mirror of
https://github.com/weechat/weechat.git
synced 2026-06-29 06:16:40 +02:00
relay: rename "ssl" options and protocol to "tls" (issue #1903)
This commit is contained in:
Sébastien Helleu
@@ -218,7 +218,7 @@ relay_client_set_desc (struct t_relay_client *client)
|
||||
snprintf (desc, sizeof (desc),
|
||||
"%d/%s%s%s%s/%s%s%s%s",
|
||||
client->id,
|
||||
(client->ssl) ? "ssl." : "",
|
||||
(client->tls) ? "tls." : "",
|
||||
relay_protocol_string[client->protocol],
|
||||
(client->protocol_args) ? "." : "",
|
||||
(client->protocol_args) ? client->protocol_args : "",
|
||||
@@ -231,7 +231,7 @@ relay_client_set_desc (struct t_relay_client *client)
|
||||
}
|
||||
|
||||
/*
|
||||
* Timer callback for handshake with client (for SSL connection only).
|
||||
* Timer callback for handshake with client (for TLS connection only).
|
||||
*/
|
||||
|
||||
int
|
||||
@@ -601,7 +601,7 @@ relay_client_recv_cb (const void *pointer, void *data, int fd)
|
||||
return WEECHAT_RC_OK;
|
||||
}
|
||||
|
||||
if (client->ssl)
|
||||
if (client->tls)
|
||||
num_read = gnutls_record_recv (client->gnutls_sess, buffer,
|
||||
sizeof (buffer) - 1);
|
||||
else
|
||||
@@ -690,7 +690,7 @@ relay_client_recv_cb (const void *pointer, void *data, int fd)
|
||||
}
|
||||
else
|
||||
{
|
||||
if (client->ssl)
|
||||
if (client->tls)
|
||||
{
|
||||
if ((num_read == 0)
|
||||
|| ((num_read != GNUTLS_E_AGAIN) && (num_read != GNUTLS_E_INTERRUPTED)))
|
||||
@@ -798,7 +798,7 @@ relay_client_send_outqueue (struct t_relay_client *client)
|
||||
|
||||
while (client->outqueue)
|
||||
{
|
||||
if (client->ssl)
|
||||
if (client->tls)
|
||||
{
|
||||
num_sent = gnutls_record_send (client->gnutls_sess,
|
||||
client->outqueue->data,
|
||||
@@ -867,7 +867,7 @@ relay_client_send_outqueue (struct t_relay_client *client)
|
||||
}
|
||||
else
|
||||
{
|
||||
if (client->ssl)
|
||||
if (client->tls)
|
||||
{
|
||||
if ((num_sent == GNUTLS_E_AGAIN)
|
||||
|| (num_sent == GNUTLS_E_INTERRUPTED))
|
||||
@@ -1137,7 +1137,7 @@ relay_client_send (struct t_relay_client *client,
|
||||
}
|
||||
else
|
||||
{
|
||||
if (client->ssl)
|
||||
if (client->tls)
|
||||
num_sent = gnutls_record_send (client->gnutls_sess, ptr_data, data_size);
|
||||
else
|
||||
num_sent = send (client->sock, ptr_data, data_size, 0);
|
||||
@@ -1168,7 +1168,7 @@ relay_client_send (struct t_relay_client *client,
|
||||
}
|
||||
else
|
||||
{
|
||||
if (client->ssl)
|
||||
if (client->tls)
|
||||
{
|
||||
if ((num_sent == GNUTLS_E_AGAIN)
|
||||
|| (num_sent == GNUTLS_E_INTERRUPTED))
|
||||
@@ -1306,7 +1306,7 @@ relay_client_new (int sock, const char *address, struct t_relay_server *server)
|
||||
new_client->desc = NULL;
|
||||
new_client->sock = sock;
|
||||
new_client->server_port = server->port;
|
||||
new_client->ssl = server->ssl;
|
||||
new_client->tls = server->tls;
|
||||
new_client->hook_timer_handshake = NULL;
|
||||
new_client->gnutls_handshake_ok = 0;
|
||||
new_client->websocket = RELAY_CLIENT_WEBSOCKET_NOT_USED;
|
||||
@@ -1354,20 +1354,20 @@ relay_client_new (int sock, const char *address, struct t_relay_server *server)
|
||||
|
||||
relay_client_set_desc (new_client);
|
||||
|
||||
if (new_client->ssl)
|
||||
if (new_client->tls)
|
||||
{
|
||||
if (!relay_network_init_ssl_cert_key_ok)
|
||||
if (!relay_network_init_tls_cert_key_ok)
|
||||
{
|
||||
weechat_printf_date_tags (
|
||||
NULL, 0, "relay_client",
|
||||
_("%s%s: warning: no SSL certificate/key found (option "
|
||||
"relay.network.ssl_cert_key)"),
|
||||
_("%s%s: warning: no TLS certificate/key found (option "
|
||||
"relay.network.tls_cert_key)"),
|
||||
weechat_prefix ("error"),
|
||||
RELAY_PLUGIN_NAME);
|
||||
}
|
||||
new_client->status = RELAY_STATUS_CONNECTING;
|
||||
/*
|
||||
* set Diffie-Hellman parameters on first SSL connection from a
|
||||
* set Diffie-Hellman parameters on first TLS connection from a
|
||||
* client (done only one time)
|
||||
*/
|
||||
if (!relay_gnutls_dh_params)
|
||||
@@ -1410,7 +1410,7 @@ relay_client_new (int sock, const char *address, struct t_relay_server *server)
|
||||
{
|
||||
case RELAY_PROTOCOL_WEECHAT:
|
||||
relay_weechat_alloc (new_client);
|
||||
if (!new_client->ssl)
|
||||
if (!new_client->tls)
|
||||
{
|
||||
new_client->status =
|
||||
relay_weechat_get_initial_status (new_client);
|
||||
@@ -1418,7 +1418,7 @@ relay_client_new (int sock, const char *address, struct t_relay_server *server)
|
||||
break;
|
||||
case RELAY_PROTOCOL_IRC:
|
||||
relay_irc_alloc (new_client);
|
||||
if (!new_client->ssl)
|
||||
if (!new_client->tls)
|
||||
{
|
||||
new_client->status =
|
||||
relay_irc_get_initial_status (new_client);
|
||||
@@ -1510,7 +1510,11 @@ relay_client_new_with_infolist (struct t_infolist *infolist)
|
||||
new_client->desc = NULL;
|
||||
new_client->sock = weechat_infolist_integer (infolist, "sock");
|
||||
