1
0
mirror of https://github.com/weechat/weechat.git synced 2026-07-03 16:23:14 +02:00

relay: add option relay.network.ssl_priorities (closes #234)

This commit is contained in:
Sébastien Helleu
2014-10-26 18:03:47 +01:00
parent a092e72731
commit 134a5f53d4
13 changed files with 151 additions and 12 deletions
+1
View File
@@ -29,6 +29,7 @@ http://weechat.org/files/releasenotes/ReleaseNotes-devel.html[release notes]
* irc: display own nick changes in server buffer (closes #188)
* irc: disable creation of temporary servers by default with command /connect,
new option irc.look.temporary_servers
* relay: add option relay.network.ssl_priorities (closes #234)
* relay: add host in sender for IRC backlog PRIVMSG messages sent to clients
* trigger: evaluate and replace regex groups at same time, new format for regex
option in triggers (incompatible with version 1.0) (closes #224)
@@ -118,6 +118,11 @@
** Typ: Zeichenkette
** Werte: beliebige Zeichenkette (Standardwert: `"%h/ssl/relay.pem"`)
* [[option_relay.network.ssl_priorities]] *relay.network.ssl_priorities*
** Beschreibung: `Zeichenkette mit Prioritäten für gnutls (für die korrekte Syntax siehe gnutls Dokumentation unter Funktion gnutls_priority_init. Gebräuchliche Zeichenketten sind: "PERFORMANCE", "NORMAL", "SECURE128", "SECURE256", "EXPORT", "NONE")`
** Typ: Zeichenkette
** Werte: beliebige Zeichenkette (Standardwert: `"PERFORMANCE"`)
* [[option_relay.network.websocket_allowed_origins]] *relay.network.websocket_allowed_origins*
** Beschreibung: `erweiterter regulärer POSIX Ausdruck für Origins in WebSockets (Groß- und Kleinschreibung wird ignoriert, um Groß- und Kleinschreibung zu nutzen muss "(?-i)" dem Origin vorangestellt werden), Beispiele: "^http://(www\.)?example\.(com|org)"`
** Typ: Zeichenkette
@@ -118,6 +118,11 @@
** type: string
** values: any string (default value: `"%h/ssl/relay.pem"`)
* [[option_relay.network.ssl_priorities]] *relay.network.ssl_priorities*
** description: `string with priorities for gnutls (for syntax, see documentation of function gnutls_priority_init in gnutls manual, common strings are: "PERFORMANCE", "NORMAL", "SECURE128", "SECURE256", "EXPORT", "NONE")`
** type: string
** values: any string (default value: `"PERFORMANCE"`)
* [[option_relay.network.websocket_allowed_origins]] *relay.network.websocket_allowed_origins*
** description: `POSIX extended regular expression with origins allowed in websockets (case insensitive, use "(?-i)" at beginning to make it case sensitive), example: "^http://(www\.)?example\.(com|org)"`
** type: string
@@ -118,6 +118,11 @@
** type: chaîne
** valeurs: toute chaîne (valeur par défaut: `"%h/ssl/relay.pem"`)
* [[option_relay.network.ssl_priorities]] *relay.network.ssl_priorities*
** description: `chaîne avec les priorités pour gnutls (pour la syntaxe, voir la documentation de la fonction gnutls_priority_init du manuel gnutls, les chaînes courantes sont : "PERFORMANCE", "NORMAL", "SECURE128", "SECURE256", "EXPORT", "NONE")`
** type: chaîne
** valeurs: toute chaîne (valeur par défaut: `"PERFORMANCE"`)
* [[option_relay.network.websocket_allowed_origins]] *relay.network.websocket_allowed_origins*
** description: `expression régulière POSIX étendue avec les origines autorisées dans les websockets (insensible à la casse, utilisez "(?-i)" en début de chaîne pour la rendre insensible à la casse), exemple : "^http://(www\.)?example\.(com|org)"`
** type: chaîne
@@ -118,6 +118,11 @@
