summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2016-10-22Add x509 certificate and public key pinning support.Alexander Færøy
This patch adds two new options to /CONNECT and /SERVER to let the user pin either an x509 certificate and/or the public key of a given server. It is possible to fetch the certificate outside of Irssi itself to verify the checksum. To fetch the certificate call: $ openssl s_client -connect chat.freenode.net:6697 < /dev/null 2>/dev/null | \ openssl x509 > freenode.cert This will download chat.freenode.net:6697's TLS certificate and put it into the file freenode.cert. -tls_pinned_cert ---------------- This option allows you to specify the SHA-256 hash of the x509 certificate. When succesfully connected to the server, irssi will verify that the given server certificate matches the pin set by the user. The SHA-256 hash of a given certificate can be verified outside of irssi using the OpenSSL command line tool: $ openssl x509 -in freenode.cert -fingerprint -sha256 -noout -tls_pinned_pubkey ------------------ This option allows you to specify the SHA-256 hash of the subject public key information section of the server certificate. This section contains both the cryptographic parameters for the public key, but also information about the algorithm used together with the public key parameters. When succesfully connected to the server, irssi will verify that the given public key matches the pin set by the user. The SHA-256 hash of a public key can be verified outside of irssi using the OpenSSL command line tool: $ openssl x509 -in freenode.cert -pubkey -noout | \ openssl pkey -pubin -outform der | \ openssl dgst -sha256 -c | \ tr a-z A-Z It is possible to specify both -tls_pinned_cert and -tls_pinned_pubkey together.
2016-10-22Display TLS connection information when connected to a TLS enabled server.Alexander Færøy
2016-10-22s/SSL/TLS/ for warning strings.Alexander Færøy
2016-10-22Simplify TLS verification error handling.Alexander Færøy
2016-10-22Populate and emit TLS_REC after TLS handshake have completed.Alexander Færøy
2016-10-22Add TLS_REC.Alexander Færøy
This patch adds the TLS_REC structure. This structure is used to emit information about the TLS handshake from the core of irssi to the front-end layers such that we can display connection information to the user.
2016-10-22Use TLS by default for Freenode, IRC6, OFTC, EsperNet, EFnet, and Rizon.Alexander Færøy
2016-10-22Rename SSL to TLS.Alexander Færøy
This patch changes the internal name of SSL to TLS. We also add -tls_* options to /CONNECT and /SERVER, but make sure that the -ssl_* versions of the commands continue to work like before.
2016-10-22Add function to convert a buffer to a colon-delimited hex string.Alexander Færøy
This patch adds binary_to_hex(), which can take an input buffer and convert it to colon-delimited hex strings suitable for printing for fingerprints.
2016-10-16Always build irssi with TLS support.Alexander Færøy
This patch removes the optional checks for whether to build irssi with TLS support or not. This will allow us to ship a default configuration file where we connect to TLS enabled IRC servers out of the box.
2016-10-12Merge pull request #556 from koollman/masterailin-nemui
update INSTALL requirement: terminfo or ncurses for text frontend
2016-10-11Merge pull request #465 from LemonBoy/netsplit-printailin-nemui
Some small adjustments to the netsplit code.
2016-10-07Merge pull request #555 from LemonBoy/attr-signednessailin-nemui
Make the cap_complete field unsigned.
2016-10-05update INSTALL requirement: terminfo or ncurses for text frontendThomas Samson
2016-09-30Make the cap_complete field unsigned.LemonBoy
Fixes a problem where the field would end up as a negative number when exposed to the perl scripts. And move it near the other bit-packed fields so we take advantage of the packing.
2016-09-26Merge pull request #506 from kruton/sasl-400-byte-chunkailin-nemui
SASL: handle fragmentation
2016-09-26Merge pull request #551 from ailin-nemui/fix-550ailin-nemui
nullptr when doing module backward compat on invalid config
2016-09-25nullptr when doing module backward compat on invalid configailin-nemui
2016-09-22Merge pull request #542 from LemonBoy/xs-addailin-nemui
Expose the CAP fields to the perl scripts.