new_client->server_port = weechat_infolist_integer (infolist, "server_port");
|
||||
new_client->ssl = weechat_infolist_integer (infolist, "ssl");
|
||||
/* "tls" replaces "ssl" in WeeChat 4.0.0 */
|
||||
if (weechat_infolist_search_var (infolist, "tls"))
|
||||
new_client->tls = weechat_infolist_integer (infolist, "tls");
|
||||
else
|
||||
new_client->tls = weechat_infolist_integer (infolist, "ssl");
|
||||
new_client->gnutls_sess = NULL;
|
||||
new_client->hook_timer_handshake = NULL;
|
||||
new_client->gnutls_handshake_ok = 0;
|
||||
@@ -1696,11 +1700,11 @@ relay_client_set_status (struct t_relay_client *client,
|
||||
|
||||
if (client->sock >= 0)
|
||||
{
|
||||
if (client->ssl && client->gnutls_handshake_ok)
|
||||
if (client->tls && client->gnutls_handshake_ok)
|
||||
gnutls_bye (client->gnutls_sess, GNUTLS_SHUT_WR);
|
||||
close (client->sock);
|
||||
client->sock = -1;
|
||||
if (client->ssl)
|
||||
if (client->tls)
|
||||
gnutls_deinit (client->gnutls_sess);
|
||||
}
|
||||
}
|
||||
@@ -1891,7 +1895,7 @@ relay_client_add_to_infolist (struct t_infolist *infolist,
|
||||
}
|
||||
if (!weechat_infolist_new_var_integer (ptr_item, "server_port", client->server_port))
|
||||
return 0;
|
||||
if (!weechat_infolist_new_var_integer (ptr_item, "ssl", client->ssl))
|
||||
if (!weechat_infolist_new_var_integer (ptr_item, "tls", client->tls))
|
||||
return 0;
|
||||
if (!weechat_infolist_new_var_integer (ptr_item, "websocket", client->websocket))
|
||||
return 0;
|
||||
@@ -1971,7 +1975,7 @@ relay_client_print_log ()
|
||||
weechat_log_printf (" desc. . . . . . . . . . . : '%s'", ptr_client->desc);
|
||||
weechat_log_printf (" sock. . . . . . . . . . . : %d", ptr_client->sock);
|
||||
weechat_log_printf (" server_port . . . . . . . : %d", ptr_client->server_port);
|
||||
weechat_log_printf (" ssl . . . . . . . . . . . : %d", ptr_client->ssl);
|
||||
weechat_log_printf (" tls . . . . . . . . . . . : %d", ptr_client->tls);
|
||||
weechat_log_printf (" gnutls_sess . . . . . . . : 0x%lx", ptr_client->gnutls_sess);
|
||||
weechat_log_printf (" hook_timer_handshake. . . : 0x%lx", ptr_client->hook_timer_handshake);
|
||||
weechat_log_printf (" gnutls_handshake_ok . . . : 0x%lx", ptr_client->gnutls_handshake_ok);
|
||||
|
||||
@@ -101,8 +101,8 @@ struct t_relay_client
|
||||
char *desc; /* description, used for display */
|
||||
int sock; /* socket for connection */
|
||||
int server_port; /* port used for connection */
|
||||
int ssl; /* 1 if SSL is enabled */
|
||||
gnutls_session_t gnutls_sess; /* gnutls session (only if SSL used) */
|
||||
int tls; /* 1 if TLS is enabled */
|
||||
gnutls_session_t gnutls_sess; /* gnutls session (only if TLS used) */
|
||||
struct t_hook *hook_timer_handshake; /* timer for doing gnutls handshake*/
|
||||
int gnutls_handshake_ok; /* 1 if handshake was done and OK */
|
||||
enum t_relay_client_websocket_status websocket; /* websocket status */
|
||||
@@ -111,7 +111,7 @@ struct t_relay_client
|
||||
char *real_ip; /* real IP (X-Real-IP HTTP header) */
|
||||
enum t_relay_status status; /* status (connecting, active,..) */
|
||||
enum t_relay_protocol protocol; /* protocol (irc,..) */
|
||||
char *protocol_string; /* example: "ipv6.ssl.irc.libera" */
|
||||
char *protocol_string; /* example: "ipv6.tls.irc.libera" */
|
||||
char *protocol_args; /* arguments used for protocol */
|
||||
/* example: server for irc protocol */
|
||||
char *nonce; /* nonce used in salt of hashed pwd */
|
||||
|
||||
@@ -344,9 +344,9 @@ relay_command_relay (const void *pointer, void *data,
|
||||
return WEECHAT_RC_OK;
|
||||
}
|
||||
|
||||
if (weechat_strcmp (argv[1], "sslcertkey") == 0)
|
||||
if (weechat_strcmp (argv[1], "tlscertkey") == 0)
|
||||
{
|
||||
relay_network_set_ssl_cert_key (1);
|
||||
relay_network_set_tls_cert_key (1);
|
||||
return WEECHAT_RC_OK;
|
||||
}
|
||||
|
||||
@@ -400,7 +400,7 @@ relay_command_init ()
|
||||
" || add <name> <port>|<path>"
|
||||
" || del|start|restart|stop <name>"
|
||||
" || raw"
|
||||
" || sslcertkey"),
|
||||
" || tlscertkey"),
|
||||
N_(" list: list relay clients (only active relays)\n"
|
||||
" listfull: list relay clients (verbose, all relays)\n"
|
||||
" listrelay: list relays (name and port)\n"
|
||||
@@ -416,14 +416,14 @@ relay_command_init ()
|
||||
"path is evaluated (see function string_eval_path_home in "
|
||||
"plugin API reference)\n"
|
||||
" raw: open buffer with raw Relay data\n"
|
||||
" sslcertkey: set SSL certificate/key using path in option "
|
||||
"relay.network.ssl_cert_key\n"
|
||||
" tlscertkey: set TLS certificate/key using path in option "
|
||||
"relay.network.tls_cert_key\n"
|
||||
"\n"
|
||||
"Relay name is: [ipv4.][ipv6.][ssl.]<protocol.name> or "
|
||||
"unix.[ssl.]<protocol.name>\n"
|
||||
"Relay name is: [ipv4.][ipv6.][tls.]<protocol.name> or "
|
||||
"unix.[tls.]<protocol.name>\n"
|
||||
" ipv4: force use of IPv4\n"
|
||||
