pegasus/weechat
1
0
Fork 0
mirror of https://github.com/weechat/weechat.git synced 2026-06-12 14:14:48 +02:00
Code Activity

core, irc, relay: add tag "tls" in gnutls messages

Browse Source
This commit is contained in:
Sébastien Helleu
2025-11-22 14:52:02 +01:00
parent b8048b1666
commit c2ff484995
6 changed files with 113 additions and 107 deletions
Download Patch File Download Diff File Expand all files Collapse all files
CHANGELOG.md
+1
View File
@@ -28,6 +28,7 @@ SPDX-License-Identifier: GPL-3.0-or-later
- relay/api: return an error 400 (Bad Request) when URL parameters "colors", "nicks", "lines" and "lines_free" have an invalid value
- relay/api: return an error 401 (Unauthorized) when header "x-weechat-totp" has an invalid value
- xfer: add buffer local variable "server" in DCC CHAT buffers
- core, irc, relay: add tag "tls" in gnutls messages
- build: require Curl ≥ 7.68.0 ([#2268](https://github.com/weechat/weechat/issues/2268))
- build: require GnuTLS ≥ 3.6.3 ([#2268](https://github.com/weechat/weechat/issues/2268))
- build: require libgcrypt ≥ 1.8.0 ([#2268](https://github.com/weechat/weechat/issues/2268))
src/core/core-network.c
+16 -15
View File
@@ -120,8 +120,8 @@ network_load_system_ca_file (int force_display)
rc = gnutls_certificate_set_x509_system_trust (gnutls_xcred);
if (rc < 0)
{
gui_chat_printf (
NULL,
gui_chat_printf_date_tags (
NULL, 0, "tls",
_("%sWarning: failed to load system certificate authorities"),
gui_chat_prefix[GUI_CHAT_PREFIX_ERROR]);
return 0;
@@ -129,8 +129,8 @@ network_load_system_ca_file (int force_display)
if (force_display || (weechat_debug_core >= 1))
{
gui_chat_printf (
NULL,
gui_chat_printf_date_tags (
NULL, 0, "tls",
NG_("%d certificate loaded (system)",
"%d certificates loaded (system)",
rc),
@@ -185,8 +185,8 @@ network_load_user_ca_files (int force_display)
gnutls_xcred, ca_path, GNUTLS_X509_FMT_PEM);
if (rc < 0)
{
gui_chat_printf (
NULL,
gui_chat_printf_date_tags (
NULL, 0, "tls",
_("%sWarning: failed to load certificate authorities "
"from file %s"),
gui_chat_prefix[GUI_CHAT_PREFIX_ERROR],
@@ -197,8 +197,8 @@ network_load_user_ca_files (int force_display)
num_loaded += rc;
if (force_display || (weechat_debug_core >= 1))
{
gui_chat_printf (
NULL,
gui_chat_printf_date_tags (
NULL, 0, "tls",
NG_("%d certificate loaded (file: %s)",
"%d certificates loaded (file: %s)",
rc),
@@ -208,8 +208,8 @@ network_load_user_ca_files (int force_display)
}
else
{
gui_chat_printf (
NULL,
gui_chat_printf_date_tags (
NULL, 0, "tls",
_("%sWarning: failed to load certificate authorities "
"from file %s (file not found)"),
gui_chat_prefix[GUI_CHAT_PREFIX_ERROR],
@@ -259,11 +259,12 @@ network_reload_ca_files (int force_display)
gnutls_certificate_free_credentials (gnutls_xcred);
if (force_display || (weechat_debug_core >= 1))
{
gui_chat_printf (NULL,
NG_("%d certificate purged",
"%d certificates purged",
network_num_certs),
network_num_certs);
gui_chat_printf_date_tags (
NULL, 0, "tls",
NG_("%d certificate purged",
"%d certificates purged",
network_num_certs),
network_num_certs);
}
network_allocate_credentials ();
network_load_ca_files (force_display);
src/plugins/irc/irc-server.c
+42 -42
View File
@@ -4956,8 +4956,8 @@ irc_server_check_certificate_fingerprint (struct t_irc_server *server,
fingerprint_server[algo],