** tipo: stringa
** valori: qualsiasi stringa (valore predefinito: `"%h/ssl/relay.pem"`)
* [[option_relay.network.ssl_priorities]] *relay.network.ssl_priorities*
** descrizione: `stringa con le priorità per gnutls (per la sintassi, consultare la documentazione per la funzione gnutls_priority_init nel manuale di gnutls, stringhe comuni sono: "PERFORMANCE", "NORMAL", "SECURE128", "SECURE256", "EXPORT", "NONE")`
** tipo: stringa
** valori: qualsiasi stringa (valore predefinito: `"PERFORMANCE"`)
* [[option_relay.network.websocket_allowed_origins]] *relay.network.websocket_allowed_origins*
** descrizione: `POSIX extended regular expression with origins allowed in websockets (case insensitive, use "(?-i)" at beginning to make it case sensitive), example: "^http://(www\.)?example\.(com|org)"`
** tipo: stringa
@@ -118,6 +118,11 @@
** タイプ: 文字列
** 値: 未制約文字列 (デフォルト値: `"%h/ssl/relay.pem"`)
* [[option_relay.network.ssl_priorities]] *relay.network.ssl_priorities*
** 説明: `gnutls の優先度を示した文字列 (構文は、gnutls マニュアルの gnutls_priority_init 関数のドキュメントを参照、通例: "PERFORMANCE", "NORMAL", "SECURE128", "SECURE256", "EXPORT", "NONE")`
** タイプ: 文字列
** 値: 未制約文字列 (デフォルト値: `"PERFORMANCE"`)
* [[option_relay.network.websocket_allowed_origins]] *relay.network.websocket_allowed_origins*
** 説明: `ウェブソケットに使うことを許可する origin の "POSIX 拡張正規表現 (大文字小文字を区別しない、"(?-i)" を先頭に置くと大文字小文字を区別する)、例: "^http://(www\.)?example\.(com|org)"`
** タイプ: 文字列
@@ -118,6 +118,11 @@
** typ: ciąg
** wartości: dowolny ciąg (domyślna wartość: `"%h/ssl/relay.pem"`)
* [[option_relay.network.ssl_priorities]] *relay.network.ssl_priorities*
** opis: `ciąg z priorytetami dla gnutls (składnię można znaleźć w dokumentacji gnutls dla funkcji gnutls_priority_init, często używane ciągi to: "PERFORMANCE", "NORMAL", "SECURE128", "SECURE256", "EXPORT", "NONE")`
** typ: ciąg
** wartości: dowolny ciąg (domyślna wartość: `"PERFORMANCE"`)
* [[option_relay.network.websocket_allowed_origins]] *relay.network.websocket_allowed_origins*
** opis: `rozszerzone wyrażenia regularne POSIX ze źródłami dozwolonymi dla gniazd webowych (nie wrażliwe na wielkość znaków, umieszczenie "(?-i)" na początku sprawi, że wielość znaków będzie miała znaczenie), przykład: "^http://(www\.)?przykład\.(com|org)"`
** typ: ciąg
+15 -1
View File
@@ -217,6 +217,7 @@ relay_client_handshake_timer_cb (void *data, int remaining_calls)
/* handshake OK, set status to "connected" */
weechat_unhook (client->hook_timer_handshake);
client->hook_timer_handshake = NULL;
client->gnutls_handshake_ok = 1;
relay_client_set_status (client, RELAY_STATUS_CONNECTED);
return WEECHAT_RC_OK;
}
@@ -1062,6 +1063,7 @@ relay_client_new (int sock, const char *address, struct t_relay_server *server)
new_client->ssl = server->ssl;
#ifdef HAVE_GNUTLS
new_client->hook_timer_handshake = NULL;
new_client->gnutls_handshake_ok = 0;
#endif
new_client->websocket = 0;
new_client->http_headers = NULL;
@@ -1230,6 +1232,7 @@ relay_client_new_with_infolist (struct t_infolist *infolist)
#ifdef HAVE_GNUTLS
new_client->gnutls_sess = NULL;
new_client->hook_timer_handshake = NULL;
new_client->gnutls_handshake_ok = 0;
#endif
new_client->websocket = weechat_infolist_integer (infolist, "websocket");
new_client->http_headers = NULL;