" ipv6: force use of IPv6\n"
|
||||
" ssl: enable SSL\n"
|
||||
" tls: enable TLS\n"
|
||||
" unix: use UNIX domain socket\n"
|
||||
"protocol.name: protocol and name to relay:\n"
|
||||
" - protocol \"irc\": name is the server to share "
|
||||
@@ -442,20 +442,20 @@ relay_command_init ()
|
||||
"Examples:\n"
|
||||
" irc proxy, for server \"libera\":\n"
|
||||
" /relay add irc.libera 8000\n"
|
||||
" irc proxy, for server \"libera\", with SSL:\n"
|
||||
" /relay add ssl.irc.libera 8001\n"
|
||||
" irc proxy, for all servers (client will choose), with SSL:\n"
|
||||
" /relay add ssl.irc 8002\n"
|
||||
" irc proxy, for server \"libera\", with TLS:\n"
|
||||
" /relay add tls.irc.libera 8001\n"
|
||||
" irc proxy, for all servers (client will choose), with TLS:\n"
|
||||
" /relay add tls.irc 8002\n"
|
||||
" weechat protocol:\n"
|
||||
" /relay add weechat 9000\n"
|
||||
" weechat protocol with SSL:\n"
|
||||
" /relay add ssl.weechat 9001\n"
|
||||
" weechat protocol with SSL, using only IPv4:\n"
|
||||
" /relay add ipv4.ssl.weechat 9001\n"
|
||||
" weechat protocol with SSL, using only IPv6:\n"
|
||||
" /relay add ipv6.ssl.weechat 9001\n"
|
||||
" weechat protocol with SSL, using IPv4 + IPv6:\n"
|
||||
" /relay add ipv4.ipv6.ssl.weechat 9001\n"
|
||||
" weechat protocol with TLS:\n"
|
||||
" /relay add tls.weechat 9001\n"
|
||||
" weechat protocol with TLS, using only IPv4:\n"
|
||||
" /relay add ipv4.tls.weechat 9001\n"
|
||||
" weechat protocol with TLS, using only IPv6:\n"
|
||||
" /relay add ipv6.tls.weechat 9001\n"
|
||||
" weechat protocol with TLS, using IPv4 + IPv6:\n"
|
||||
" /relay add ipv4.ipv6.tls.weechat 9001\n"
|
||||
" weechat protocol over UNIX domain socket:\n"
|
||||
" /relay add unix.weechat ${weechat_runtime_dir}/relay_socket"),
|
||||
"list %(relay_relays)"
|
||||
@@ -467,6 +467,6 @@ relay_command_init ()
|
||||
" || restart %(relay_relays)"
|
||||
" || stop %(relay_relays)"
|
||||
" || raw"
|
||||
" || sslcertkey",
|
||||
" || tlscertkey",
|
||||
&relay_command_relay, NULL, NULL);
|
||||
}
|
||||
|
||||
@@ -57,7 +57,7 @@ relay_completion_protocol_name_cb (const void *pointer, void *data,
|
||||
weechat_infolist_string (infolist, "name"));
|
||||
weechat_completion_list_add (completion, protocol_name,
|
||||
0, WEECHAT_LIST_POS_SORT);
|
||||
snprintf (protocol_name, sizeof (protocol_name), "ssl.irc.%s",
|
||||
snprintf (protocol_name, sizeof (protocol_name), "tls.irc.%s",
|
||||
weechat_infolist_string (infolist, "name"));
|
||||
weechat_completion_list_add (completion, protocol_name,
|
||||
0, WEECHAT_LIST_POS_SORT);
|
||||
@@ -66,7 +66,7 @@ relay_completion_protocol_name_cb (const void *pointer, void *data,
|
||||
weechat_infolist_string (infolist, "name"));
|
||||
weechat_completion_list_add (completion, protocol_name,
|
||||
0, WEECHAT_LIST_POS_SORT);
|
||||
snprintf (protocol_name, sizeof (protocol_name), "unix.ssl.irc.%s",
|
||||
snprintf (protocol_name, sizeof (protocol_name), "unix.tls.irc.%s",
|
||||
weechat_infolist_string (infolist, "name"));
|
||||
weechat_completion_list_add (completion, protocol_name,
|
||||
0, WEECHAT_LIST_POS_SORT);
|
||||
@@ -77,13 +77,13 @@ relay_completion_protocol_name_cb (const void *pointer, void *data,
|
||||
/* TCP socket */
|
||||
weechat_completion_list_add (completion, "weechat",
|
||||
0, WEECHAT_LIST_POS_SORT);
|
||||
weechat_completion_list_add (completion, "ssl.weechat",
|
||||
weechat_completion_list_add (completion, "tls.weechat",
|
||||
0, WEECHAT_LIST_POS_SORT);
|
||||
|
||||
/* UNIX domain socket */
|
||||
weechat_completion_list_add (completion, "unix.weechat",
|
||||
0, WEECHAT_LIST_POS_SORT);
|
||||
weechat_completion_list_add (completion, "unix.ssl.weechat",
|
||||
weechat_completion_list_add (completion, "unix.tls.weechat",
|
||||
0, WEECHAT_LIST_POS_SORT);
|
||||
|
||||
return WEECHAT_RC_OK;
|
||||
|
||||
@@ -80,8 +80,8 @@ struct t_config_option *relay_config_network_nonce_size = NULL;
|
||||
struct t_config_option *relay_config_network_password = NULL;
|
||||
struct t_config_option *relay_config_network_password_hash_algo = NULL;
|
||||
struct t_config_option *relay_config_network_password_hash_iterations = NULL;
|
||||
struct t_config_option *relay_config_network_ssl_cert_key = NULL;
|
||||
struct t_config_option *relay_config_network_ssl_priorities = NULL;
|
||||
struct t_config_option *relay_config_network_tls_cert_key = NULL;
|
||||
struct t_config_option *relay_config_network_tls_priorities = NULL;
|
||||
struct t_config_option *relay_config_network_totp_secret = NULL;
|
||||
struct t_config_option *relay_config_network_totp_window = NULL;
|
||||
struct t_config_option *relay_config_network_websocket_allowed_origins = NULL;
|
||||
@@ -244,11 +244,11 @@ relay_config_change_network_ipv6_cb (const void *pointer, void *data,
|
||||
}
|
||||
|
||||
/*
|
||||
* Callback for changes on option "relay.network.ssl_cert_key".