&size_bytes) != GNUTLS_E_SUCCESS)
{
weechat_printf (
server->buffer,
weechat_printf_date_tags (
server->buffer, 0, "tls",
_("%sgnutls: failed to calculate certificate "
"fingerprint (%s)"),
weechat_prefix ("error"),
@@ -4968,8 +4968,8 @@ irc_server_check_certificate_fingerprint (struct t_irc_server *server,
}
else
{
weechat_printf (
server->buffer,
weechat_printf_date_tags (
server->buffer, 0, "tls",
_("%s%s: not enough memory (%s)"),
weechat_prefix ("error"), IRC_PLUGIN_NAME,
"fingerprint");
@@ -5054,8 +5054,8 @@ irc_server_gnutls_callback (const void *pointer, void *data,
/* initialize the certificate structure */
if (gnutls_x509_crt_init (&cert_temp) != GNUTLS_E_SUCCESS)
{
weechat_printf (
server->buffer,
weechat_printf_date_tags (
server->buffer, 0, "tls",
_("%sgnutls: failed to initialize certificate structure"),
weechat_prefix ("error"));
rc = -1;
@@ -5083,8 +5083,8 @@ irc_server_gnutls_callback (const void *pointer, void *data,
cert_list = gnutls_certificate_get_peers (tls_session, &cert_list_len);
if (cert_list)
{
weechat_printf (
server->buffer,
weechat_printf_date_tags (
server->buffer, 0, "tls",
NG_("%sgnutls: receiving %d certificate",
"%sgnutls: receiving %d certificates",
cert_list_len),
@@ -5097,8 +5097,8 @@ irc_server_gnutls_callback (const void *pointer, void *data,
&cert_list[i],
GNUTLS_X509_FMT_DER) != GNUTLS_E_SUCCESS)
{
weechat_printf (
server->buffer,
weechat_printf_date_tags (
server->buffer, 0, "tls",
_("%sgnutls: failed to import certificate[%d]"),
weechat_prefix ("error"), i + 1);
rc = -1;
@@ -5126,12 +5126,12 @@ irc_server_gnutls_callback (const void *pointer, void *data,
GNUTLS_CRT_PRINT_ONELINE, &cinfo);
if (rinfo == 0)
{
weechat_printf (
server->buffer,
weechat_printf_date_tags (
server->buffer, 0, "tls",
_("%s - certificate[%d] info:"),
weechat_prefix ("network"), i + 1);
weechat_printf (
server->buffer,
weechat_printf_date_tags (
server->buffer, 0, "tls",
"%s - %s",
weechat_prefix ("network"), cinfo.data);
gnutls_free (cinfo.data);
@@ -5143,8 +5143,8 @@ irc_server_gnutls_callback (const void *pointer, void *data,
cert_time = gnutls_x509_crt_get_expiration_time (cert_temp);
if (cert_time < time (NULL))
{
weechat_printf (
server->buffer,
weechat_printf_date_tags (
server->buffer, 0, "tls",
_("%sgnutls: certificate has expired"),
weechat_prefix ("error"));
rc = -1;
@@ -5153,8 +5153,8 @@ irc_server_gnutls_callback (const void *pointer, void *data,
cert_time = gnutls_x509_crt_get_activation_time (cert_temp);
if (cert_time > time (NULL))
{
weechat_printf (
server->buffer,
weechat_printf_date_tags (
server->buffer, 0, "tls",
_("%sgnutls: certificate is not yet activated"),
weechat_prefix ("error"));
rc = -1;
@@ -5170,15 +5170,15 @@ irc_server_gnutls_callback (const void *pointer, void *data,
{
if (fingerprint_match)
{
weechat_printf (
server->buffer,
weechat_printf_date_tags (
server->buffer, 0, "tls",
_("%sgnutls: certificate fingerprint matches"),
weechat_prefix ("network"));
}
else
{
weechat_printf (
server->buffer,
weechat_printf_date_tags (
server->buffer, 0, "tls",
_("%sgnutls: certificate fingerprint does NOT match "
"(check value of option "
"irc.server.%s.tls_fingerprint)"),
@@ -5190,8 +5190,8 @@ irc_server_gnutls_callback (const void *pointer, void *data,
if (!hostname_match)
{
