summaryrefslogtreecommitdiff
path: root/src/core/servers.c
AgeCommit message (Collapse)Author
2016-10-22Add x509 certificate and public key pinning support.Alexander Færøy
This patch adds two new options to /CONNECT and /SERVER to let the user pin either an x509 certificate and/or the public key of a given server. It is possible to fetch the certificate outside of Irssi itself to verify the checksum. To fetch the certificate call: $ openssl s_client -connect chat.freenode.net:6697 < /dev/null 2>/dev/null | \ openssl x509 > freenode.cert This will download chat.freenode.net:6697's TLS certificate and put it into the file freenode.cert. -tls_pinned_cert ---------------- This option allows you to specify the SHA-256 hash of the x509 certificate. When succesfully connected to the server, irssi will verify that the given server certificate matches the pin set by the user. The SHA-256 hash of a given certificate can be verified outside of irssi using the OpenSSL command line tool: $ openssl x509 -in freenode.cert -fingerprint -sha256 -noout -tls_pinned_pubkey ------------------ This option allows you to specify the SHA-256 hash of the subject public key information section of the server certificate. This section contains both the cryptographic parameters for the public key, but also information about the algorithm used together with the public key parameters. When succesfully connected to the server, irssi will verify that the given public key matches the pin set by the user. The SHA-256 hash of a public key can be verified outside of irssi using the OpenSSL command line tool: $ openssl x509 -in freenode.cert -pubkey -noout | \ openssl pkey -pubin -outform der | \ openssl dgst -sha256 -c | \ tr a-z A-Z It is possible to specify both -tls_pinned_cert and -tls_pinned_pubkey together.
2016-10-22Rename SSL to TLS.Alexander Færøy
This patch changes the internal name of SSL to TLS. We also add -tls_* options to /CONNECT and /SERVER, but make sure that the -ssl_* versions of the commands continue to work like before.
2016-10-16Always build irssi with TLS support.Alexander Færøy
This patch removes the optional checks for whether to build irssi with TLS support or not. This will allow us to ship a default configuration file where we connect to TLS enabled IRC servers out of the box.
2016-06-05Factor out some redundant code and remove hashtable_get_keysLemonBoy
2015-09-22Revert "Network and IPv{4,6} related changes"ailin-nemui
2015-09-21Ding dong the switch is deadLemonBoy
2015-09-21Initial work to make irssi respect the resolved ip orderLemonBoy
Ip's aren't selected using random() anymore, also select the ip version by using getaddrinfo and some proper hints.
2015-04-14ssl: Add option to specify SSL cipher suite preference.Haw Loeung
2014-10-11Remove unnecessary NULL checkAlexander Færøy
Fixes: #135
2014-06-15Replace deprecated g_io_channel_close with g_io_channel_shutdown.David Hill
g_io_channel_close flushes the buffer and does not return errors. g_io_channel_shutdown(handle, TRUE, NULL) keeps that behavior.
2014-06-10Replace deprecated g_str[n]casecmp with g_ascii_str[n]cmp.David Hill
2014-01-11Add -ssl_pass to /connect and /serverAlexander Færøy
Fixes: Bug #305 git-svn-id: file:///var/www/svn.irssi.org/SVN/irssi/trunk@5231 dbcabf3a-b0e7-0310-adc4-f8d773084564
2013-06-23Pass SERVER_REC directly to net_connect_ip_sslAlexander Færøy
This patch refactors how we are passing connection information for SSL connections. This will allow us to emit signals with a SERVER_REC as parameter during SSL handshake. git-svn-id: file:///var/www/svn.irssi.org/SVN/irssi/trunk@5219 dbcabf3a-b0e7-0310-adc4-f8d773084564