|
||||
* Callback for changes on option "relay.network.tls_cert_key".
|
||||
*/
|
||||
|
||||
void
|
||||
relay_config_change_network_ssl_cert_key (const void *pointer, void *data,
|
||||
relay_config_change_network_tls_cert_key (const void *pointer, void *data,
|
||||
struct t_config_option *option)
|
||||
{
|
||||
/* make C compiler happy */
|
||||
@@ -257,7 +257,7 @@ relay_config_change_network_ssl_cert_key (const void *pointer, void *data,
|
||||
(void) option;
|
||||
|
||||
if (relay_network_init_ok)
|
||||
relay_network_set_ssl_cert_key (1);
|
||||
relay_network_set_tls_cert_key (1);
|
||||
}
|
||||
|
||||
/*
|
||||
@@ -316,7 +316,7 @@ end:
|
||||
}
|
||||
|
||||
/*
|
||||
* Checks if option "relay.network.ssl_priorities" is valid.
|
||||
* Checks if option "relay.network.tls_priorities" is valid.
|
||||
*
|
||||
* Returns:
|
||||
* 1: value is valid
|
||||
@@ -324,7 +324,7 @@ end:
|
||||
*/
|
||||
|
||||
int
|
||||
relay_config_check_network_ssl_priorities (const void *pointer, void *data,
|
||||
relay_config_check_network_tls_priorities (const void *pointer, void *data,
|
||||
struct t_config_option *option,
|
||||
const char *value)
|
||||
{
|
||||
@@ -359,11 +359,11 @@ relay_config_check_network_ssl_priorities (const void *pointer, void *data,
|
||||
}
|
||||
|
||||
/*
|
||||
* Callback for changes on option "relay.network.ssl_priorities".
|
||||
* Callback for changes on option "relay.network.tls_priorities".
|
||||
*/
|
||||
|
||||
void
|
||||
relay_config_change_network_ssl_priorities (const void *pointer, void *data,
|
||||
relay_config_change_network_tls_priorities (const void *pointer, void *data,
|
||||
struct t_config_option *option)
|
||||
{
|
||||
/* make C compiler happy */
|
||||
@@ -743,7 +743,7 @@ relay_config_create_option_port_path (const void *pointer, void *data,
|
||||
const char *option_name,
|
||||
const char *value)
|
||||
{
|
||||
int rc, protocol_number, ipv4, ipv6, ssl, unix_socket;
|
||||
int rc, protocol_number, ipv4, ipv6, tls, unix_socket;
|
||||
char *error, *protocol, *protocol_args;
|
||||
long port;
|
||||
struct t_relay_server *ptr_server;
|
||||
@@ -757,7 +757,7 @@ relay_config_create_option_port_path (const void *pointer, void *data,
|
||||
protocol_number = -1;
|
||||
port = -1;
|
||||
|
||||
relay_server_get_protocol_args (option_name, &ipv4, &ipv6, &ssl,
|
||||
relay_server_get_protocol_args (option_name, &ipv4, &ipv6, &tls,
|
||||
&unix_socket, &protocol, &protocol_args);
|
||||
|
||||
if (rc != WEECHAT_CONFIG_OPTION_SET_ERROR)
|
||||
@@ -829,7 +829,7 @@ relay_config_create_option_port_path (const void *pointer, void *data,
|
||||
if (rc != WEECHAT_CONFIG_OPTION_SET_ERROR)
|
||||
{
|
||||
if (relay_server_new (option_name, protocol_number, protocol_args,
|
||||
port, value, ipv4, ipv6, ssl, unix_socket))
|
||||
port, value, ipv4, ipv6, tls, unix_socket))
|
||||
{
|
||||
/* create configuration option */
|
||||
if (unix_socket)
|
||||
@@ -888,6 +888,111 @@ relay_config_reload (const void *pointer, void *data,
|
||||
return weechat_config_reload (config_file);
|
||||
}
|
||||
|
||||
/*
|
||||
* Updates options in configuration file while reading the file.
