diff options
| author | Alexander Færøy <ahf@0x90.dk> | 2016-10-16 13:46:58 +0200 |
|---|---|---|
| committer | Alexander Færøy <ahf@0x90.dk> | 2016-10-22 20:36:50 +0200 |
| commit | 2be7289085d6969e6774ce3909f0224b1d689f93 (patch) | |
| tree | 4df40e20182613125fc565b5aa0ba54e750efbe9 | |
| parent | da67d3e8e69eb5fb702a3dd39356d38a1ee9d8cd (diff) | |
| download | irssi-2be7289085d6969e6774ce3909f0224b1d689f93.zip | |
Rename SSL to TLS.
This patch changes the internal name of SSL to TLS. We also add -tls_*
options to /CONNECT and /SERVER, but make sure that the -ssl_* versions
of the commands continue to work like before.
| -rw-r--r-- | NEWS | 3 | ||||
| -rw-r--r-- | docs/help/in/connect.in | 33 | ||||
| -rw-r--r-- | docs/help/in/server.in | 64 | ||||
| -rw-r--r-- | src/core/chat-commands.c | 44 | ||||
| -rw-r--r-- | src/core/network-openssl.c | 17 | ||||
| -rw-r--r-- | src/core/server-connect-rec.h | 16 | ||||
| -rw-r--r-- | src/core/server-setup-rec.h | 16 | ||||
| -rw-r--r-- | src/core/servers-reconnect.c | 14 | ||||
| -rw-r--r-- | src/core/servers-setup.c | 114 | ||||
| -rw-r--r-- | src/core/servers.c | 28 | ||||
| -rw-r--r-- | src/core/session.c | 17 | ||||
| -rw-r--r-- | src/fe-common/core/fe-server.c | 60 | ||||
| -rw-r--r-- | src/fe-common/irc/fe-irc-server.c | 30 | ||||
| -rw-r--r-- | src/irc/core/irc-servers.c | 4 | ||||
| -rw-r--r-- | src/perl/perl-common.c | 3 |
15 files changed, 255 insertions, 208 deletions
@@ -18,6 +18,9 @@ v0.8.21-head 2016-xx-xx The Irssi team <staff@irssi.org> tag/* and * to ignore whole networks or everything. + /hilight got a -matchcase flag to hilight case sensitively (#421). + Always build irssi with TLS support. + + Rename SSL to TLS in the code and add -tls_* versions of the -ssl_* + options to /CONNECT and /SERVER, but make sure the -ssl_* options continue + to work. - IP addresses are no longer stored when resolve_reverse_lookup is used. - /names and $[...] now uses utf8 string operations (#40, #411). diff --git a/docs/help/in/connect.in b/docs/help/in/connect.in index df50d1b9..a0d793d2 100644 --- a/docs/help/in/connect.in +++ b/docs/help/in/connect.in @@ -5,23 +5,22 @@ %9Parameters:%9 - -4: Connects using IPv4. - -6: Connects using IPv6. - -ssl: Connects using SSL encryption. - -ssl_cert: The SSL client certificate file. - -ssl_pkey: The SSL client private key, if not included in the - certificate file. - -ssl_pass: The password for the SSL client private key or certificate. - -ssl_verify: Verifies the SSL certificate of the server. - -ssl_cafile: The file with the list of CA certificates. - -ssl_capath: The directory which contains the CA certificates. - -ssl_ciphers: SSL cipher suite preference lists. - -noproxy: Ignores the global proxy configuration. - -network: The network this connection belongs to. - -host: The hostname you would like to connect from. - -rawlog: Immediately open rawlog after connecting. - -!: Doesn't autojoin channels. - -noautosendcmd: Doesn't execute autosendcmd. + -4: Connects using IPv4. + -6: Connects using IPv6. + -tls: Connects using TLS encryption. + -tls_cert: The TLS client certificate file. + -tls_pkey: The TLS client private key, if not included in the certificate file. + -tls_pass: The password for the TLS client private key or certificate. + -tls_verify: Verifies the TLS certificate of the server. + -tls_cafile: The file with the list of CA certificates. + -tls_capath: The directory which contains the CA certificates. + -tls_ciphers: TLS cipher suite preference lists. + -noproxy: Ignores the global proxy configuration. + -network: The network this connection belongs to. + -host: The hostname you would like to connect from. + -rawlog: Immediately open rawlog after connecting. + -!: Doesn't autojoin channels. + -noautosendcmd: Doesn't execute autosendcmd. A network or server to connect to; you can optionally specify a custom port, password and nickname. diff --git a/docs/help/in/server.in b/docs/help/in/server.in index 68a62e2d..ee1a30e1 100644 --- a/docs/help/in/server.in +++ b/docs/help/in/server.in @@ -5,45 +5,45 @@ %9Parameters:%9 - LIST: Displays the list of servers you are connected to. - CONNECT: Connects to the given server. - ADD: Adds a server to your configuration. - MODIFY: Modifies a server in your configuration. - REMOVE: Removes a server from your configuration. - PURGE: Purges the commands