Age | Commit message (Collapse) | Author |
|
This patch adds two new options to /CONNECT and /SERVER to let the user
pin either an x509 certificate and/or the public key of a given server.
It is possible to fetch the certificate outside of Irssi itself to
verify the checksum. To fetch the certificate call:
$ openssl s_client -connect chat.freenode.net:6697 < /dev/null 2>/dev/null | \
openssl x509 > freenode.cert
This will download chat.freenode.net:6697's TLS certificate and put it into the
file freenode.cert.
-tls_pinned_cert
----------------
This option allows you to specify the SHA-256 hash of the x509
certificate. When succesfully connected to the server, irssi will verify
that the given server certificate matches the pin set by the user.
The SHA-256 hash of a given certificate can be verified outside of irssi
using the OpenSSL command line tool:
$ openssl x509 -in freenode.cert -fingerprint -sha256 -noout
-tls_pinned_pubkey
------------------
This option allows you to specify the SHA-256 hash of the subject public key
information section of the server certificate. This section contains both the
cryptographic parameters for the public key, but also information about the
algorithm used together with the public key parameters.
When succesfully connected to the server, irssi will verify that the
given public key matches the pin set by the user.
The SHA-256 hash of a public key can be verified outside of irssi using
the OpenSSL command line tool:
$ openssl x509 -in freenode.cert -pubkey -noout | \
openssl pkey -pubin -outform der | \
openssl dgst -sha256 -c | \
tr a-z A-Z
It is possible to specify both -tls_pinned_cert and -tls_pinned_pubkey
together.
|
|
This patch changes the internal name of SSL to TLS. We also add -tls_*
options to /CONNECT and /SERVER, but make sure that the -ssl_* versions
of the commands continue to work like before.
|
|
|
|
Ip's aren't selected using random() anymore, also select the ip version
by using getaddrinfo and some proper hints.
|
|
The only supported methods are PLAIN and EXTERNAL, the latter is untested as of
now.
The code gets the values from the keys named sasl_{mechanism,username,password}
specified for each chatnet.
|
|
|
|
Fixes: Bug #305
git-svn-id: file:///var/www/svn.irssi.org/SVN/irssi/trunk@5231 dbcabf3a-b0e7-0310-adc4-f8d773084564
|
|
certificate. See the -ssl_* options for /SERVER and /SERVER ADD. Patch by
Joel Eriksson <je-irssi@bitnux.com>.
git-svn-id: http://svn.irssi.org/repos/irssi/trunk@3146 dbcabf3a-b0e7-0310-adc4-f8d773084564
|
|
using /SERVER ADD -ircnet.
git-svn-id: http://svn.irssi.org/repos/irssi/trunk@2890 dbcabf3a-b0e7-0310-adc4-f8d773084564
|
|
-noproxy.
git-svn-id: http://svn.irssi.org/repos/irssi/trunk@2344 dbcabf3a-b0e7-0310-adc4-f8d773084564
|
|
entire chatnet.
git-svn-id: http://svn.irssi.org/repos/irssi/trunk@1361 dbcabf3a-b0e7-0310-adc4-f8d773084564
|
|
at connect() time it's decided which one should be used.
git-svn-id: http://svn.irssi.org/repos/irssi/trunk@1334 dbcabf3a-b0e7-0310-adc4-f8d773084564
|
|
host name resolving. /SERVER ADD: added options -4 and -6. Fixed crash
at startup if server didn't have chat network set. "Connecting to xxx
[ip]" is now displayed before calling connect(), so if it fails we'll
still get the IP it's trying to connect to.
git-svn-id: http://svn.irssi.org/repos/irssi/trunk@1268 dbcabf3a-b0e7-0310-adc4-f8d773084564
|
|
also fixed ctcp_queue_clean() - it might have crashed sometimes..
git-svn-id: http://svn.irssi.org/repos/irssi/trunk@859 dbcabf3a-b0e7-0310-adc4-f8d773084564
|
|
git-svn-id: http://svn.irssi.org/repos/irssi/trunk@640 dbcabf3a-b0e7-0310-adc4-f8d773084564
|
|
git-svn-id: http://svn.irssi.org/repos/irssi/trunk@632 dbcabf3a-b0e7-0310-adc4-f8d773084564
|