weechat_printf (
server->buffer,
weechat_printf_date_tags (
server->buffer, 0, "tls",
_("%sgnutls: the hostname in the certificate does NOT "
"match \"%s\""),
weechat_prefix ("error"), server->current_address);
@@ -5202,8 +5202,8 @@ irc_server_gnutls_callback (const void *pointer, void *data,
/* verify the peers certificate */
if (gnutls_certificate_verify_peers2 (tls_session, &status) < 0)
{
weechat_printf (
server->buffer,
weechat_printf_date_tags (
server->buffer, 0, "tls",
_("%sgnutls: error while checking peer's certificate"),
weechat_prefix ("error"));
rc = -1;
@@ -5213,16 +5213,16 @@ irc_server_gnutls_callback (const void *pointer, void *data,
/* check if certificate is trusted */
if (status & GNUTLS_CERT_INVALID)
{
weechat_printf (
server->buffer,
weechat_printf_date_tags (
server->buffer, 0, "tls",
_("%sgnutls: peer's certificate is NOT trusted"),
weechat_prefix ("error"));
rc = -1;
}
else
{
weechat_printf (
server->buffer,
weechat_printf_date_tags (
server->buffer, 0, "tls",
_("%sgnutls: peer's certificate is trusted"),
weechat_prefix ("network"));
}
@@ -5230,8 +5230,8 @@ irc_server_gnutls_callback (const void *pointer, void *data,
/* check if certificate issuer is known */
if (status & GNUTLS_CERT_SIGNER_NOT_FOUND)
{
weechat_printf (
server->buffer,
weechat_printf_date_tags (
server->buffer, 0, "tls",
_("%sgnutls: peer's certificate issuer is unknown"),
weechat_prefix ("error"));
rc = -1;
@@ -5240,8 +5240,8 @@ irc_server_gnutls_callback (const void *pointer, void *data,
/* check that certificate is not revoked */
if (status & GNUTLS_CERT_REVOKED)
{
weechat_printf (
server->buffer,
weechat_printf_date_tags (
server->buffer, 0, "tls",
_("%sgnutls: the certificate has been revoked"),
weechat_prefix ("error"));
rc = -1;
@@ -5269,8 +5269,8 @@ irc_server_gnutls_callback (const void *pointer, void *data,
cert_str = weechat_file_get_content (cert_path);
if (cert_str)
{
weechat_printf (
server->buffer,
weechat_printf_date_tags (
server->buffer, 0, "tls",
_("%sgnutls: sending one certificate"),
weechat_prefix ("network"));
@@ -5307,8 +5307,8 @@ irc_server_gnutls_callback (const void *pointer, void *data,
}
if (ret < 0)
{
weechat_printf (
server->buffer,
weechat_printf_date_tags (
server->buffer, 0, "tls",
_("%sgnutls: invalid certificate \"%s\", error: "
"%s"),
weechat_prefix ("error"), cert_path,
@@ -5329,8 +5329,8 @@ irc_server_gnutls_callback (const void *pointer, void *data,
&cinfo);
if (rinfo == 0)
{
weechat_printf (
server->buffer,
weechat_printf_date_tags (
server->buffer, 0, "tls",
_("%s - client certificate info (%s):"),
weechat_prefix ("network"), cert_path);
weechat_printf (
@@ -5346,8 +5346,8 @@ irc_server_gnutls_callback (const void *pointer, void *data,
}
else
{
weechat_printf (
server->buffer,
weechat_printf_date_tags (
server->buffer, 0, "tls",
_("%sgnutls: unable to read certificate \"%s\""),
weechat_prefix ("error"), cert_path);
}
src/plugins/relay/api/remote/relay-remote-network.c
+26 -26
View File
@@ -1007,8 +1007,8 @@ relay_remote_network_gnutls_callback (const void *pointer, void *data,
/* initialize the certificate structure */
if (gnutls_x509_crt_init (&cert_temp) != GNUTLS_E_SUCCESS)
{
weechat_printf (
NULL,
weechat_printf_date_tags (
NULL, 0, "tls",
_("%sremote[%s]: gnutls: failed to initialize certificate structure"),
