From c2ff4849950eeac3a0196588173c0c718639bbc0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?S=C3=A9bastien=20Helleu?= Date: Sat, 22 Nov 2025 14:52:02 +0100 Subject: [PATCH] core, irc, relay: add tag "tls" in gnutls messages --- CHANGELOG.md | 1 + src/core/core-network.c | 31 +++---- src/plugins/irc/irc-server.c | 84 +++++++++---------- .../relay/api/remote/relay-remote-network.c | 52 ++++++------ src/plugins/relay/relay-client.c | 6 +- src/plugins/relay/relay-network.c | 46 +++++----- 6 files changed, 113 insertions(+), 107 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 7b23c0ba8..ce1fa1b3f 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -28,6 +28,7 @@ SPDX-License-Identifier: GPL-3.0-or-later - relay/api: return an error 400 (Bad Request) when URL parameters "colors", "nicks", "lines" and "lines_free" have an invalid value - relay/api: return an error 401 (Unauthorized) when header "x-weechat-totp" has an invalid value - xfer: add buffer local variable "server" in DCC CHAT buffers +- core, irc, relay: add tag "tls" in gnutls messages - build: require Curl ≥ 7.68.0 ([#2268](https://github.com/weechat/weechat/issues/2268)) - build: require GnuTLS ≥ 3.6.3 ([#2268](https://github.com/weechat/weechat/issues/2268)) - build: require libgcrypt ≥ 1.8.0 ([#2268](https://github.com/weechat/weechat/issues/2268)) diff --git a/src/core/core-network.c b/src/core/core-network.c index 01e9a2792..58b50ef81 100644 --- a/src/core/core-network.c +++ b/src/core/core-network.c @@ -120,8 +120,8 @@ network_load_system_ca_file (int force_display) rc = gnutls_certificate_set_x509_system_trust (gnutls_xcred); if (rc < 0) { - gui_chat_printf ( - NULL, + gui_chat_printf_date_tags ( + NULL, 0, "tls", _("%sWarning: failed to load system certificate authorities"), gui_chat_prefix[GUI_CHAT_PREFIX_ERROR]); return 0; @@ -129,8 +129,8 @@ network_load_system_ca_file (int force_display) if (force_display || (weechat_debug_core >= 1)) { - gui_chat_printf ( - NULL, + gui_chat_printf_date_tags ( + NULL, 0, "tls", NG_("%d certificate loaded (system)", "%d certificates loaded (system)", rc), @@ -185,8 +185,8 @@ network_load_user_ca_files (int force_display) gnutls_xcred, ca_path, GNUTLS_X509_FMT_PEM); if (rc < 0) { - gui_chat_printf ( - NULL, + gui_chat_printf_date_tags ( + NULL, 0, "tls", _("%sWarning: failed to load certificate authorities " "from file %s"), gui_chat_prefix[GUI_CHAT_PREFIX_ERROR], @@ -197,8 +197,8 @@ network_load_user_ca_files (int force_display) num_loaded += rc; if (force_display || (weechat_debug_core >= 1)) { - gui_chat_printf ( - NULL, + gui_chat_printf_date_tags ( + NULL, 0, "tls", NG_("%d certificate loaded (file: %s)", "%d certificates loaded (file: %s)", rc), @@ -208,8 +208,8 @@ network_load_user_ca_files (int force_display) } else { - gui_chat_printf ( - NULL, + gui_chat_printf_date_tags ( + NULL, 0, "tls", _("%sWarning: failed to load certificate authorities " "from file %s (file not found)"), gui_chat_prefix[GUI_CHAT_PREFIX_ERROR], @@ -259,11 +259,12 @@ network_reload_ca_files (int force_display) gnutls_certificate_free_credentials (gnutls_xcred); if (force_display || (weechat_debug_core >= 1)) { - gui_chat_printf (NULL, - NG_("%d certificate purged", - "%d certificates purged", - network_num_certs), - network_num_certs); + gui_chat_printf_date_tags ( + NULL, 0, "tls", + NG_("%d certificate purged", + "%d certificates purged", + network_num_certs), + network_num_certs); } network_allocate_credentials (); network_load_ca_files (force_display); diff --git a/src/plugins/irc/irc-server.c