2010-04-03glib iochannel fixes from exg.Alexander Færøy
git-svn-id: file:///var/www/svn.irssi.org/SVN/irssi/trunk@5137 dbcabf3a-b0e7-0310-adc4-f8d773084564
2009-12-28Check if an SSL certificate matches the hostname of the server we are ↵Wouter Coekaerts
connecting to git-svn-id: file:///var/www/svn.irssi.org/SVN/irssi/trunk@5104 dbcabf3a-b0e7-0310-adc4-f8d773084564
2009-02-08Code Cleanup:Alexander Færøy
Use g_string_printf() instead of g_string_sprintf() (which is considered deprecated.) git-svn-id: file:///var/www/svn.irssi.org/SVN/irssi/trunk@5004 dbcabf3a-b0e7-0310-adc4-f8d773084564
2008-05-22Extend net_sendbuffer by adding a LINEBUF_REC member and a ↵Emanuele Giaquinta
net_sendbuffer_receive_line function to read linewise from the associated io channel. Rewrite irc/dcc/proxy read logic on top of it. git-svn-id: file:///var/www/svn.irssi.org/SVN/irssi/trunk@4841 dbcabf3a-b0e7-0310-adc4-f8d773084564
2008-03-29Move net_disconnect_later declaration from network.h to net-disconnect.h.Emanuele Giaquinta
git-svn-id: http://svn.irssi.org/repos/irssi/trunk@4783 dbcabf3a-b0e7-0310-adc4-f8d773084564
2008-03-09Use g_ascii_str{,n}casecmp for case insensitive comparison withEmanuele Giaquinta
ascii only strings. git-svn-id: http://svn.irssi.org/repos/irssi/trunk@4739 dbcabf3a-b0e7-0310-adc4-f8d773084564
2007-05-31Rewrite SSL connection/handshake code.Emanuele Giaquinta
git-svn-id: http://svn.irssi.org/repos/irssi/trunk@4536 dbcabf3a-b0e7-0310-adc4-f8d773084564
2007-05-08Oops. Update address correctly now.Wouter Coekaerts
git-svn-id: http://svn.irssi.org/repos/irssi/trunk@4490 dbcabf3a-b0e7-0310-adc4-f8d773084564
2007-05-08Update FSF addressWouter Coekaerts
git-svn-id: http://svn.irssi.org/repos/irssi/trunk@4489 dbcabf3a-b0e7-0310-adc4-f8d773084564
2004-01-07If we can't connect to server using given IP, show the IP to user in theTimo Sirainen
error message. git-svn-id: http://svn.irssi.org/repos/irssi/trunk@3197 dbcabf3a-b0e7-0310-adc4-f8d773084564
2003-11-16Support for sending SSL certificate to server and optionally verify server'sTimo Sirainen
certificate. See the -ssl_* options for /SERVER and /SERVER ADD. Patch by Joel Eriksson <je-irssi@bitnux.com>. git-svn-id: http://svn.irssi.org/repos/irssi/trunk@3146 dbcabf3a-b0e7-0310-adc4-f8d773084564
2003-11-16Don't reconnect with invalid own hostname.Timo Sirainen
git-svn-id: http://svn.irssi.org/repos/irssi/trunk@3141 dbcabf3a-b0e7-0310-adc4-f8d773084564
2002-12-04Added no_connect to SERVER_CONNECT_REC, also exported a few other variablesTimo Sirainen
to perl. git-svn-id: http://svn.irssi.org/repos/irssi/trunk@3042 dbcabf3a-b0e7-0310-adc4-f8d773084564
2002-11-28/SET resolve_reverse_lookup to do reverse lookups for server whenTimo Sirainen
/connecting. Patch by c0ffee. git-svn-id: http://svn.irssi.org/repos/irssi/trunk@3027 dbcabf3a-b0e7-0310-adc4-f8d773084564
2002-09-14no, didn't work, again :)Timo Sirainen
git-svn-id: http://svn.irssi.org/repos/irssi/trunk@2920 dbcabf3a-b0e7-0310-adc4-f8d773084564
2002-09-14tag generation didn't check the tags from connecting servers, so same tagTimo Sirainen
could have been duplicated git-svn-id: http://svn.irssi.org/repos/irssi/trunk@2919 dbcabf3a-b0e7-0310-adc4-f8d773084564
2002-08-26Added OpenSSL support by vjt@users.sf.net. Also fixes a possible crash afterTimo Sirainen
using /SERVER ADD -ircnet. git-svn-id: http://svn.irssi.org/repos/irssi/trunk@2890 dbcabf3a-b0e7-0310-adc4-f8d773084564
2002-08-26removed the stupid error-parameters from net_connect*() calls. errno can beTimo Sirainen
used just fine. git-svn-id: http://svn.irssi.org/repos/irssi/trunk@2889 dbcabf3a-b0e7-0310-adc4-f8d773084564
2002-08-09/DISCONNECT <tag> works again for not-yet-connected servers.Timo Sirainen