|
||||
*/
|
||||
|
||||
struct t_hashtable *
|
||||
relay_config_update_cb (const void *pointer, void *data,
|
||||
struct t_config_file *config_file,
|
||||
int version_read,
|
||||
struct t_hashtable *data_read)
|
||||
{
|
||||
const char *ptr_section, *ptr_option;
|
||||
char *new_option, *pos;
|
||||
int changes;
|
||||
|
||||
/* make C compiler happy */
|
||||
(void) pointer;
|
||||
(void) data;
|
||||
(void) config_file;
|
||||
|
||||
/* nothing to do if the config file is already up-to-date */
|
||||
if (version_read >= RELAY_CONFIG_VERSION)
|
||||
return NULL;
|
||||
|
||||
changes = 0;
|
||||
|
||||
if (version_read < 2)
|
||||
{
|
||||
/*
|
||||
* changes in v2:
|
||||
* - options "ssl*" renamed to "tls*"
|
||||
* - protocol "ssl" renamed to "tls" in port/path sections
|
||||
*/
|
||||
ptr_section = weechat_hashtable_get (data_read, "section");
|
||||
ptr_option = weechat_hashtable_get (data_read, "option");
|
||||
if (ptr_section
|
||||
&& ptr_option
|
||||
&& (strcmp (ptr_section, "network") == 0))
|
||||
{
|
||||
if (strncmp (ptr_option, "ssl", 3) == 0)
|
||||
{
|
||||
new_option = strdup (ptr_option);
|
||||
if (new_option)
|
||||
{
|
||||
memcpy (new_option, "tls", 3);
|
||||
weechat_printf (
|
||||
NULL,
|
||||
_("Relay option renamed: \"relay.network.%s\" => "
|
||||
"\"relay.network.%s\""),
|
||||
ptr_option, new_option);
|
||||
weechat_hashtable_set (data_read, "option", new_option);
|
||||
changes++;
|
||||
free (new_option);
|
||||
}
|
||||
}
|
||||
}
|
||||
else if (ptr_section
|
||||
&& ptr_option
|
||||
&& ((strcmp (ptr_section, "port") == 0)
|
||||
|| (strcmp (ptr_section, "path") == 0)))
|
||||
{
|
||||
new_option = strdup (ptr_option);
|
||||
if (new_option)
|
||||
{
|
||||
pos = new_option;
|
||||
while (1)
|
||||
{
|
||||
if (strncmp (pos, "ipv4.", 5) == 0)
|
||||
{
|
||||
pos += 5;
|
||||
}
|
||||
else if (strncmp (pos, "ipv6.", 5) == 0)
|
||||
{
|
||||
pos += 5;
|
||||
}
|
||||
else if (strncmp (pos, "ssl.", 4) == 0)
|
||||
{
|
||||
memcpy (pos, "tls", 3);
|
||||
pos += 4;
|
||||
}
|
||||
else if (strncmp (pos, "unix.", 5) == 0)
|
||||
{
|
||||
pos += 5;
|
||||
}
|
||||
else
|
||||
break;
|
||||
}
|
||||
if (strcmp (ptr_option, new_option) != 0)
|
||||
{
|
||||
weechat_printf (
|
||||
NULL,
|
||||
_("Relay option renamed: "
|
||||
"\"relay.%s.%s\" => \"relay.%s.%s\""),
|
||||
ptr_section, ptr_option,
|
||||
ptr_section, new_option);
|
||||
weechat_hashtable_set (data_read, "option", new_option);
|
||||
changes++;
|
||||
}
|
||||
free (new_option);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
return (changes) ? data_read : NULL;
|
||||
}
|
||||
|
||||
/*
|
||||
* Initializes relay configuration file.
|
||||
*
|
||||
@@ -904,6 +1009,14 @@ relay_config_init ()
|
||||
if (!relay_config_file)
|
||||
return 0;
|
||||
|
||||
if (!weechat_config_set_version (relay_config_file, RELAY_CONFIG_VERSION,
|
||||
&relay_config_update_cb, NULL, NULL))
|
||||
{
|
||||
weechat_config_free (relay_config_file);
|
||||
relay_config_file = NULL;
|
||||
return 0;
|
||||
}
|
||||
|
||||
/* section look */
|
||||
relay_config_section_look = weechat_config_new_section (
|
||||
relay_config_file, "look",
|
||||
@@ -1139,27 +1252,27 @@ relay_config_init ()
|
||||
"if your CPU is slow"),
|
||||
NULL, 1, 1000000, "100000", NULL, 0,
|
||||
NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL);
|
||||
relay_config_network_ssl_cert_key = weechat_config_new_option (
|
||||
relay_config_network_tls_cert_key = weechat_config_new_option (
|
||||
relay_config_file, relay_config_section_network,
|
||||
"ssl_cert_key", "string",
|
||||
N_("file with SSL certificate and private key (for serving clients "
|
||||
"with SSL) "
|
||||
"tls_cert_key", "string",
|
||||
N_("file with TLS certificate and private key (for serving clients "
|
||||
"with TLS) "
|
||||
"(path is evaluated, see function string_eval_path_home in "
|
||||
"plugin API reference)"),
|
||||
NULL, 0, 0, "${weechat_config_dir}/ssl/relay.pem", NULL, 0,
|
||||
NULL, 0, 0, "${weechat_config_dir}/tls/relay.pem", NULL, 0,
|
||||
NULL, NULL, NULL,
|
||||
&relay_config_change_network_ssl_cert_key, NULL, NULL,
|
||||
&relay_config_change_network_tls_cert_key, NULL, NULL,
|
||||
NULL, NULL, NULL);
|
||||
relay_config_network_ssl_priorities = weechat_config_new_option (
|
||||
relay_config_network_tls_priorities = weechat_config_new_option (
|
||||
relay_config_file, relay_config_section_network,
|
||||
"ssl_priorities", "string",
|
||||
"tls_priorities", "string",
|
||||
N_("string with priorities for gnutls (for syntax, see "
|
||||
"documentation of function gnutls_priority_init in gnutls "
|
||||
"manual, common strings are: \"PERFORMANCE\", \"NORMAL\", "
|
||||
"\"SECURE128\", \"SECURE256\", \"EXPORT\", \"NONE\")"),
|
||||
NULL, 0, 0, "NORMAL:-VERS-SSL3.0", NULL, 0,
|
||||
&relay_config_check_network_ssl_priorities, NULL, NULL,
|
||||
&relay_config_change_network_ssl_priorities, NULL, NULL,
|
||||
&relay_config_check_network_tls_priorities, NULL, NULL,
|
||||
&relay_config_change_network_tls_priorities, NULL, NULL,
|
||||
NULL, NULL, NULL);
|
||||
relay_config_network_totp_secret = weechat_config_new_option (
|
||||
relay_config_file, relay_config_section_network,
|
||||
|
||||
@@ -25,6 +25,8 @@
|
||||
#define RELAY_CONFIG_NAME "relay"
|
||||
#define RELAY_CONFIG_PRIO_NAME (TO_STR(RELAY_PLUGIN_PRIORITY) "|" RELAY_CONFIG_NAME)
|
||||
|
||||
#define RELAY_CONFIG_VERSION 2
|
||||
|
||||
extern struct t_config_file *relay_config_file;
|
||||
extern struct t_config_section *relay_config_section_port;
|
||||
extern struct t_config_section *relay_config_section_path;
|
||||
@@ -50,8 +52,8 @@ extern struct t_config_option *relay_config_network_nonce_size;
|
||||
extern struct t_config_option *relay_config_network_password;
|
||||
extern struct t_config_option *relay_config_network_password_hash_algo;
|
||||
extern struct t_config_option *relay_config_network_password_hash_iterations;
|
||||
extern struct t_config_option *relay_config_network_ssl_cert_key;
|
||||
extern struct t_config_option *relay_config_network_ssl_priorities;
|
||||
extern struct t_config_option *relay_config_network_tls_cert_key;
|
||||
extern struct t_config_option *relay_config_network_tls_priorities;
|
||||
extern struct t_config_option *relay_config_network_totp_secret;
|
||||
extern struct t_config_option *relay_config_network_totp_window;
|
||||
extern struct t_config_option *relay_config_network_websocket_allowed_origins;
|
||||
|
||||
@@ -30,7 +30,7 @@
|
||||
|
||||
|
||||
int relay_network_init_ok = 0;
|
||||
int relay_network_init_ssl_cert_key_ok = 0;
|
||||
int relay_network_init_tls_cert_key_ok = 0;
|
||||
|
||||
gnutls_certificate_credentials_t relay_gnutls_x509_cred;
|
||||
gnutls_priority_t *relay_gnutls_priority_cache = NULL;
|
||||
@@ -38,14 +38,14 @@ gnutls_dh_params_t *relay_gnutls_dh_params = NULL;
|
||||
|
||||
|
||||
/*
|
||||
* Sets SSL certificate/key file.