queued to be sent to the server. + LIST: Displays the list of servers you are connected to. + CONNECT: Connects to the given server. + ADD: Adds a server to your configuration. + MODIFY: Modifies a server in your configuration. + REMOVE: Removes a server from your configuration. + PURGE: Purges the commands queued to be sent to the server. - -!: Doesn't autojoin the channels. - -4: Connects using IPv4. - -6: Connects using IPv6. - -ssl: Connects using SSL encryption. - -ssl_cert: The SSL client certificate file. - -ssl_pkey: The SSL client private key, if not included in the - certificate file. - -ssl_pass: The password for the SSL client private key or certificate. - -ssl_verify: Verifies the SSL certificate of the server. - -ssl_cafile: The file with the list of CA certificates. - -ssl_capath: The directory which contains the CA certificates. - -ssl_ciphers: SSL cipher suite preference lists. - -auto: Automatically connects to the server on startup. - -noauto: Doesn't connect to the server on startup. - -network: The network the server belongs to. - -host: The hostname you would like to connect from. - -cmdspeed: Specifies the minimum amount of time, expressed in - milliseconds, that the client must wait before sending - additional commands to the server. - -cmdmax: Specifies the maximum number of commands to perform - before starting the internal flood protection. - -port: Specifies the port to connect to the server. - -noproxy: Ignores the global proxy configuration. - -rawlog: Immediately open rawlog after connecting. - -noautosendcmd: Doesn't execute autosendcmd. + -!: Doesn't autojoin the channels. + -4: Connects using IPv4. + -6: Connects using IPv6. + -tls: Connects using TLS encryption. + -tls_cert: The TLS client certificate file. + -tls_pkey: The TLS client private key, if not included in the + certificate file. + -tls_pass: The password for the TLS client private key or certificate. + -tls_verify: Verifies the TLS certificate of the server. + -tls_cafile: The file with the list of CA certificates. + -tls_capath: The directory which contains the CA certificates. + -tls_ciphers: TLS cipher suite preference lists. + -auto: Automatically connects to the server on startup. + -noauto: Doesn't connect to the server on startup. + -network: The network the server belongs to. + -host: The hostname you would like to connect from. + -cmdspeed: Specifies the minimum amount of time, expressed in + milliseconds, that the client must wait before sending + additional commands to the server. + -cmdmax: Specifies the maximum number of commands to perform + before starting the internal flood protection. + -port: Specifies the port to connect to the server. + -noproxy: Ignores the global proxy configuration. + -rawlog: Immediately open rawlog after connecting. + -noautosendcmd: Doesn't execute autosendcmd. The server, port and network to add, modify or remove; if no argument is given, the list of servers you are connected to will be returned. %9Description:%9 - Displays, adds, modifies or removes the network configuration of IRC + Displays, adds, modifies or removes the network configuration of IRC servers. When using the ADD parameter on a server that already exists, the diff --git a/src/core/chat-commands.c b/src/core/chat-commands.c index a9404fa3..db60e46f 100644 --- a/src/core/chat-commands.c +++ b/src/core/chat-commands.c @@ -99,27 +99,27 @@ static SERVER_CONNECT_REC *get_server_connect(const char *data, int *plus_addr, else if (g_hash_table_lookup(optlist, "4") != NULL) conn->family = AF_INET; - if (g_hash_table_lookup(optlist, "ssl") != NULL) - conn->use_ssl = TRUE; - if ((tmp = g_hash_table_lookup(optlist, "ssl_cert")) != NULL) - conn->ssl_cert = g_strdup(tmp); - if ((tmp = g_hash_table_lookup(optlist, "ssl_pkey")) != NULL) - conn->ssl_pkey = g_strdup(tmp); - if ((tmp = g_hash_table_lookup(optlist, "ssl_pass")) != NULL) - conn->ssl_pass = g_strdup(tmp); - if (g_hash_table_lookup(optlist, "ssl_verify") != NULL) - conn->ssl_verify = TRUE; - if ((tmp = g_hash_table_lookup(optlist, "ssl_cafile")) != NULL) - conn->ssl_cafile = g_strdup(tmp); - if ((tmp = g_hash_table_lookup(optlist, "ssl_capath")) != NULL) - conn->ssl_capath = g_strdup(tmp); - if ((tmp = g_hash_table_lookup(optlist, "ssl_ciphers")) != NULL) - conn->ssl_ciphers = g_strdup(tmp); - if ((conn->ssl_capath != NULL && conn->ssl_capath[0] != '\0') - || (conn->ssl_cafile != NULL && conn->ssl_cafile[0] != '\0')) - conn->ssl_verify = TRUE; - if ((conn->ssl_cert != NULL && conn->ssl_cert[0] != '\0') || conn->ssl_verify) - conn->use_ssl = TRUE; + if (g_hash_table_lookup(optlist, "tls") != NULL || g_hash_table_lookup(optlist, "ssl") != NULL) + conn->use_tls = TRUE; + if ((tmp = g_hash_table_lookup(optlist, "tls_cert")) != NULL || (tmp = g_hash_table_lookup(optlist, "ssl_cert")) != NULL) + conn->tls_cert = g_strdup(tmp); + if ((tmp = g_hash_table_lookup(optlist, "tls_pkey")) != NULL || (tmp = g_hash_table_lookup(optlist, "ssl_pkey")) != NULL) + conn->tls_pkey = g_strdup(tmp); + if ((tmp = g_hash_table_lookup(optlist, "tls_pass")) != NULL || (tmp = g_hash_table_lookup(optlist, "ssl_pass")) != NULL) + conn->tls_pass = g_strdup(tmp); + if (g_hash_table_lookup(optlist, "tls_verify") != NULL || g_hash_table_lookup(optlist, "ssl_verify") != NULL) + conn->tls_verify = TRUE; + if ((tmp = g_hash_table_lookup(optlist, "tls_cafile")) != NULL || (tmp = g_hash_table_lookup(optlist, "ssl_cafile")) != NULL) + conn->tls_cafile = g_strdup(tmp); + if ((tmp = g_hash_table_lookup(optlist, "tls_capath")) != NULL || (tmp = g_hash_table_lookup(optlist, "ssl_capath")) != NULL) + conn->tls_capath = g_strdup(tmp); + if ((tmp = g_hash_table_lookup(optlist, "tls_ciphers")) != NULL || (tmp = g_hash_table_lookup(optlist, "ssl_ciphers")) != NULL) + conn->tls_ciphers = g_strdup(tmp); + if ((conn->tls_capath != NULL && conn->tls_capath[0] != '\0') + || (conn->tls_cafile != NULL && conn->tls_cafile[0] != '\0')) + conn->tls_verify = TRUE; + if ((conn->tls_cert != NULL && conn->tls_cert[0] != '\0') || conn->tls_verify) + conn->use_tls = TRUE; if (g_hash_table_lookup(optlist, "!") != NULL) conn->no_autojoin_channels = TRUE; @@ -494,7 +494,7 @@ void chat_commands_init(void) signal_add("default command server", (SIGNAL_FUNC) sig_default_command_server); signal_add("server sendmsg", (SIGNAL_FUNC) sig_server_sendmsg); - command_set_options("connect", "4 6 !! -network ssl +ssl_cert +ssl_pkey +ssl_pass ssl_verify +ssl_cafile +ssl_capath +ssl_ciphers +host noproxy -rawlog noautosendcmd"); + command_set_options("connect", "4 6 !! -network ssl +ssl_cert +ssl_pkey +ssl_pass ssl_verify +ssl_cafile +ssl_capath +ssl_ciphers tls +tls_cert +tls_pkey +tls_pass tls_verify +tls_cafile +tls_capath +tls_ciphers +host noproxy -rawlog noautosendcmd"); command_set_options("msg", "channel nick"); } diff --git a/src/core/network-openssl.c b/src/core/network-openssl.c index 014f0a28..82fd65b0 100644 --- a/src/core/network-openssl.c +++ b/src/core/network-openssl.c @@ -455,13 +455,13 @@ static GIOChannel *irssi_ssl_get_iochannel(GIOChannel *handle, int port, SERVER_ SSL *ssl; SSL_CTX *ctx = NULL; - const char *mycert = server->connrec->ssl_cert; - const char *mypkey = server->connrec->ssl_pkey; - const char *mypass = server->connrec->ssl_pass; - const char *cafile = server->connrec->ssl_cafile; - const char *capath = server->connrec->ssl_capath; - const char *ciphers = server->connrec->ssl_ciphers; - gboolean verify = server->connrec->ssl_verify; + const char *mycert = server->connrec->tls_cert; + const char *mypkey = server->connrec->tls_pkey; + const char *mypass = server->connrec->tls_pass; + const char *cafile = server->connrec->tls_cafile; + const char *capath = server->connrec->tls_capath; + const char *ciphers = server->connrec->tls_ciphers; + gboolean verify = server->connrec->tls_verify; g_return_val_if_fail(handle != NULL, NULL); @@ -480,7 +480,8 @@ static GIOChannel *irssi_ssl_get_iochannel(GIOChannel *handle, int port, SERVER_ SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3); SSL_CTX_set_default_passwd_cb(ctx, get_pem_password_callback); SSL_CTX_set_default_passwd_cb_userdata(ctx, (void *)mypass); - if (ciphers && *ciphers) { + + if (ciphers != NULL && ciphers[0] != '\0') { if (SSL_CTX_set_cipher_list(ctx, ciphers) != 1) g_warning("No valid SSL cipher suite could be selected"); } diff --git a/src/core/server-connect-rec.h b/src/core/server-connect-rec.h index 80c5761b..35577fd4 100644 --- a/src/core/server-connect-rec.h +++ b/src/core/server-connect-rec.h @@ -23,12 +23,12 @@ char *nick; char *username; char *realname; -char *ssl_cert; -char *ssl_pkey; -char *ssl_pass; -char *ssl_cafile; -char *ssl_capath; -char *ssl_ciphers; +char *tls_cert; +char *tls_pkey; +char *tls_pass; +char *tls_cafile; +char *tls_capath; +char *tls_ciphers; GIOChannel *connect_handle; /* connect using this handle */ @@ -38,8 +38,8 @@ unsigned int reconnecting:1; /* we're trying to reconnect any connection */ unsigned int no_autojoin_channels:1; /* don't autojoin any channels */ unsigned int no_autosendcmd:1; /* don't execute autosendcmd */ unsigned int unix_socket:1; /* Connect using named unix socket */ -unsigned int use_ssl:1; /* this connection uses SSL */ -unsigned int ssl_verify:1; +unsigned int use_tls:1; /* this connection uses TLS */ +unsigned int tls_verify:1; unsigned int no_connect:1; /* don't connect() at all, it's done by plugin */ char *channels; char *away_reason; diff --git a/src/core/server-setup-rec.h b/src/core/server-setup-rec.h index 2c9614c7..22876d4e 100644 --- a/src/core/server-setup-rec.h +++ b/src/core/server-setup-rec.h @@ -11,12 +11,12 @@ char *password; int sasl_mechanism; char *sasl_password; -char *ssl_cert; -char *ssl_pkey; -char *ssl_pass; -char *ssl_cafile; -char *ssl_capath; -char *ssl_ciphers; +char *tls_cert; +char *tls_pkey; +char *tls_pass; +char *tls_cafile; +char *tls_capath; +char *tls_ciphers; char *own_host; /* address to use when connecting this server */ IPADDR *own_ip4, *own_ip6; /* resolved own_address if not NULL */ @@ -28,7 +28,7 @@ unsigned int no_proxy:1; unsigned int last_failed:1; /* if last connection attempt failed */ unsigned int banned:1; /* if we're banned from this server */ unsigned int dns_error:1; /* DNS said the host doesn't exist */ -unsigned int use_ssl:1; /* this connection uses SSL */ -unsigned int ssl_verify:1; +unsigned int use_tls:1; /* this connection uses TLS */ +unsigned int tls_verify:1; GHashTable *module_data; diff --git a/src/core/servers-reconnect.c b/src/core/servers-reconnect.c index 58c9dd09..16ec1fac 100644 --- a/src/core/servers-reconnect.c +++ b/src/core/servers-reconnect.c @@ -192,13 +192,13 @@ server_connect_copy_skeleton(SERVER_CONNECT_REC *src, int connect_info) dest->no_autosendcmd = src->no_autosendcmd; dest->unix_socket = src->unix_socket; - dest->use_ssl = src->use_ssl; - dest->ssl_cert = g_strdup(src->ssl_cert); - dest->ssl_pkey = g_strdup(src->ssl_pkey); - dest->ssl_verify = src->ssl_verify; - dest->ssl_cafile = g_strdup(src->ssl_cafile); - dest->ssl_capath = g_strdup(src->ssl_capath); - dest->ssl_ciphers = g_strdup(src->ssl_ciphers); + dest->use_tls = src->use_tls; + dest->tls_cert = g_strdup(src->tls_cert); + dest->tls_pkey = g_strdup(src->tls_pkey); + dest->tls_verify = src->tls_verify; + dest->tls_cafile = g_strdup(src->tls_cafile); + dest->tls_capath = g_strdup(src->tls_capath); + dest->tls_ciphers = g_strdup(src->tls_ciphers); return dest; } diff --git a/src/core/servers-setup.c b/src/core/servers-setup.c index 0cecfece..01a36e1c 100644 --- a/src/core/servers-setup.c +++ b/src/core/servers-setup.c @@ -167,20 +167,20 @@ static void server_setup_fill_server(SERVER_CONNECT_REC *conn, if (sserver->port > 0 && conn->port <= 0) conn->port = sserver->port; - conn->use_ssl = sserver->use_ssl; - if (conn->ssl_cert == NULL && sserver->ssl_cert != NULL && sserver->ssl_cert[0] != '\0') - conn->ssl_cert = g_strdup(sserver->ssl_cert); - if (conn->ssl_pkey == NULL && sserver->ssl_pkey != NULL && sserver->ssl_pkey[0] != '\0') - conn->ssl_pkey = g_strdup(sserver->ssl_pkey); - if (conn->ssl_pass == NULL && sserver->ssl_pass != NULL && sserver->ssl_pass[0] != '\0') - conn->ssl_pass = g_strdup(sserver->ssl_pass); - conn->ssl_verify = sserver->ssl_verify; - if (conn->ssl_cafile == NULL && sserver->ssl_cafile != NULL && sserver->ssl_cafile[0] != '\0') - conn->ssl_cafile = g_strdup(sserver->ssl_cafile); - if (conn->ssl_capath == NULL && sserver->ssl_capath != NULL && sserver->ssl_capath[0] != '\0') - conn->ssl_capath = g_strdup(sserver->ssl_capath); - if (conn->ssl_ciphers == NULL && sserver->ssl_ciphers != NULL && sserver->ssl_ciphers[0] != '\0') - conn->ssl_ciphers = g_strdup(sserver->ssl_ciphers); + conn->use_tls = sserver->use_tls; + if (conn->tls_cert == NULL && sserver->tls_cert != NULL && sserver->tls_cert[0] != '\0') + conn->tls_cert = g_strdup(sserver->tls_cert); + if (conn->tls_pkey == NULL && sserver->tls_pkey != NULL && sserver->tls_pkey[0] != '\0') + conn->tls_pkey = g_strdup(sserver->tls_pkey); + if (conn->tls_pass == NULL && sserver->tls_pass != NULL && sserver->tls_pass[0] != '\0') + conn->tls_pass = g_strdup(sserver->tls_pass); + conn->tls_verify = sserver->tls_verify; + if (conn->tls_cafile == NULL && sserver->tls_cafile != NULL && sserver->tls_cafile[0] != '\0') + conn->tls_cafile = g_strdup(sserver->tls_cafile); + if (conn->tls_capath == NULL && sserver->tls_capath != NULL && sserver->tls_capath[0] != '\0') + conn->tls_capath = g_strdup(sserver->tls_capath); + if (conn->tls_ciphers == NULL && sserver->tls_ciphers != NULL && sserver->tls_ciphers[0] != '\0') + conn->tls_ciphers = g_strdup(sserver->tls_ciphers); server_setup_fill_reconn(conn, sserver); @@ -362,9 +362,10 @@ SERVER_SETUP_REC *server_setup_find(const char *address, int port, static SERVER_SETUP_REC *server_setup_read(CONFIG_NODE *node) { SERVER_SETUP_REC *rec; - CHATNET_REC *chatnetrec; + CHATNET_REC *chatnetrec; char *server, *chatnet, *family; int port; + char *value = NULL; g_return_val_if_fail(node != NULL, NULL); @@ -390,7 +391,7 @@ static SERVER_SETUP_REC *server_setup_read(CONFIG_NODE *node) chatnet_create(chatnetrec); } - family = config_node_get_str(node, "family", ""); + family = config_node_get_str(node, "family", ""); rec = CHAT_PROTOCOL(chatnetrec)->create_server_setup(); rec->type = module_get_uniq_id("SERVER SETUP", 0); @@ -400,18 +401,45 @@ static SERVER_SETUP_REC *server_setup_read(CONFIG_NODE *node) (g_ascii_strcasecmp(family, "inet") == 0 ? AF_INET : 0); rec->address = g_strdup(server); rec->password = g_strdup(config_node_get_str(node, "password", NULL)); - rec->use_ssl = config_node_get_bool(node, "use_ssl", FALSE); - rec->ssl_cert = g_strdup(config_node_get_str(node, "ssl_cert", NULL)); - rec->ssl_pkey = g_strdup(config_node_get_str(node, "ssl_pkey", NULL)); - rec->ssl_pass = g_strdup(config_node_get_str(node, "ssl_pass", NULL)); - rec->ssl_verify = config_node_get_bool(node, "ssl_verify", FALSE); - rec->ssl_cafile = g_strdup(config_node_get_str(node, "ssl_cafile", NULL)); - rec->ssl_capath = g_strdup(config_node_get_str(node, "ssl_capath", NULL)); - rec->ssl_ciphers = g_strdup(config_node_get_str(node, "ssl_ciphers", NULL)); - if (rec->ssl_cafile || rec->ssl_capath) - rec->ssl_verify = TRUE; - if (rec->ssl_cert != NULL || rec->ssl_verify) - rec->use_ssl = TRUE; + + rec->use_tls = config_node_get_bool(node, "use_tls", FALSE) || config_node_get_bool(node, "use_ssl", FALSE); + rec->tls_verify = config_node_get_bool(node, "tls_verify", FALSE) || config_node_get_bool(node, "ssl_verify", FALSE); + + value = config_node_get_str(node, "tls_cert", NULL); + if (value == NULL) + value = config_node_get_str(node, "ssl_cert", NULL); + rec->tls_cert = g_strdup(value); + + value = config_node_get_str(node, "tls_pkey", NULL); + if (value == NULL) + value = config_node_get_str(node, "ssl_pkey", NULL); + rec->tls_pkey = g_strdup(value); + + value = config_node_get_str(node, "tls_pass", NULL); + if (value == NULL) + value = config_node_get_str(node, "ssl_pass", NULL); + rec->tls_pass = g_strdup(value); + + value = config_node_get_str(node, "tls_cafile", NULL); + if (value == NULL) + value = config_node_get_str(node, "ssl_cafile", NULL); + rec->tls_cafile = g_strdup(value); + + value = config_node_get_str(node, "tls_capath", NULL); + if (value == NULL) + value = config_node_get_str(node, "ssl_capath", NULL); + rec->tls_capath = g_strdup(value); + + value = config_node_get_str(node, "tls_ciphers", NULL); + if (value == NULL) + value = config_node_get_str(node, "ssl_ciphers", NULL); + rec->tls_ciphers = g_strdup(value); + + if (rec->tls_cafile || rec->tls_capath) + rec->tls_verify = TRUE; + if (rec->tls_cert != NULL || rec->tls_verify) + rec->use_tls = TRUE; + rec->port = port; rec->autoconnect = config_node_get_bool(node, "autoconnect", FALSE); rec->no_proxy = config_node_get_bool(node, "no_proxy", FALSE); @@ -463,14 +491,16 @@ static void server_setup_save(SERVER_SETUP_REC *rec) iconfig_node_set_int(node, "port", rec->port); iconfig_node_set_str(node, "password", rec->password); - iconfig_node_set_bool(node, "use_ssl", rec->use_ssl); - iconfig_node_set_str(node, "ssl_cert", rec->ssl_cert); - iconfig_node_set_str(node, "ssl_pkey", rec->ssl_pkey); - iconfig_node_set_str(node, "ssl_pass", rec->ssl_pass); - iconfig_node_set_bool(node, "ssl_verify", rec->ssl_verify); - iconfig_node_set_str(node, "ssl_cafile", rec->ssl_cafile); - iconfig_node_set_str(node, "ssl_capath", rec->ssl_capath); - iconfig_node_set_str(node, "ssl_ciphers", rec->ssl_ciphers); + + iconfig_node_set_bool(node, "use_tls", rec->use_tls); + iconfig_node_set_str(node, "tls_cert", rec->tls_cert); + iconfig_node_set_str(node, "tls_pkey", rec->tls_pkey); + iconfig_node_set_str(node, "tls_pass", rec->tls_pass); + iconfig_node_set_bool(node, "tls_verify", rec->tls_verify); + iconfig_node_set_str(node, "tls_cafile", rec->tls_cafile); + iconfig_node_set_str(node, "tls_capath", rec->tls_capath); + iconfig_node_set_str(node, "tls_ciphers", rec->tls_ciphers); + iconfig_node_set_str(node, "own_host", rec->own_host); iconfig_node_set_str(node, "family", @@ -514,12 +544,12 @@ static void server_setup_destroy(SERVER_SETUP_REC *rec) g_free_not_null(rec->own_ip6); g_free_not_null(rec->chatnet); g_free_not_null(rec->password); - g_free_not_null(rec->ssl_cert); - g_free_not_null(rec->ssl_pkey); - g_free_not_null(rec->ssl_pass); - g_free_not_null(rec->ssl_cafile); - g_free_not_null(rec->ssl_capath); - g_free_not_null(rec->ssl_ciphers); + g_free_not_null(rec->tls_cert); + g_free_not_null(rec->tls_pkey); + g_free_not_null(rec->tls_pass); + g_free_not_null(rec->tls_cafile); + g_free_not_null(rec->tls_capath); + g_free_not_null(rec->tls_ciphers); g_free(rec->address); g_free(rec); } diff --git a/src/core/servers.c b/src/core/servers.c index dfcbcde0..2a14d510 100644 --- a/src/core/servers.c +++ b/src/core/servers.c @@ -219,7 +219,7 @@ static void server_real_connect(SERVER_REC *server, IPADDR *ip, own_ip = IPADDR_IS_V6(ip) ? server->connrec->own_ip6 : server->connrec->own_ip4; port = server->connrec->proxy != NULL ? server->connrec->proxy_port : server->connrec->port; - handle = server->connrec->use_ssl ? + handle = server->connrec->use_tls ? net_connect_ip_ssl(ip, port, own_ip, server) : net_connect_ip(ip, port, own_ip); } else { handle = net_connect_unix(unix_socket); @@ -237,7 +237,7 @@ static void server_real_connect(SERVER_REC *server, IPADDR *ip, } server->no_reconnect = TRUE; } - if (server->connrec->use_ssl && errno == ENOSYS) + if (server->connrec->use_tls && errno == ENOSYS) server->no_reconnect = TRUE; server->connection_lost = TRUE; @@ -245,7 +245,7 @@ static void server_real_connect(SERVER_REC *server, IPADDR *ip, g_free(errmsg2); } else { server->handle = net_sendbuffer_create(handle, 0); - if (server->connrec->use_ssl) + if (server->connrec->use_tls) server_connect_callback_init_ssl(server, handle); else server->connect_tag = @@ -622,22 +622,22 @@ void server_connect_unref(SERVER_CONNECT_REC *conn) g_free_not_null(conn->own_ip4); g_free_not_null(conn->own_ip6); - g_free_not_null(conn->password); - g_free_not_null(conn->nick); - g_free_not_null(conn->username); + g_free_not_null(conn->password); + g_free_not_null(conn->nick); + g_free_not_null(conn->username); g_free_not_null(conn->realname); - g_free_not_null(conn->ssl_cert); - g_free_not_null(conn->ssl_pkey); - g_free_not_null(conn->ssl_pass); - g_free_not_null(conn->ssl_cafile); - g_free_not_null(conn->ssl_capath); - g_free_not_null(conn->ssl_ciphers); + g_free_not_null(conn->tls_cert); + g_free_not_null(conn->tls_pkey); + g_free_not_null(conn->tls_pass); + g_free_not_null(conn->tls_cafile); + g_free_not_null(conn->tls_capath); + g_free_not_null(conn->tls_ciphers); g_free_not_null(conn->channels); - g_free_not_null(conn->away_reason); + g_free_not_null(conn->away_reason); - conn->type = 0; + conn->type = 0; g_free(conn); } diff --git a/src/core/session.c b/src/core/session.c index 17d80076..5b3303bb 100644 --- a/src/core/session.c +++ b/src/core/session.c @@ -150,8 +150,7 @@ static void session_save_server(SERVER_REC *server, CONFIG_REC *config, node = config_node_section(config, node, NULL, NODE_TYPE_BLOCK); - config_node_set_str(config, node, "chat_type", - chat_protocol_find_id(server->chat_type)->name); + config_node_set_str(config, node, "chat_type", chat_protocol_find_id(server->chat_type)->name); config_node_set_str(config, node, "address", server->connrec->address); config_node_set_int(config, node, "port", server->connrec->port); config_node_set_str(config, node, "chatnet", server->connrec->chatnet); @@ -159,13 +158,13 @@ static void session_save_server(SERVER_REC *server, CONFIG_REC *config, config_node_set_str(config, node, "nick", server->nick); config_node_set_str(config, node, "version", server->version); - config_node_set_bool(config, node, "use_ssl", server->connrec->use_ssl); - config_node_set_str(config, node, "ssl_cert", server->connrec->ssl_cert); - config_node_set_str(config, node, "ssl_pkey", server->connrec->ssl_pkey); - config_node_set_bool(config, node, "ssl_verify", server->connrec->ssl_verify); - config_node_set_str(config, node, "ssl_cafile", server->connrec->ssl_cafile); - config_node_set_str(config, node, "ssl_capath", server->connrec->ssl_capath); - config_node_set_str(config, node, "ssl_ciphers", server->connrec->ssl_ciphers); + config_node_set_bool(config, node, "use_tls", server->connrec->use_tls); + config_node_set_str(config, node, "tls_cert", server->connrec->tls_cert); + config_node_set_str(config, node, "tls_pkey", server->connrec->tls_pkey); + config_node_set_bool(config, node, "tls_verify", server->connrec->tls_verify); + config_node_set_str(config, node, "tls_cafile", server->connrec->tls_cafile); + config_node_set_str(config, node, "tls_capath", server->connrec->tls_capath); + config_node_set_str(config, node, "tls_ciphers", server->connrec->tls_ciphers); handle = g_io_channel_unix_get_fd(net_sendbuffer_handle(server->handle)); config_node_set_int(config, node, "handle", handle); diff --git a/src/fe-common/core/fe-server.c b/src/fe-common/core/fe-server.c index 468cb707..b9522bc1 100644 --- a/src/fe-common/core/fe-server.c +++ b/src/fe-common/core/fe-server.c @@ -154,42 +154,55 @@ static void cmd_server_add_modify(const char *data, gboolean add) else if (g_hash_table_lookup(optlist, "4")) rec->family = AF_INET; - if (g_hash_table_lookup(optlist, "ssl")) - rec->use_ssl = TRUE; + if (g_hash_table_lookup(optlist, "tls") || g_hash_table_lookup(optlist, "ssl")) + rec->use_tls = TRUE; - value = g_hash_table_lookup(optlist, "ssl_cert"); + value = g_hash_table_lookup(optlist, "tls_cert"); + if (value == NULL) + value = g_hash_table_lookup(optlist, "ssl_cert"); if (value != NULL && *value != '\0') - rec->ssl_cert = g_strdup(value); + rec->tls_cert = g_strdup(value); - value = g_hash_table_lookup(optlist, "ssl_pkey"); + value = g_hash_table_lookup(optlist, "tls_pkey"); + if (value == NULL) + value = g_hash_table_lookup(optlist, "ssl_pkey"); if (value != NULL && *value != '\0') - rec->ssl_pkey = g_strdup(value); + rec->tls_pkey = g_strdup(value); - value = g_hash_table_lookup(optlist, "ssl_pass"); + value = g_hash_table_lookup(optlist, "tls_pass"); + if (value == NULL) + value = g_hash_table_lookup(optlist, "ssl_pass"); if (value != NULL && *value != '\0') - rec->ssl_pass = g_strdup(value); + rec->tls_pass = g_strdup(value); - if (g_hash_table_lookup(optlist, "ssl_verify")) - rec->ssl_verify = TRUE; + if (g_hash_table_lookup(optlist, "tls_verify") || g_hash_table_lookup(optlist, "ssl_verify")) + rec->tls_verify = TRUE; - value = g_hash_table_lookup(optlist, "ssl_cafile"); + value = g_hash_table_lookup(optlist, "tls_cafile"); + if (value == NULL) + value = g_hash_table_lookup(optlist, "ssl_cafile"); if (value != NULL && *value != '\0') - rec->ssl_cafile = g_strdup(value); + rec->tls_cafile = g_strdup(value); - value = g_hash_table_lookup(optlist, "ssl_capath"); + value = g_hash_table_lookup(optlist, "tls_capath"); + if (value == NULL) + value = g_hash_table_lookup(optlist, "ssl_capath"); if (value != NULL && *value != '\0') - rec->ssl_capath = g_strdup(value); + rec->tls_capath = g_strdup(value); - value = g_hash_table_lookup(optlist, "ssl_ciphers"); + value = g_hash_table_lookup(optlist, "tls_ciphers"); + if (value == NULL) + value = g_hash_table_lookup(optlist, "ssl_ciphers"); if (value != NULL && *value != '\0') - rec->ssl_ciphers = g_strdup(value); + rec->tls_ciphers = g_strdup(value); - if ((rec->ssl_cafile != NULL && rec->ssl_cafile[0] != '\0') - || (rec->ssl_capath != NULL && rec->ssl_capath[0] != '\0')) - rec->ssl_verify = TRUE; - if ((rec->ssl_cert != NULL && rec->ssl_cert[0] != '\0') || rec->ssl_verify == TRUE) - rec->use_ssl = TRUE; + if ((rec->tls_cafile != NULL && rec->tls_cafile[0] != '\0') + || (rec->tls_capath != NULL && rec->tls_capath[0] != '\0')) + rec->tls_verify = TRUE; + + if ((rec->tls_cert != NULL && rec->tls_cert[0] != '\0') || rec->tls_verify == TRUE) + rec->use_tls = TRUE; if (g_hash_table_lookup(optlist, "auto")) rec->autoconnect = TRUE; if (g_hash_table_lookup(optlist, "noauto")) rec->autoconnect = FALSE; @@ -409,8 +422,9 @@ void fe_server_init(void) command_bind("server