
/* priority */
|
||||
relay_gnutls_priority_cache = malloc (sizeof (*relay_gnutls_priority_cache));
|
||||
if (relay_gnutls_priority_cache)
|
||||
{
|
||||
if (gnutls_priority_init (relay_gnutls_priority_cache,
|
||||
"PERFORMANCE", NULL) != GNUTLS_E_SUCCESS)
|
||||
{
|
||||
weechat_printf (NULL,
|
||||
_("%s%s: unable to initialize priority for SSL"),
|
||||
weechat_prefix ("error"), RELAY_PLUGIN_NAME);
|
||||
free (relay_gnutls_priority_cache);
|
||||
relay_gnutls_priority_cache = NULL;
|
||||
}
|
||||
}
|
||||
relay_network_set_priority ();
|
||||
#endif
|
||||
relay_network_init_ok = 1;
|
||||
}
|
||||
|
||||
@@ -34,6 +34,7 @@ extern gnutls_dh_params_t *relay_gnutls_dh_params;
|
||||
#endif
|
||||
|
||||
extern void relay_network_set_ssl_cert_key (int verbose);
|
||||
extern void relay_network_set_priority ();
|
||||
extern void relay_network_init ();
|
||||
extern void relay_network_end ();
|
||||
|
||||
|
||||
Reference in New Issue
Block a user