|
||||
* Sets TLS certificate/key file.
|
||||
*
|
||||
* If verbose == 1, a message is displayed if successful, otherwise a warning
|
||||
* (if no cert/key found in file).
|
||||
*/
|
||||
|
||||
void
|
||||
relay_network_set_ssl_cert_key (int verbose)
|
||||
relay_network_set_tls_cert_key (int verbose)
|
||||
{
|
||||
char *certkey_path;
|
||||
int ret;
|
||||
@@ -54,7 +54,7 @@ relay_network_set_ssl_cert_key (int verbose)
|
||||
gnutls_certificate_free_credentials (relay_gnutls_x509_cred);
|
||||
gnutls_certificate_allocate_credentials (&relay_gnutls_x509_cred);
|
||||
|
||||
relay_network_init_ssl_cert_key_ok = 0;
|
||||
relay_network_init_tls_cert_key_ok = 0;
|
||||
|
||||
options = weechat_hashtable_new (
|
||||
32,
|
||||
@@ -64,7 +64,7 @@ relay_network_set_ssl_cert_key (int verbose)
|
||||
if (options)
|
||||
weechat_hashtable_set (options, "directory", "config");
|
||||
certkey_path = weechat_string_eval_path_home (
|
||||
weechat_config_string (relay_config_network_ssl_cert_key),
|
||||
weechat_config_string (relay_config_network_tls_cert_key),
|
||||
NULL, NULL, options);
|
||||
if (options)
|
||||
weechat_hashtable_free (options);
|
||||
@@ -76,11 +76,11 @@ relay_network_set_ssl_cert_key (int verbose)
|
||||
GNUTLS_X509_FMT_PEM);
|
||||
if (ret >= 0)
|
||||
{
|
||||
relay_network_init_ssl_cert_key_ok = 1;
|
||||
relay_network_init_tls_cert_key_ok = 1;
|
||||
if (verbose)
|
||||
{
|
||||
weechat_printf (NULL,
|
||||
_("%s: SSL certificate and key have been "
|
||||
_("%s: TLS certificate and key have been "
|
||||
"set"),
|
||||
RELAY_PLUGIN_NAME);
|
||||
}
|
||||
@@ -90,8 +90,8 @@ relay_network_set_ssl_cert_key (int verbose)
|
||||
if (verbose)
|
||||
{
|
||||
weechat_printf (NULL,
|
||||
_("%s%s: warning: no SSL certificate/key "
|
||||
"found (option relay.network.ssl_cert_key)"),
|
||||
_("%s%s: warning: no TLS certificate/key "
|
||||
"found (option relay.network.tls_cert_key)"),
|
||||
weechat_prefix ("error"), RELAY_PLUGIN_NAME);
|
||||
}
|
||||
}
|
||||
@@ -108,11 +108,11 @@ relay_network_set_priority ()
|
||||
{
|
||||
if (gnutls_priority_init (relay_gnutls_priority_cache,
|
||||
weechat_config_string (
|
||||
relay_config_network_ssl_priorities),
|
||||
relay_config_network_tls_priorities),
|
||||
NULL) != GNUTLS_E_SUCCESS)
|
||||
{
|
||||
weechat_printf (NULL,
|
||||
_("%s%s: unable to initialize priority for SSL"),
|
||||
_("%s%s: unable to initialize priority for TLS"),
|
||||
weechat_prefix ("error"), RELAY_PLUGIN_NAME);
|
||||
free (relay_gnutls_priority_cache);
|
||||
relay_gnutls_priority_cache = NULL;
|
||||
@@ -128,7 +128,7 @@ relay_network_init ()
|
||||
{
|
||||
/* credentials */
|
||||
gnutls_certificate_allocate_credentials (&relay_gnutls_x509_cred);
|
||||
relay_network_set_ssl_cert_key (0);
|
||||
relay_network_set_tls_cert_key (0);
|
||||
|
||||
/* priority */
|
||||
relay_gnutls_priority_cache = malloc (sizeof (*relay_gnutls_priority_cache));
|
||||
|
||||
@@ -23,13 +23,13 @@
|
||||
#include <gnutls/gnutls.h>
|
||||
|
||||
extern int relay_network_init_ok;
|
||||
extern int relay_network_init_ssl_cert_key_ok;
|
||||
extern int relay_network_init_tls_cert_key_ok;
|
||||
|
||||
extern gnutls_certificate_credentials_t relay_gnutls_x509_cred;
|
||||
extern gnutls_priority_t *relay_gnutls_priority_cache;
|
||||
extern gnutls_dh_params_t *relay_gnutls_dh_params;
|
||||
|
||||
extern void relay_network_set_ssl_cert_key (int verbose);
|
||||
extern void relay_network_set_tls_cert_key (int verbose);
|
||||
extern void relay_network_set_priority ();
|
||||
extern void relay_network_init ();
|
||||
extern void relay_network_end ();
|
||||
|
||||
@@ -51,17 +51,17 @@ struct t_relay_server *last_relay_server = NULL;
|
||||
*
|
||||
* Examples:
|
||||
*
|
||||
* string ipv4 ipv6 ssl unix protocol protocol_args
|
||||
* string ipv4 ipv6 tls unix protocol protocol_args
|
||||
* ---------------------------------------------------------------
|
||||
* irc.libera 1 1 0 0 irc libera
|
||||
* ssl.irc.libera 1 1 1 0 irc libera
|
||||
* tls.irc.libera 1 1 1 0 irc libera
|
||||
* ipv4.irc.libera 1 0 0 0 irc libera
|
||||
* ipv6.irc.libera 0 1 0 0 irc libera
|
||||
* ipv4.ipv6.irc.libera 1 1 0 0 irc libera
|
||||
* ipv6.ssl.irc.libera 0 1 1 0 irc libera
|
||||
* ipv6.tls.irc.libera 0 1 1 0 irc libera
|
||||
* weechat 1 1 0 0 weechat
|
||||
* ssl.weechat 1 1 1 0 weechat
|
||||
* ipv6.ssl.weechat 0 1 1 0 weechat
|
||||
* tls.weechat 1 1 1 0 weechat
|
||||
* ipv6.tls.weechat 0 1 1 0 weechat
|
||||
* unix.weechat 0 0 0 1 weechat
|
||||
*
|
||||
* Note: *protocol and *protocol_args must be freed after use.