b/src/plugins/irc/irc-server.c index 3fd00b040..bc92db1ae 100644 --- a/src/plugins/irc/irc-server.c +++ b/src/plugins/irc/irc-server.c @@ -4956,8 +4956,8 @@ irc_server_check_certificate_fingerprint (struct t_irc_server *server, fingerprint_server[algo], &size_bytes) != GNUTLS_E_SUCCESS) { - weechat_printf ( - server->buffer, + weechat_printf_date_tags ( + server->buffer, 0, "tls", _("%sgnutls: failed to calculate certificate " "fingerprint (%s)"), weechat_prefix ("error"), @@ -4968,8 +4968,8 @@ irc_server_check_certificate_fingerprint (struct t_irc_server *server, } else { - weechat_printf ( - server->buffer, + weechat_printf_date_tags ( + server->buffer, 0, "tls", _("%s%s: not enough memory (%s)"), weechat_prefix ("error"), IRC_PLUGIN_NAME, "fingerprint"); @@ -5054,8 +5054,8 @@ irc_server_gnutls_callback (const void *pointer, void *data, /* initialize the certificate structure */ if (gnutls_x509_crt_init (&cert_temp) != GNUTLS_E_SUCCESS) { - weechat_printf ( - server->buffer, + weechat_printf_date_tags ( + server->buffer, 0, "tls", _("%sgnutls: failed to initialize certificate structure"), weechat_prefix ("error")); rc = -1; @@ -5083,8 +5083,8 @@ irc_server_gnutls_callback (const void *pointer, void *data, cert_list = gnutls_certificate_get_peers (tls_session, &cert_list_len); if (cert_list) { - weechat_printf ( - server->buffer, + weechat_printf_date_tags ( + server->buffer, 0, "tls", NG_("%sgnutls: receiving %d certificate", "%sgnutls: receiving %d certificates", cert_list_len), @@ -5097,8 +5097,8 @@ irc_server_gnutls_callback (const void *pointer, void *data, &cert_list[i], GNUTLS_X509_FMT_DER) != GNUTLS_E_SUCCESS) { - weechat_printf ( - server->buffer, + weechat_printf_date_tags ( + server->buffer, 0, "tls", _("%sgnutls: failed to import certificate[%d]"), weechat_prefix ("error"), i + 1); rc = -1; @@ -5126,12 +5126,12 @@ irc_server_gnutls_callback (const void *pointer, void *data, GNUTLS_CRT_PRINT_ONELINE, &cinfo); if (rinfo == 0) { - weechat_printf ( - server->buffer, + weechat_printf_date_tags ( + server->buffer, 0, "tls", _("%s - certificate[%d] info:"), weechat_prefix ("network"), i + 1); - weechat_printf ( - server->buffer, + weechat_printf_date_tags ( + server->buffer, 0, "tls", "%s - %s", weechat_prefix ("network"), cinfo.data); gnutls_free (cinfo.data); @@ -5143,8 +5143,8 @@ irc_server_gnutls_callback (const void *pointer, void *data, cert_time = gnutls_x509_crt_get_expiration_time (cert_temp); if (cert_time < time (NULL)) { - weechat_printf ( - server->buffer, + weechat_printf_date_tags ( + server->buffer, 0, "tls", _("%sgnutls: certificate has expired"), weechat_prefix ("error")); rc = -1; @@ -5153,8 +5153,8 @@ irc_server_gnutls_callback (const void *pointer, void *data, cert_time = gnutls_x509_crt_get_activation_time (cert_temp); if (cert_time > time (NULL)) { - weechat_printf ( - server->buffer, + weechat_printf_date_tags ( + server->buffer, 0, "tls", _("%sgnutls: certificate is not yet activated"), weechat_prefix ("error")); rc = -1; @@ -5170,15 +5170,15 @@ irc_server_gnutls_callback (const void *pointer, void *data, { if (fingerprint_match) { - weechat_printf ( - server->buffer, + weechat_printf_date_tags ( + server->buffer, 0, "tls", _("%sgnutls: certificate fingerprint matches"), weechat_prefix ("network")); } else { - weechat_printf ( - server->buffer, + weechat_printf_date_tags ( + server->buffer, 0, "tls", _("%sgnutls: certificate fingerprint does NOT match " "(check value of option " "irc.server.