summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2016-12-21Merge pull request #587 from ailin-nemui/sbar_crashailin-nemui
add assertion to statusbar_read_group
2016-12-15Merge pull request #588 from ailin-nemui/mirc_99LemonBoy
reset background for mirc colour 99
2016-12-15reset background for mirc colour 99ailin-nemui
fix #571
2016-12-15add assertion to statusbar_read_groupailin-nemui
fix #564
2016-12-08Merge pull request #581 from LemonBoy/set-contractailin-nemui
Enforce the is_node_list contract in lib-config setters.
2016-12-08Merge pull request #570 from josephbisch/fix-issue-563ailin-nemui
enforce check that chatnets are nodelists to handle invalid config
2016-11-29Enforce the is_node_list contract in lib-config setters.LemonBoy
An assertion failure is better than a segfault.
2016-11-29Merge pull request #579 from mmuman/haiku-libnetworkLemonBoy
Check for socket() in libnetwork for Haiku
2016-11-29Merge pull request #565 from ahf/bug/524LemonBoy
Kill bell_beeps.
2016-11-27Check for socket() in libnetwork for HaikuFrançois Revol
2016-11-25Merge pull request #577 from LemonBoy/flagzLemonBoy
Minor corrections to the netsplit code.
2016-11-25Merge pull request #578 from ailin-nemui/dcc_bufferLemonBoy
add a static buffer for dcc received data
2016-11-23Don't shadow the 'channel' variable when printing the netjoins.LemonBoy
This is the root cause of #567
2016-11-23add a static buffer for dcc received dataailin-nemui
increased buffersize might make irssi freeze less / #159
2016-11-23Minor corrections to the netsplit code.LemonBoy
2016-11-11Merge pull request #574 from lotheac/masterailin-nemui
add completion_empty_line setting
2016-11-08add completion_empty_line settingLauri Tirkkonen
2016-11-02Merge pull request #573 from ailin-nemui/masterailin-nemui
add missing inheritance to Exec item from 3532fc46
2016-11-01add missing inheritance to Exec item from 3532fc46ailin-nemui
2016-10-31Merge pull request #557 from irssi/ahf/tls-prailin-nemui
TLS enhancements
2016-10-27enforce check that chatnets are nodelists to handle invalid configJoseph Bisch
2016-10-23Kill bell_beeps.Alexander Færøy
Fixes #524
2016-10-23Shorten the certificate chain output.Alexander Færøy
2016-10-22Only do checks for SSL_get_server_tmp_key in network-openssl.c.Alexander Færøy
2016-10-22Kill do { ... } while (0); and replace it with goto's.Alexander Færøy
2016-10-22Emit the TLS handshake finished signal before we do verification.Alexander Færøy
This patch moves the emitted "tls handshake finished" signal to before we do validation of the given TLS certificate. This ensures that we display certificate information before we possibly error out and disconnects from the server.
2016-10-22Kill support for DANE.Alexander Færøy
This patch removes support for DANE validation of TLS certificates. There wasn't enough support in the IRC community to push for this on the majority of bigger IRC networks. If you believe this should be reintroduced into irssi, then please come up with an implementation that does not rely on the libval library. It is causing a lot of troubles for our downstream maintainers.
2016-10-22Lift EC_KEY declaration onto the entry of the function.Alexander Færøy
2016-10-22Lift ASN1_STRING declaration onto the entry of the function.Alexander Færøy
2016-10-22Declare variables in the beginning of the function.Alexander Færøy
2016-10-22Make sure we clean-up after ourself upon failure.Alexander Færøy
2016-10-22Add x509 certificate and public key pinning support.Alexander Færøy
This patch adds two new options to /CONNECT and /SERVER to let the user pin either an x509 certificate and/or the public key of a given server. It is possible to fetch the certificate outside of Irssi itself to verify the checksum. To fetch the certificate call: $ openssl s_client -connect chat.freenode.net:6697 < /dev/null 2>/dev/null | \ openssl x509 > freenode.cert This will download chat.freenode.net:6697's TLS certificate and put it into the file freenode.cert. -tls_pinned_cert ---------------- This option allows you to specify the SHA-256 hash of the x509 certificate. When succesfully connected to the server, irssi will verify that the given server certificate matches the pin set by the user. The SHA-256 hash of a given certificate can be verified outside of irssi using the OpenSSL command line tool: $ openssl x509 -in freenode.cert -fingerprint -sha256 -noout -tls_pinned_pubkey ------------------ This option allows you to specify the SHA-256 hash of the subject public key information section of the server certificate. This section contains both the cryptographic parameters for the public key, but also information about the algorithm used together with the public key parameters. When succesfully connected to the server, irssi will verify that the given public key matches the pin set by the user. The SHA-256 hash of a public key can be verified outside of irssi using the OpenSSL command line tool: $ openssl x509 -in freenode.cert -pubkey -noout | \ openssl pkey -pubin -outform der | \ openssl dgst -sha256 -c | \ tr a-z A-Z It is possible to specify both -tls_pinned_cert and -tls_pinned_pubkey together.
2016-10-22Display TLS connection information when connected to a TLS enabled server.Alexander Færøy
2016-10-22s/SSL/TLS/ for warning strings.Alexander Færøy
2016-10-22Simplify TLS verification error handling.Alexander Færøy
2016-10-22Populate and emit TLS_REC after TLS handshake have completed.Alexander Færøy
2016-10-22Add TLS_REC.Alexander Færøy
This patch adds the TLS_REC structure. This structure is used to emit information about the TLS handshake from the core of irssi to the front-end layers such that we can display connection information to the user.
2016-10-22Use TLS by default for Freenode, IRC6, OFTC, EsperNet, EFnet, and Rizon.Alexander Færøy
2016-10-22Rename SSL to TLS.Alexander Færøy
This patch changes the internal name of SSL to TLS. We also add -tls_* options to /CONNECT and /SERVER, but make sure that the -ssl_* versions of the commands continue to work like before.
2016-10-22Add function to convert a buffer to a colon-delimited hex string.Alexander Færøy
This patch adds binary_to_hex(), which can take an input buffer and convert it to colon-delimited hex strings suitable for printing for fingerprints.
2016-10-16Always build irssi with TLS support.Alexander Færøy
This patch removes the optional checks for whether to build irssi with TLS support or not. This will allow us to ship a default configuration file where we connect to TLS enabled IRC servers out of the box.
2016-10-12Merge pull request #556 from koollman/masterailin-nemui
update INSTALL requirement: terminfo or ncurses for text frontend
2016-10-11Merge pull request #465 from LemonBoy/netsplit-printailin-nemui
Some small adjustments to the netsplit code.
2016-10-07Merge pull request #555 from LemonBoy/attr-signednessailin-nemui
Make the cap_complete field unsigned.
2016-10-05update INSTALL requirement: terminfo or ncurses for text frontendThomas Samson
2016-09-30Make the cap_complete field unsigned.LemonBoy
Fixes a problem where the field would end up as a negative number when exposed to the perl scripts. And move it near the other bit-packed fields so we take advantage of the packing.
2016-09-26Merge pull request #506 from kruton/sasl-400-byte-chunkailin-nemui
SASL: handle fragmentation
2016-09-26Merge pull request #551 from ailin-nemui/fix-550ailin-nemui
nullptr when doing module backward compat on invalid config
2016-09-25nullptr when doing module backward compat on invalid configailin-nemui
2016-09-22Merge pull request #542 from LemonBoy/xs-addailin-nemui
Expose the CAP fields to the perl scripts.