@@ -1321,6 +1324,14 @@ relay_client_set_status (struct t_relay_client *client,
relay_client_outqueue_free_all (client);
#ifdef HAVE_GNUTLS
if (client->hook_timer_handshake)
{
weechat_unhook (client->hook_timer_handshake);
client->hook_timer_handshake = NULL;
}
client->gnutls_handshake_ok = 0;
#endif
if (client->hook_fd)
{
weechat_unhook (client->hook_fd);
@@ -1364,7 +1375,7 @@ relay_client_set_status (struct t_relay_client *client,
if (client->sock >= 0)
{
#ifdef HAVE_GNUTLS
if (client->ssl)
if (client->ssl && client->gnutls_handshake_ok)
gnutls_bye (client->gnutls_sess, GNUTLS_SHUT_WR);
#endif
close (client->sock);
@@ -1528,6 +1539,8 @@ relay_client_add_to_infolist (struct t_infolist *infolist,
#ifdef HAVE_GNUTLS
if (!weechat_infolist_new_var_pointer (ptr_item, "hook_timer_handshake", client->hook_timer_handshake))
return 0;
if (!weechat_infolist_new_var_integer (ptr_item, "gnutls_handshake_ok", client->gnutls_handshake_ok))
return 0;
#endif
if (!weechat_infolist_new_var_integer (ptr_item, "websocket", client->websocket))
return 0;
@@ -1604,6 +1617,7 @@ relay_client_print_log ()
#ifdef HAVE_GNUTLS
weechat_log_printf (" gnutls_sess . . . . . : 0x%lx", ptr_client->gnutls_sess);
weechat_log_printf (" hook_timer_handshake. : 0x%lx", ptr_client->hook_timer_handshake);
weechat_log_printf (" gnutls_handshake_ok . : 0x%lx", ptr_client->gnutls_handshake_ok);
#endif
weechat_log_printf (" websocket . . . . . . : %d", ptr_client->websocket);
weechat_log_printf (" http_headers. . . . . : 0x%lx (hashtable: '%s')",
+1
View File
@@ -79,6 +79,7 @@ struct t_relay_client
#ifdef HAVE_GNUTLS
gnutls_session_t gnutls_sess; /* gnutls session (only if SSL used) */
struct t_hook *hook_timer_handshake; /* timer for doing gnutls handshake*/
int gnutls_handshake_ok; /* 1 if handshake was done and OK */
#endif
int websocket; /* 0=not a ws, 1=init ws, 2=ws ready */
struct t_hashtable *http_headers; /* HTTP headers for websocket */
+79
View File
@@ -60,6 +60,7 @@ struct t_config_option *relay_config_network_ipv6;
struct t_config_option *relay_config_network_max_clients;
struct t_config_option *relay_config_network_password;
struct t_config_option *relay_config_network_ssl_cert_key;
struct t_config_option *relay_config_network_ssl_priorities;
struct t_config_option *relay_config_network_websocket_allowed_origins;
/* relay config, irc section */
@@ -192,6 +193,74 @@ relay_config_change_network_ssl_cert_key (void *data,
relay_network_set_ssl_cert_key (1);
}
/*
* Callback for changes on option "relay.network.ssl_priorities".
*/
int
relay_config_check_network_ssl_priorities (void *data,
struct t_config_option *option,
const char *value)
{
#ifdef HAVE_GNUTLS
gnutls_priority_t priority_cache;
const char *pos_error;
int rc;
/* make C compiler happy */
(void) data;
(void) option;
pos_error = value;
if (value && value[0])
{
rc = gnutls_priority_init (&priority_cache, value, &pos_error);
if (rc == GNUTLS_E_SUCCESS)
{
gnutls_priority_deinit (priority_cache);
return 1;
}
}
weechat_printf (NULL,
_("%s%s: invalid priorities string, error "
"at this position in string: \"%s\""),
weechat_prefix ("error"), RELAY_PLUGIN_NAME,
(pos_error) ? pos_error : value);
return 0;
#else
/* make C compiler happy */
(void) data;
(void) option;
(void) value;
return 1;
#endif
}
/*
* Callback for changes on option "relay.network.ssl_priorities".