weechat_prefix ("error"), remote->name);
rc = -1;
@@ -1025,8 +1025,8 @@ relay_remote_network_gnutls_callback (const void *pointer, void *data,
cert_list = gnutls_certificate_get_peers (tls_session, &cert_list_len);
if (cert_list)
{
weechat_printf (
NULL,
weechat_printf_date_tags (
NULL, 0, "tls",
NG_("remote[%s]: gnutls: receiving %d certificate",
"remote[%s]: gnutls: receiving %d certificates",
cert_list_len),
@@ -1039,8 +1039,8 @@ relay_remote_network_gnutls_callback (const void *pointer, void *data,
&cert_list[i],
GNUTLS_X509_FMT_DER) != GNUTLS_E_SUCCESS)
{
weechat_printf (
NULL,
weechat_printf_date_tags (
NULL, 0, "tls",
_("%sremote[%s]: gnutls: failed to import certificate[%d]"),
weechat_prefix ("error"), remote->name, i + 1);
rc = -1;
@@ -1062,12 +1062,12 @@ relay_remote_network_gnutls_callback (const void *pointer, void *data,
GNUTLS_CRT_PRINT_ONELINE, &cinfo);
if (rinfo == 0)
{
weechat_printf (
NULL,
weechat_printf_date_tags (
NULL, 0, "tls",
_("remote[%s] - certificate[%d] info:"),
remote->name, i + 1);
weechat_printf (
NULL,
weechat_printf_date_tags (
NULL, 0, "tls",
"remote[%s] - %s",
remote->name, cinfo.data);
gnutls_free (cinfo.data);
@@ -1076,8 +1076,8 @@ relay_remote_network_gnutls_callback (const void *pointer, void *data,
cert_time = gnutls_x509_crt_get_expiration_time (cert_temp);
if (cert_time < time (NULL))
{
weechat_printf (
NULL,
weechat_printf_date_tags (
NULL, 0, "tls",
_("%sremote[%s]: gnutls: certificate has expired"),
weechat_prefix ("error"), remote->name);
rc = -1;
@@ -1086,8 +1086,8 @@ relay_remote_network_gnutls_callback (const void *pointer, void *data,
cert_time = gnutls_x509_crt_get_activation_time (cert_temp);
if (cert_time > time (NULL))
{
weechat_printf (
NULL,
weechat_printf_date_tags (
NULL, 0, "tls",
_("%sremote[%s]: gnutls: certificate is not yet activated"),
weechat_prefix ("error"), remote->name);
rc = -1;
@@ -1096,8 +1096,8 @@ relay_remote_network_gnutls_callback (const void *pointer, void *data,
if (!hostname_match)
{
weechat_printf (
NULL,
weechat_printf_date_tags (
NULL, 0, "tls",
_("%sremote[%s]: gnutls: the hostname in the certificate "
"does NOT match \"%s\""),
weechat_prefix ("error"), remote->name, remote->address);
@@ -1108,8 +1108,8 @@ relay_remote_network_gnutls_callback (const void *pointer, void *data,
/* verify the peers certificate */
if (gnutls_certificate_verify_peers2 (tls_session, &status) < 0)
{
weechat_printf (
NULL,
weechat_printf_date_tags (
NULL, 0, "tls",
_("%sremote[%s]: gnutls: error while checking peer's certificate"),
weechat_prefix ("error"), remote->name);
rc = -1;
@@ -1119,16 +1119,16 @@ relay_remote_network_gnutls_callback (const void *pointer, void *data,
/* check if certificate is trusted */
if (status & GNUTLS_CERT_INVALID)
{
weechat_printf (
NULL,
weechat_printf_date_tags (
NULL, 0, "tls",
_("%sremote[%s]: gnutls: peer's certificate is NOT trusted"),
weechat_prefix ("error"), remote->name);
rc = -1;
}
else
{
weechat_printf (
NULL,
weechat_printf_date_tags (
NULL, 0, "tls",
_("remote[%s]: gnutls: peer's certificate is trusted"),
remote->name);
}
@@ -1136,8 +1136,8 @@ relay_remote_network_gnutls_callback (const void *pointer, void *data,
/* check if certificate issuer is known */
if (status & GNUTLS_CERT_SIGNER_NOT_FOUND)
{
weechat_printf (