%s.tls_fingerprint)"), @@ -5190,8 +5190,8 @@ irc_server_gnutls_callback (const void *pointer, void *data, if (!hostname_match) { - weechat_printf ( - server->buffer, + weechat_printf_date_tags ( + server->buffer, 0, "tls", _("%sgnutls: the hostname in the certificate does NOT " "match \"%s\""), weechat_prefix ("error"), server->current_address); @@ -5202,8 +5202,8 @@ irc_server_gnutls_callback (const void *pointer, void *data, /* verify the peer’s certificate */ if (gnutls_certificate_verify_peers2 (tls_session, &status) < 0) { - weechat_printf ( - server->buffer, + weechat_printf_date_tags ( + server->buffer, 0, "tls", _("%sgnutls: error while checking peer's certificate"), weechat_prefix ("error")); rc = -1; @@ -5213,16 +5213,16 @@ irc_server_gnutls_callback (const void *pointer, void *data, /* check if certificate is trusted */ if (status & GNUTLS_CERT_INVALID) { - weechat_printf ( - server->buffer, + weechat_printf_date_tags ( + server->buffer, 0, "tls", _("%sgnutls: peer's certificate is NOT trusted"), weechat_prefix ("error")); rc = -1; } else { - weechat_printf ( - server->buffer, + weechat_printf_date_tags ( + server->buffer, 0, "tls", _("%sgnutls: peer's certificate is trusted"), weechat_prefix ("network")); } @@ -5230,8 +5230,8 @@ irc_server_gnutls_callback (const void *pointer, void *data, /* check if certificate issuer is known */ if (status & GNUTLS_CERT_SIGNER_NOT_FOUND) { - weechat_printf ( - server->buffer, + weechat_printf_date_tags ( + server->buffer, 0, "tls", _("%sgnutls: peer's certificate issuer is unknown"), weechat_prefix ("error")); rc = -1; @@ -5240,8 +5240,8 @@ irc_server_gnutls_callback (const void *pointer, void *data, /* check that certificate is not revoked */ if (status & GNUTLS_CERT_REVOKED) { - weechat_printf ( - server->buffer, + weechat_printf_date_tags ( + server->buffer, 0, "tls", _("%sgnutls: the certificate has been revoked"), weechat_prefix ("error")); rc = -1; @@ -5269,8 +5269,8 @@ irc_server_gnutls_callback (const void *pointer, void *data, cert_str = weechat_file_get_content (cert_path); if (cert_str) { - weechat_printf ( - server->buffer, + weechat_printf_date_tags ( + server->buffer, 0, "tls", _("%sgnutls: sending one certificate"), weechat_prefix ("network")); @@ -5307,8 +5307,8 @@ irc_server_gnutls_callback (const void *pointer, void *data, } if (ret < 0) { - weechat_printf ( - server->buffer, + weechat_printf_date_tags ( + server->buffer, 0, "tls", _("%sgnutls: invalid certificate \"%s\", error: " "%s"), weechat_prefix ("error"), cert_path, @@ -5329,8 +5329,8 @@ irc_server_gnutls_callback (const void *pointer, void *data, &cinfo); if (rinfo == 0) { - weechat_printf ( - server->buffer, + weechat_printf_date_tags ( + server->buffer, 0, "tls", _("%s - client certificate info (%s):"), weechat_prefix ("network"), cert_path); weechat_printf ( @@ -5346,8 +5346,8 @@ irc_server_gnutls_callback (const void *pointer, void *data, } else { - weechat_printf ( - server->buffer, + weechat_printf_date_tags ( + server->buffer, 0, "tls", _("%sgnutls: unable to read certificate \"%s\""), weechat_prefix ("error"), cert_path); } diff --git a/src/plugins/relay/api/remote/relay-remote-network.c b/src/plugins/relay/api/remote/relay-remote-network.c index fd004be8f..f05156cf6 100644 --- a/src/plugins/relay/api/remote/relay-remote-network.c +++ b/src/plugins/relay/api/remote/relay-remote-network.c @@ -1007,8 +1007,8 @@ relay_remote_network_gnutls_callback (const void *pointer, void *data, /* initialize the certificate structure */ if (gnutls_x509_crt_init (&cert_temp) != GNUTLS_E_SUCCESS) { - weechat_printf ( - NULL, + weechat_printf_date_tags ( + NULL, 