|
||||
@@ -69,16 +69,16 @@ struct t_relay_server *last_relay_server = NULL;
|
||||
|
||||
void
|
||||
relay_server_get_protocol_args (const char *protocol_and_args,
|
||||
int *ipv4, int *ipv6, int *ssl,
|
||||
int *ipv4, int *ipv6, int *tls,
|
||||
int *unix_socket,
|
||||
char **protocol, char **protocol_args)
|
||||
{
|
||||
int opt_ipv4, opt_ipv6, opt_ssl, opt_unix_socket;
|
||||
int opt_ipv4, opt_ipv6, opt_tls, opt_unix_socket;
|
||||
char *pos;
|
||||
|
||||
opt_ipv4 = -1;
|
||||
opt_ipv6 = -1;
|
||||
opt_ssl = 0;
|
||||
opt_tls = 0;
|
||||
opt_unix_socket = -1;
|
||||
while (1)
|
||||
{
|
||||
@@ -92,9 +92,9 @@ relay_server_get_protocol_args (const char *protocol_and_args,
|
||||
opt_ipv6 = 1;
|
||||
protocol_and_args += 5;
|
||||
}
|
||||
else if (strncmp (protocol_and_args, "ssl.", 4) == 0)
|
||||
else if (strncmp (protocol_and_args, "tls.", 4) == 0)
|
||||
{
|
||||
opt_ssl = 1;
|
||||
opt_tls = 1;
|
||||
protocol_and_args += 4;
|
||||
}
|
||||
else if (strncmp (protocol_and_args, "unix.", 5) == 0)
|
||||
@@ -134,8 +134,8 @@ relay_server_get_protocol_args (const char *protocol_and_args,
|
||||
*ipv4 = opt_ipv4;
|
||||
if (ipv6)
|
||||
*ipv6 = opt_ipv6;
|
||||
if (ssl)
|
||||
*ssl = opt_ssl;
|
||||
if (tls)
|
||||
*tls = opt_tls;
|
||||
if (unix_socket)
|
||||
*unix_socket = opt_unix_socket;
|
||||
|
||||
@@ -793,7 +793,7 @@ relay_server_create_socket (struct t_relay_server *server)
|
||||
struct t_relay_server *
|
||||
relay_server_new (const char *protocol_string, enum t_relay_protocol protocol,
|
||||
const char *protocol_args, int port, const char *path,
|
||||
int ipv4, int ipv6, int ssl, int unix_socket)
|
||||
int ipv4, int ipv6, int tls, int unix_socket)
|
||||
{
|
||||
struct t_relay_server *new_server, *dup_server;
|
||||
struct t_hashtable *options;
|
||||
@@ -842,7 +842,7 @@ relay_server_new (const char *protocol_string, enum t_relay_protocol protocol,
|
||||
weechat_hashtable_free (options);
|
||||
new_server->ipv4 = ipv4;
|
||||
new_server->ipv6 = ipv6;
|
||||
new_server->ssl = ssl;
|
||||
new_server->tls = tls;
|
||||
new_server->unix_socket = unix_socket;
|
||||
new_server->sock = -1;
|
||||
new_server->hook_fd = NULL;
|
||||
@@ -1010,7 +1010,7 @@ relay_server_add_to_infolist (struct t_infolist *infolist,
|
||||
return 0;
|
||||
if (!weechat_infolist_new_var_integer (ptr_item, "ipv6", server->ipv6))
|
||||
return 0;
|
||||
if (!weechat_infolist_new_var_integer (ptr_item, "ssl", server->ssl))
|
||||
if (!weechat_infolist_new_var_integer (ptr_item, "tls", server->tls))
|
||||
return 0;
|
||||
if (!weechat_infolist_new_var_integer (ptr_item, "unix_socket", server->unix_socket))
|
||||
return 0;
|
||||
@@ -1049,7 +1049,7 @@ relay_server_print_log ()
|
||||
weechat_log_printf (" path. . . . . . . . . : %s", ptr_server->path);
|
||||
weechat_log_printf (" ipv4. . . . . . . . . : %d", ptr_server->ipv4);
|
||||
weechat_log_printf (" ipv6. . . . . . . . . : %d", ptr_server->ipv6);
|
||||
weechat_log_printf (" ssl . . . . . . . . . : %d", ptr_server->ssl);
|
||||
weechat_log_printf (" tls . . . . . . . . . : %d", ptr_server->tls);
|
||||
weechat_log_printf (" unix_socket . . . . . : %d", ptr_server->unix_socket);
|
||||
weechat_log_printf (" sock. . . . . . . . . : %d", ptr_server->sock);
|
||||
weechat_log_printf (" hook_fd . . . . . . . : 0x%lx", ptr_server->hook_fd);
|
||||
|
||||
@@ -26,7 +26,7 @@
|
||||
|
||||
struct t_relay_server
|
||||
{
|
||||
char *protocol_string; /* example: "ipv6.ssl.irc.libera" */
|
||||
char *protocol_string; /* example: "ipv6.tls.irc.libera" */
|
||||
enum t_relay_protocol protocol; /* protocol (irc/weechat) */
|
||||
char *protocol_args; /* arguments used for protocol */
|
||||
/* example: server for irc protocol */
|
||||
@@ -37,7 +37,7 @@ struct t_relay_server
|
||||
/* port if IP */
|
||||
int ipv4; /* IPv4 protocol enabled */
|
||||
int ipv6; /* IPv6 protocol enabled */
|
||||