NULL,
weechat_printf_date_tags (
NULL, 0, "tls",
_("%sremote[%s]: gnutls: peer's certificate issuer is unknown"),
weechat_prefix ("error"), remote->name);
rc = -1;
@@ -1146,8 +1146,8 @@ relay_remote_network_gnutls_callback (const void *pointer, void *data,
/* check that certificate is not revoked */
if (status & GNUTLS_CERT_REVOKED)
{
weechat_printf (
NULL,
weechat_printf_date_tags (
NULL, 0, "tls",
_("%sremote[%s]: gnutls: the certificate has been revoked"),
weechat_prefix ("error"), remote->name);
rc = -1;
src/plugins/relay/relay-client.c
+3 -3
View File
@@ -252,7 +252,7 @@ relay_client_handshake_timer_cb (const void *pointer, void *data,
{
/* handshake error, disconnect client */
weechat_printf_date_tags (
NULL, 0, "relay_client",
NULL, 0, "relay_client,tls",
_("%s%s: TLS handshake failed for client %s%s%s: error %d %s"),
weechat_prefix ("error"),
RELAY_PLUGIN_NAME,
@@ -271,7 +271,7 @@ relay_client_handshake_timer_cb (const void *pointer, void *data,
{
/* handshake timeout, disconnect client */
weechat_printf_date_tags (
NULL, 0, "relay_client",
NULL, 0, "relay_client,tls",
_("%s%s: TLS handshake timeout for client %s%s%s"),
weechat_prefix ("error"),
RELAY_PLUGIN_NAME,
@@ -1433,7 +1433,7 @@ relay_client_new (int sock, const char *address, struct t_relay_server *server)
if (!relay_network_init_tls_cert_key_ok)
{
weechat_printf_date_tags (
NULL, 0, "relay_client",
NULL, 0, "relay_client,tls",
_("%s%s: warning: no TLS certificate/key found (option "
"relay.network.tls_cert_key)"),
weechat_prefix ("error"),
src/plugins/relay/relay-network.c
+25 -21
View File
@@ -66,10 +66,11 @@ relay_network_set_tls_cert_key (int verbose)
{
if (verbose)
{
weechat_printf (NULL,
_("%s%s: no TLS certificate/key found (option "
"relay.network.tls_cert_key is empty)"),
weechat_prefix ("error"), RELAY_PLUGIN_NAME);
weechat_printf_date_tags (
NULL, 0, "tls",
_("%s%s: no TLS certificate/key found (option "
"relay.network.tls_cert_key is empty)"),
weechat_prefix ("error"), RELAY_PLUGIN_NAME);
}
return;
}
@@ -98,23 +99,25 @@ relay_network_set_tls_cert_key (int verbose)
relay_network_init_tls_cert_key_ok = 1;
if (verbose)
{
weechat_printf (NULL,
_("%s: TLS certificate and key have been "
"set"),
RELAY_PLUGIN_NAME);
weechat_printf_date_tags (
NULL, 0, "tls",
_("%s: TLS certificate and key have been "
"set"),
RELAY_PLUGIN_NAME);
}
}
else
{
if (verbose)
{
weechat_printf (NULL,
_("%s%s: gnutls error: %s: %s "
"(option relay.network.tls_cert_key)"),
weechat_prefix ("error"),
RELAY_PLUGIN_NAME,
gnutls_strerror_name (ret),
gnutls_strerror (ret));
weechat_printf_date_tags (
NULL, 0, "tls",
_("%s%s: gnutls error: %s: %s "
"(option relay.network.tls_cert_key)"),
weechat_prefix ("error"),
RELAY_PLUGIN_NAME,
gnutls_strerror_name (ret),
gnutls_strerror (ret));
}
}
}
@@ -122,12 +125,13 @@ relay_network_set_tls_cert_key (int verbose)
{
if (verbose)
{
weechat_printf (NULL,
_("%s%s: error: file with TLS certificate/key "
"is not readable: \"%s\" "
"(option relay.network.tls_cert_key)"),
weechat_prefix ("error"), RELAY_PLUGIN_NAME,
certkey_path);
weechat_printf_date_tags (
NULL, 0, "tls",
_("%s%s: error: file with TLS certificate/key "
"is not readable: \"%s\" "
"(option relay.network.tls_cert_key)"),
weechat_prefix ("error"), RELAY_PLUGIN_NAME,
certkey_path);
}
}
}