remove", NULL, (SIGNAL_FUNC) cmd_server_remove); command_bind_first("server", NULL, (SIGNAL_FUNC) server_command); command_bind_first("disconnect", NULL, (SIGNAL_FUNC) server_command); - command_set_options("server add", "4 6 !! ssl +ssl_cert +ssl_pkey +ssl_pass ssl_verify +ssl_cafile +ssl_capath +ssl_ciphers auto noauto proxy noproxy -host -port noautosendcmd"); - command_set_options("server modify", "4 6 !! ssl +ssl_cert +ssl_pkey +ssl_pass ssl_verify +ssl_cafile +ssl_capath +ssl_ciphers auto noauto proxy noproxy -host -port noautosendcmd"); + + command_set_options("server add", "4 6 !! ssl +ssl_cert +ssl_pkey +ssl_pass ssl_verify +ssl_cafile +ssl_capath +ssl_ciphers +ssl_fingerprint tls +tls_cert +tls_pkey +tls_pass tls_verify +tls_cafile +tls_capath +tls_ciphers auto noauto proxy noproxy -host -port noautosendcmd"); + command_set_options("server modify", "4 6 !! ssl +ssl_cert +ssl_pkey +ssl_pass ssl_verify +ssl_cafile +ssl_capath +ssl_ciphers +ssl_fingerprint tls +tls_cert +tls_pkey +tls_pass tls_verify +tls_cafile +tls_capath +tls_ciphers auto noauto proxy noproxy -host -port noautosendcmd"); signal_add("server looking", (SIGNAL_FUNC) sig_server_looking); signal_add("server connecting", (SIGNAL_FUNC) sig_server_connecting); diff --git a/src/fe-common/irc/fe-irc-server.c b/src/fe-common/irc/fe-irc-server.c index 2e22d6f2..36ed2bdc 100644 --- a/src/fe-common/irc/fe-irc-server.c +++ b/src/fe-common/irc/fe-irc-server.c @@ -108,23 +108,23 @@ static void cmd_server_list(const char *data) g_string_append(str, "autoconnect, "); if (rec->no_proxy) g_string_append(str, "noproxy, "); - if (rec->use_ssl) { - g_string_append(str, "ssl, "); - if (rec->ssl_cert) { - g_string_append_printf(str, "ssl_cert: %s, ", rec->ssl_cert); - if (rec->ssl_pkey) - g_string_append_printf(str, "ssl_pkey: %s, ", rec->ssl_pkey); - if (rec->ssl_pass) + if (rec->use_tls) { + g_string_append(str, "tls, "); + if (rec->tls_cert) { + g_string_append_printf(str, "tls_cert: %s, ", rec->tls_cert); + if (rec->tls_pkey) + g_string_append_printf(str, "tls_pkey: %s, ", rec->tls_pkey); + if (rec->tls_pass) g_string_append_printf(str, "(pass), "); } - if (rec->ssl_verify) - g_string_append(str, "ssl_verify, "); - if (rec->ssl_cafile) - g_string_append_printf(str, "ssl_cafile: %s, ", rec->ssl_cafile); - if (rec->ssl_capath) - g_string_append_printf(str, "ssl_capath: %s, ", rec->ssl_capath); - if (rec->ssl_ciphers) - g_string_append_printf(str, "ssl_ciphers: %s, ", rec->ssl_ciphers); + if (rec->tls_verify) + g_string_append(str, "tls_verify, "); + if (rec->tls_cafile) + g_string_append_printf(str, "tls_cafile: %s, ", rec->tls_cafile); + if (rec->tls_capath) + g_string_append_printf(str, "tls_capath: %s, ", rec->tls_capath); + if (rec->tls_ciphers) + g_string_append_printf(str, "tls_ciphers: %s, ", rec->tls_ciphers); } if (rec->max_cmds_at_once > 0) diff --git a/src/irc/core/irc-servers.c b/src/irc/core/irc-servers.c index 79aeb227..3117e345 100644 --- a/src/irc/core/irc-servers.c +++ b/src/irc/core/irc-servers.c @@ -310,7 +310,7 @@ SERVER_REC *irc_server_init_connect(SERVER_CONNECT_REC *conn) if (server->connrec->port <= 0) { server->connrec->port = - server->connrec->use_ssl ? 6697 : 6667; + server->connrec->use_tls ? 6697 : 6667; } server->cmd_queue_speed = ircconn->cmd_queue_speed > 0 ? @@ -328,7 +328,7 @@ SERVER_REC *irc_server_init_connect(SERVER_CONNECT_REC *conn) ircconn->max_whois : DEFAULT_MAX_WHOIS; server->max_msgs_in_cmd = ircconn->max_msgs > 0 ? ircconn->max_msgs : DEFAULT_MAX_MSGS; - server->connrec->use_ssl = conn->use_ssl; + server->connrec->use_tls = conn->use_tls; modes_server_init(server); diff --git a/src/perl/perl-common.c b/src/perl/perl-common.c index b641867f..1d08319f 100644 --- a/src/perl/perl-common.c +++ b/src/perl/perl-common.c @@ -301,7 +301,8 @@ void perl_connect_fill_hash(HV *hv, SERVER_CONNECT_REC *conn) (void) hv_store(hv, "no_autojoin_channels", 20, newSViv(conn->no_autojoin_channels), 0); (void) hv_store(hv, "no_autosendcmd", 14, newSViv(conn->no_autosendcmd), 0); (void) hv_store(hv, "unix_socket", 11, newSViv(conn->unix_socket), 0); - (void) hv_store(hv, "use_ssl", 7, newSViv(conn->use_ssl), 0); + (void) hv_store(hv, "use_ssl", 7, newSViv(conn->use_tls), 0); + (void) hv_store(hv, "use_tls", 7, newSViv(conn->use_tls), 0); (void) hv_store(hv, "no_connect", 10, newSViv(conn->no_connect), 0); } |