int ssl; /* 1 if SSL is enabled */
|
||||
int tls; /* 1 if TLS is enabled */
|
||||
int unix_socket; /* 1 if UNIX socket */
|
||||
int sock; /* socket for connection */
|
||||
struct t_hook *hook_fd; /* hook for socket */
|
||||
@@ -52,7 +52,7 @@ extern struct t_relay_server *last_relay_server;
|
||||
|
||||
extern void relay_server_get_protocol_args (const char *protocol_and_string,
|
||||
int *ipv4, int *ipv6,
|
||||
int *ssl, int *unix_socket,
|
||||
int *tls, int *unix_socket,
|
||||
char **protocol,
|
||||
char **protocol_args);
|
||||
extern struct t_relay_server *relay_server_search (const char *protocol_and_args);
|
||||
@@ -65,7 +65,7 @@ extern struct t_relay_server *relay_server_new (const char *protocol_string,
|
||||
const char *protocol_args,
|
||||
int port, const char *path,
|
||||
int ipv4, int ipv6,
|
||||
int ssl, int unix_socket);
|
||||
int tls, int unix_socket);
|
||||
extern void relay_server_update_path (struct t_relay_server *server,
|
||||
const char *path);
|
||||
extern void relay_server_update_port (struct t_relay_server *server, int port);
|
||||
|
||||
+11
-11
@@ -90,7 +90,7 @@ relay_signal_upgrade_cb (const void *pointer, void *data,
|
||||
{
|
||||
struct t_relay_server *ptr_server;
|
||||
struct t_relay_client *ptr_client;
|
||||
int quit, ssl_disconnected;
|
||||
int quit, tls_disconnected;
|
||||
|
||||
/* make C compiler happy */
|
||||
(void) pointer;
|
||||
@@ -117,24 +117,24 @@ relay_signal_upgrade_cb (const void *pointer, void *data,
|
||||
}
|
||||
|
||||
quit = (signal_data && (strcmp (signal_data, "quit") == 0));
|
||||
ssl_disconnected = 0;
|
||||
tls_disconnected = 0;
|
||||
|
||||
for (ptr_client = relay_clients; ptr_client;
|
||||
ptr_client = ptr_client->next_client)
|
||||
{
|
||||
/*
|
||||
* FIXME: it's not possible to upgrade with SSL clients connected (GnuTLS
|
||||
* FIXME: it's not possible to upgrade with TLS clients connected (GnuTLS
|
||||
* lib can't reload data after upgrade), so we close connection for
|
||||
* all SSL clients currently connected
|
||||
* all TLS clients currently connected
|
||||
*/
|
||||
if ((ptr_client->sock >= 0) && (ptr_client->ssl || quit))
|
||||
if ((ptr_client->sock >= 0) && (ptr_client->tls || quit))
|
||||
{
|
||||
if (!quit)
|
||||
{
|
||||
ssl_disconnected++;
|
||||
tls_disconnected++;
|
||||
weechat_printf (NULL,
|
||||
_("%s%s: disconnecting from client %s%s%s because "
|
||||
"upgrade can't work for clients connected via SSL"),
|
||||
"upgrade can't work for clients connected via TLS"),
|
||||
weechat_prefix ("error"),
|
||||
RELAY_PLUGIN_NAME,
|
||||
RELAY_COLOR_CHAT_CLIENT,
|
||||
@@ -144,15 +144,15 @@ relay_signal_upgrade_cb (const void *pointer, void *data,
|
||||
relay_client_set_status (ptr_client, RELAY_STATUS_DISCONNECTED);
|
||||
}
|
||||
}
|
||||
if (ssl_disconnected > 0)
|
||||
if (tls_disconnected > 0)
|
||||
{
|
||||
weechat_printf (NULL,
|
||||
/* TRANSLATORS: "%s" after "%d" is "client" or "clients" */
|
||||
_("%s%s: disconnected from %d %s (SSL connection "
|
||||
_("%s%s: disconnected from %d %s (TLS connection "
|
||||
"not supported with upgrade)"),
|
||||
weechat_prefix ("error"), RELAY_PLUGIN_NAME,
|
||||
ssl_disconnected,
|
||||
NG_("client", "clients", ssl_disconnected));
|
||||
tls_disconnected,
|
||||
NG_("client", "clients", tls_disconnected));
|
||||
}
|
||||
|
||||
return WEECHAT_RC_OK;
|
||||
|
||||
@@ -349,7 +349,7 @@ RELAY_WEECHAT_PROTOCOL_CALLBACK(handshake)
|
||||
* Format is: init arg1=value1,arg2=value2
|
||||
*
|
||||
* Allowed arguments:
|
||||
* password plain text password (recommended with SSL only)
|
||||
* password plain text password (recommended with TLS only)
|
||||
* password_hash hashed password, value is: algorithm:[parameters:]hash
|
||||
* supported algorithms: sha256, sha512 and pbkdf2
|
||||
* for pbkdf2, parameters are: algorithm, salt, iterations
|
||||
|
||||
Reference in New Issue
Block a user