2016-09-22Merge pull request #548 from ailin-nemui/buf-fixailin-nemui
sync buf.pl
2016-09-22sync buf.plailin-nemui
2016-09-21Merge branch 'integrate/0.8.20'ailin-nemui
2016-09-21Merge branch 'master' into integrate/0.8.20ailin-nemui
2016-09-20Merge branch 'quarkslab'ailin-nemui
2016-09-20Update NEWS for 0.8.20ailin-nemui
2016-09-20Patches for heap corruption and missing bounds checkailin-nemui
By Gabriel Campana and Adrien Guinet from Quarkslab.
2016-09-19Merge pull request #540 from LemonBoy/reset-autorunailin-nemui
/script reset can now also run the autorun scripts
2016-09-15Expose 'cap_toggle' to the perl scripts.LemonBoy
2016-09-14tag as 0.8.20ailin-nemui
2016-09-14Merge branch 'quarkslab'ailin-nemui
2016-09-14Update NEWS for 0.8.20ailin-nemui
2016-09-14Merge pull request #477 from dennisschagt/masterailin-nemui
Correct error/typo "You"->"Your" in help message
2016-09-14Merge pull request #467 from dequis/EAI_SYSTEMailin-nemui
net_gethosterror: Handle EAI_SYSTEM ("System error") properly
2016-09-14Merge pull request #461 from ailin-nemui/fix_squeryailin-nemui
Revert "Removed the obsolete SQUERY and SERVLIST commands"
2016-09-14Merge pull request #515 from LemonBoy/signal-protoailin-nemui
Correct the prototype for the 'message private' signal.
2016-09-14Merge pull request #518 from vague666/hilight_helpdx
Wrong order in the arguments in /hilight example, -mask doesn't take …
2016-09-14Merge pull request #529 from ailin-nemui/issue500ailin-nemui
fix nick->host == NULL crash
2016-09-14Merge pull request #533 from dequis/statusmessLemonBoy
Set the default STATUSMSG to @ instead of @+ if it's missing
2016-09-13Merge pull request #516 from LemonBoy/comp-fileailin-nemui
Fix the tab completion for paths starting with ./
2016-09-13Merge pull request #543 from LemonBoy/script-error-messageailin-nemui
Make sure to make a copy of ERRSV content.
2016-09-13Make sure to make a copy of ERRSV content.LemonBoy
Otherwise we might end up showing an empty message. Fixes #522.
2016-09-13Expose the CAP fields to the perl scripts.LemonBoy
2016-09-11Merge pull request #535 from irssi/ailin-nemui-install-local-libdx
Update INSTALL to reflect perl changes
2016-09-11Document the addition of the -autorun switch for /script reset.LemonBoy
2016-09-11Add a '-autorun' switch to /script resetLemonBoy
This way we reload all the scripts in the autorun folder.
2016-09-04Merge pull request #533 from dequis/statusmessLemonBoy
Set the default STATUSMSG to @ instead of @+ if it's missing
2016-08-29SASL: handle fragmentationKenny Root
The IRCv3 SASL extension says that AUTHENTICATION payloads of exactly 400 bytes in length indicate that the message is fragmented and will continue in a subsequent message. Handle the reassembly and splitting of these messages so that we are compliant with the specification.
2016-08-29Update INSTALLailin-nemui
2016-08-25Merge pull request #529 from ailin-nemui/issue500ailin-nemui
fix nick->host == NULL crash
2016-08-24Set the default STATUSMSG to @ instead of @+ if it's missingdequis
This fixes two issues: - IRCNet doesn't have STATUSMSG, but it supports +channels, and including + in the default value meant processing those incorrectly - The "bahamut hack", for old servers that support but don't advertise STATUSMSG, didn't work since ischannel_func doesn't use the default. The choice of @ intentionally leaves out support for other STATUSMSG (for example, AzzurraNet's bahamut 1.4 fork seemed to support + and % in any order, contradicting the comment in the code). I think this is a decent tradeoff, given how those servers are uncommon and relying on +# or %# is even less common than @#. Fixes #531