0, "tls", _("%sremote[%s]: gnutls: failed to initialize certificate structure"), weechat_prefix ("error"), remote->name); rc = -1; @@ -1025,8 +1025,8 @@ relay_remote_network_gnutls_callback (const void *pointer, void *data, cert_list = gnutls_certificate_get_peers (tls_session, &cert_list_len); if (cert_list) { - weechat_printf ( - NULL, + weechat_printf_date_tags ( + NULL, 0, "tls", NG_("remote[%s]: gnutls: receiving %d certificate", "remote[%s]: gnutls: receiving %d certificates", cert_list_len), @@ -1039,8 +1039,8 @@ relay_remote_network_gnutls_callback (const void *pointer, void *data, &cert_list[i], GNUTLS_X509_FMT_DER) != GNUTLS_E_SUCCESS) { - weechat_printf ( - NULL, + weechat_printf_date_tags ( + NULL, 0, "tls", _("%sremote[%s]: gnutls: failed to import certificate[%d]"), weechat_prefix ("error"), remote->name, i + 1); rc = -1; @@ -1062,12 +1062,12 @@ relay_remote_network_gnutls_callback (const void *pointer, void *data, GNUTLS_CRT_PRINT_ONELINE, &cinfo); if (rinfo == 0) { - weechat_printf ( - NULL, + weechat_printf_date_tags ( + NULL, 0, "tls", _("remote[%s] - certificate[%d] info:"), remote->name, i + 1); - weechat_printf ( - NULL, + weechat_printf_date_tags ( + NULL, 0, "tls", "remote[%s] - %s", remote->name, cinfo.data); gnutls_free (cinfo.data); @@ -1076,8 +1076,8 @@ relay_remote_network_gnutls_callback (const void *pointer, void *data, cert_time = gnutls_x509_crt_get_expiration_time (cert_temp); if (cert_time < time (NULL)) { - weechat_printf ( - NULL, + weechat_printf_date_tags ( + NULL, 0, "tls", _("%sremote[%s]: gnutls: certificate has expired"), weechat_prefix ("error"), remote->name); rc = -1; @@ -1086,8 +1086,8 @@ relay_remote_network_gnutls_callback (const void *pointer, void *data, cert_time = gnutls_x509_crt_get_activation_time (cert_temp); if (cert_time > time (NULL)) { - weechat_printf ( - NULL, + weechat_printf_date_tags ( + NULL, 0, "tls", _("%sremote[%s]: gnutls: certificate is not yet activated"), weechat_prefix ("error"), remote->name); rc = -1; @@ -1096,8 +1096,8 @@ relay_remote_network_gnutls_callback (const void *pointer, void *data, if (!hostname_match) { - weechat_printf ( - NULL, + weechat_printf_date_tags ( + NULL, 0, "tls", _("%sremote[%s]: gnutls: the hostname in the certificate " "does NOT match \"%s\""), weechat_prefix ("error"), remote->name, remote->address); @@ -1108,8 +1108,8 @@ relay_remote_network_gnutls_callback (const void *pointer, void *data, /* verify the peer’s certificate */ if (gnutls_certificate_verify_peers2 (tls_session, &status) < 0) { - weechat_printf ( - NULL, + weechat_printf_date_tags ( + NULL, 0, "tls", _("%sremote[%s]: gnutls: error while checking peer's certificate"), weechat_prefix ("error"), remote->name); rc = -1; @@ -1119,16 +1119,16 @@ relay_remote_network_gnutls_callback (const void *pointer, void *data, /* check if certificate is trusted */ if (status & GNUTLS_CERT_INVALID) { - weechat_printf ( - NULL, + weechat_printf_date_tags ( + NULL, 0, "tls", _("%sremote[%s]: gnutls: peer's certificate is NOT trusted"), weechat_prefix ("error"), remote->name); rc = -1; } else { - weechat_printf ( - NULL, + weechat_printf_date_tags ( + NULL, 0, "tls", _("remote[%s]: gnutls: peer's certificate is trusted"), remote->name); } @@ -1136,8 +1136,8 @@ relay_remote_network_gnutls_callback (const void *pointer, void *data, /* check if certificate issuer is known */ if (status & GNUTLS_CERT_SIGNER_NOT_FOUND) { - weechat_printf ( - NULL, + weechat_printf_date_tags ( + NULL, 0, "tls", _("%sremote[%s]: gnutls: peer's certificate issuer is unknown"), weechat_prefix ("error"), remote->name); rc = -1; @@ -1146,8 +1146,8 @@ relay_remote_network_gnutls_callback (const void *pointer, void *data, /* check that certificate is not revoked */ if (status & GNUTLS_CERT_REVOKED) { - weechat_printf ( - NULL, + weechat_printf_date_tags ( + NULL, 0, "tls", _("%sremote[%s]: gnutls: the certificate has been revoked"), weechat_prefix ("error"), remote->name); rc = -1; diff --git a/src/plugins/relay/relay-client.c b/src/plugins/relay/relay-client.c index 54873900b..e3d7b9ef7 100644 --- a/src/plugins/relay/relay-client.c +++ b/src/plugins/relay/relay-client.c @@ -252,7 +252,7 @@ relay_client_handshake_timer_cb (const void *pointer, void *data, { /* handshake error, disconnect client */ weechat_printf_date_tags ( - NULL, 0, "relay_client", + NULL, 0, "relay_client,tls", _("%s%s: TLS handshake failed for client %s%s%s: error %d %s"), weechat_prefix ("error"), RELAY_PLUGIN_NAME, @@ -271,7 +271,7 @@ relay_client_handshake_timer_cb (const void *pointer, void *data, { /* handshake timeout, disconnect client */ weechat_printf_date_tags ( - NULL, 0, "relay_client", + NULL, 0, "relay_client,tls", _("%s%s: TLS handshake timeout for client %s%s%s"), weechat_prefix ("error"), RELAY_PLUGIN_NAME, @@ -1433,7 +1433,7 @@ relay_client_new (int sock, const char *address, struct t_relay_server *server) if (!relay_network_init_tls_cert_key_ok) { weechat_printf_date_tags ( - NULL, 0, "relay_client", + NULL, 0, "relay_client,tls", _("%s%s: warning: no TLS certificate/key found (option " "relay.network.tls_cert_key)"), weechat_prefix ("error"), diff --git a/src/plugins/relay/relay-network.c b/src/plugins/relay/relay-network.c index 1a7f33b2b..1a57e7c49 100644 --- a/src/plugins/relay/relay-network.c +++ b/src/plugins/relay/relay-network.c @@ -66,10 +66,11 @@ relay_network_set_tls_cert_key (int verbose) { if (verbose) { - weechat_printf (NULL, - _("%s%s: no TLS certificate/key found (option " - "relay.network.tls_cert_key is empty)"), - weechat_prefix ("error"), RELAY_PLUGIN_NAME); + weechat_printf_date_tags ( + NULL, 0, "tls", + _("%s%s: no TLS certificate/key found (option " + "relay.network.tls_cert_key is empty)"), + weechat_prefix ("error"), RELAY_PLUGIN_NAME); } return; } @@ -98,23 +99,25 @@ relay_network_set_tls_cert_key (int verbose) relay_network_init_tls_cert_key_ok = 1; if (verbose) { - weechat_printf (NULL, - _("%s: TLS certificate and key have been " - "set"), - RELAY_PLUGIN_NAME); + weechat_printf_date_tags ( + NULL, 0, "tls", + _("%s: TLS certificate and key have been " + "set"), + RELAY_PLUGIN_NAME); } } else { if (verbose) { - weechat_printf (NULL, - _("%s%s: gnutls error: %s: %s " - "(option relay.network.tls_cert_key)"), - weechat_prefix ("error"), - RELAY_PLUGIN_NAME, - gnutls_strerror_name (ret), - gnutls_strerror (ret)); + weechat_printf_date_tags ( + NULL, 0, "tls", + _("%s%s: gnutls error: %s: %s " + "(option relay.network.tls_cert_key)"), + weechat_prefix ("error"), + RELAY_PLUGIN_NAME, + gnutls_strerror_name (ret), + gnutls_strerror (ret)); } } } @@ -122,12 +125,13 @@ relay_network_set_tls_cert_key (int verbose) { if (verbose) { - weechat_printf (NULL, - _("%s%s: error: file with TLS certificate/key " - "is not readable: \"%s\" " - "(option relay.network.tls_cert_key)"), - weechat_prefix ("error"), RELAY_PLUGIN_NAME, - certkey_path); + weechat_printf_date_tags ( + NULL, 0, "tls", + _("%s%s: error: file with TLS certificate/key " + "is not readable: \"%s\" " + "(option relay.network.tls_cert_key)"), + weechat_prefix ("error"), RELAY_PLUGIN_NAME, + certkey_path); } } }