*/
void
relay_config_change_network_ssl_priorities (void *data,
struct t_config_option *option)
{
/* make C compiler happy */
(void) data;
(void) option;
#ifdef HAVE_GNUTLS
if (relay_network_init_ok && relay_gnutls_priority_cache)
{
gnutls_priority_deinit (*relay_gnutls_priority_cache);
relay_network_set_priority ();
}
#endif
}
/*
* Callback for changes on option "relay.network.websocker_allowed_origins".
*/
@@ -697,6 +766,16 @@ relay_config_init ()
"with SSL)"),
NULL, 0, 0, "%h/ssl/relay.pem", NULL, 0, NULL, NULL,
&relay_config_change_network_ssl_cert_key, NULL, NULL, NULL);
relay_config_network_ssl_priorities = weechat_config_new_option (
relay_config_file, ptr_section,
"ssl_priorities", "string",
N_("string with priorities for gnutls (for syntax, see "
"documentation of function gnutls_priority_init in gnutls "
"manual, common strings are: \"PERFORMANCE\", \"NORMAL\", "
"\"SECURE128\", \"SECURE256\", \"EXPORT\", \"NONE\")"),
NULL, 0, 0, "PERFORMANCE", NULL, 0,
&relay_config_check_network_ssl_priorities, NULL,
&relay_config_change_network_ssl_priorities, NULL, NULL, NULL);
relay_config_network_websocket_allowed_origins = weechat_config_new_option (
relay_config_file, ptr_section,
"websocket_allowed_origins", "string",
+1
View File
@@ -44,6 +44,7 @@ extern struct t_config_option *relay_config_network_ipv6;
extern struct t_config_option *relay_config_network_max_clients;
extern struct t_config_option *relay_config_network_password;
extern struct t_config_option *relay_config_network_ssl_cert_key;
extern struct t_config_option *relay_config_network_ssl_priorities;
extern struct t_config_option *relay_config_network_websocket_allowed_origins;
extern struct t_config_option *relay_config_irc_backlog_max_minutes;
+23 -11
View File
@@ -103,6 +103,28 @@ relay_network_set_ssl_cert_key (int verbose)
#endif
}
/*
* Sets gnutls priority cache.
*/
void
relay_network_set_priority ()
{
#ifdef HAVE_GNUTLS
if (gnutls_priority_init (relay_gnutls_priority_cache,
weechat_config_string (
relay_config_network_ssl_priorities),
NULL) != GNUTLS_E_SUCCESS)
{
weechat_printf (NULL,
_("%s%s: unable to initialize priority for SSL"),
weechat_prefix ("error"), RELAY_PLUGIN_NAME);
free (relay_gnutls_priority_cache);
relay_gnutls_priority_cache = NULL;
}
#endif
}
/*
* Initializes network for relay.
*/
@@ -119,17 +141,7 @@ relay_network_init ()
/* priority */
relay_gnutls_priority_cache = malloc (sizeof (*relay_gnutls_priority_cache));
if (relay_gnutls_priority_cache)
{
if (gnutls_priority_init (relay_gnutls_priority_cache,
"PERFORMANCE", NULL) != GNUTLS_E_SUCCESS)
{
weechat_printf (NULL,
_("%s%s: unable to initialize priority for SSL"),
weechat_prefix ("error"), RELAY_PLUGIN_NAME);
free (relay_gnutls_priority_cache);
relay_gnutls_priority_cache = NULL;
}
}
relay_network_set_priority ();
#endif
relay_network_init_ok = 1;
}
+1
View File
@@ -34,6 +34,7 @@ extern gnutls_dh_params_t *relay_gnutls_dh_params;
#endif
extern void relay_network_set_ssl_cert_key (int verbose);
extern void relay_network_set_priority ();
extern void relay_network_init ();
extern void relay_network_end ();