When changing the options weechat.network.gnutls_ca_system or
weechat.network.gnutls_ca_user, the GnuTLS credentials are freed then allocated
again, but the verification function used to check the certificate on
connection is not set again.
As a consequence, any TLS connection is made without checking the certificate.
This regression was introduced in version 3.2, when the options were changed to
automatically load system certificates without having to give the path, and to
let user give an extra custom path with certificates.
Command line debug options are now documented:
* --no-dlclose: do not call the function dlclose after plugins are unloaded
* --no-gnutls: do not call the init and deinit functions of GnuTLS library
* --no-gcrypt: do not call the init and deinit functions of Gcrypt library
These options must not be used in production, they're for debug only and can be
used with tools like Valgrind or electric-fence.
When there are multiple addresses for a server and a TLS handshake failure
occurs, the next server in the list will connect and then timeout without
performing any TLS handshake.
This is because irc_server_close_connection closes server->sock so the next
pipe to be created reuses that fd, but the hook for the handshake fd still
exists when the next connection attempt is started.
The hook for network_connect_child_read_cb is never added because a hook
for the reused fd number still exists.
Resolve this by removing the handshake hook before calling the connect
callback.
If the call to res_init() fails, the connection may be OK anyway
or in worst case it will fail (with an appropriate error) if the name
can not be resolved.
With weechat, if the network changes in anyway that causes resolv.conf
to be updated, that is not picked up, resulting in
irc: connecting to server XXXX.com/1026 (SSL)...
irc: address "XXX.com" not found
irc: error: Name or service not known
irc: reconnecting to server in 30 seconds
This happens, especially when one connects to an irc server behind a
VPN.
This can also happen when there is no network connectivity weechat was started
but later network is connected to.
The fix is simple, it relies on calling res_init (3) before getaddrinfo in
network_connect_child and other places.
res_init reloads the resolv.conf and getaddrinfo does not fail with
address resolution error.
This pointer is the first argument received by callbacks, and the
existing argument "data" is now automatically freed by WeeChat when the
object containing the callback is removed.
With this new pointer, the linked list of callbacks in scripts has been
removed. This will improve speed of scripts (using a lot of hooks),
reduce memory used by scripts and reduce time to unload scripts.
Following functions are affected in the C API:
* exec_on_files
* config_new
* config_new_section
* config_new_option
* hook_command
* hook_command_run
* hook_timer
* hook_fd
* hook_process
* hook_process_hashtable
* hook_connect
* hook_print
* hook_signal
* hook_hsignal
* hook_config
* hook_completion
* hook_modifier
* hook_info
* hook_info_hashtable
* hook_infolist
* hook_hdata
* hook_focus
* unhook_all_plugin
* buffer_new
* bar_item_new
* upgrade_new
* upgrade_read
LuK1337