git-svn-id: http://svn.irssi.org/repos/irssi/trunk@2874 dbcabf3a-b0e7-0310-adc4-f8d773084564
2002-07-16since some servers nowadays don't like having "-" as user/realname, changedTimo Sirainen
the username default to "unknown" and realname default to username. git-svn-id: http://svn.irssi.org/repos/irssi/trunk@2866 dbcabf3a-b0e7-0310-adc4-f8d773084564
2002-05-30server_find_tag() shouldn't return servers in lookup_servers list,Timo Sirainen
especially now that they're not fully initialized in their lookup-state yet.. git-svn-id: http://svn.irssi.org/repos/irssi/trunk@2830 dbcabf3a-b0e7-0310-adc4-f8d773084564
2002-05-28when destroying channel, it really should be removed also fromTimo Sirainen
server->channels list. git-svn-id: http://svn.irssi.org/repos/irssi/trunk@2829 dbcabf3a-b0e7-0310-adc4-f8d773084564
2002-05-20/UPGRADE was broken, changed again the server connection code.Timo Sirainen
git-svn-id: http://svn.irssi.org/repos/irssi/trunk@2821 dbcabf3a-b0e7-0310-adc4-f8d773084564
2002-05-19net_connect*() contains now error parameter, so it can be used to properlyTimo Sirainen
check the errno if connect() fails. Added support for connecting to named UNIX sockets. Some cleanups with session handling / server connecting as well. git-svn-id: http://svn.irssi.org/repos/irssi/trunk@2819 dbcabf3a-b0e7-0310-adc4-f8d773084564
2002-04-10Fixed one error and several warnings with GLIB 2.0Timo Sirainen
git-svn-id: http://svn.irssi.org/repos/irssi/trunk@2663 dbcabf3a-b0e7-0310-adc4-f8d773084564
2002-03-31Don't set channel->server = NULL when disconnecting, so scripts can stillTimo Sirainen
use it in eg. "channel destroyed". Patch by Qrczak git-svn-id: http://svn.irssi.org/repos/irssi/trunk@2648 dbcabf3a-b0e7-0310-adc4-f8d773084564
2002-03-13When IPv4 or v6 wasn't forced, irssi picked improperly IPv4 even if thereTimo Sirainen
was only v6 address. git-svn-id: http://svn.irssi.org/repos/irssi/trunk@2591 dbcabf3a-b0e7-0310-adc4-f8d773084564
2002-03-10If -4 or -6 option is used with /SERVER, force the correct protocol match.Timo Sirainen
eg. /SERVER -6 host either connects to IPv6 host or fails. git-svn-id: http://svn.irssi.org/repos/irssi/trunk@2564 dbcabf3a-b0e7-0310-adc4-f8d773084564
2002-02-07Set objects ->type = 0 when freeing to make sure we notice immediately ifTimo Sirainen
they're being used after freed. git-svn-id: http://svn.irssi.org/repos/irssi/trunk@2399 dbcabf3a-b0e7-0310-adc4-f8d773084564
2002-01-28Don't change the "wanted nick" when receiving NICK event from server, unlessTimo Sirainen
we did the /NICK change. This is useful with the new irc servers changing your nick to your UID instead of killing you, at reconnect time you'd get "invalid nick" when irssi would try setting the UID as your nick.. git-svn-id: http://svn.irssi.org/repos/irssi/trunk@2351 dbcabf3a-b0e7-0310-adc4-f8d773084564
2002-01-26Added -rawlog <file> option to /CONNECT and /SERVER, so you can get theTimo Sirainen
rawlog from servers that disconnect you too fast. git-svn-id: http://svn.irssi.org/repos/irssi/trunk@2346 dbcabf3a-b0e7-0310-adc4-f8d773084564
2002-01-22last commit was only partial :)Timo Sirainen
git-svn-id: http://svn.irssi.org/repos/irssi/trunk@2340 dbcabf3a-b0e7-0310-adc4-f8d773084564
2002-01-22Added /SET proxy_string_after setting which gets sent after NICK/USER, bncTimo Sirainen
wants this. git-svn-id: http://svn.irssi.org/repos/irssi/trunk@2338 dbcabf3a-b0e7-0310-adc4-f8d773084564
2002-01-02server_disconnect() should do nothing if you call it twice, especially itTimo Sirainen
shouldn't emit the "server disconnected" again. We'll now handle the remaining data coming from server after disconnection. git-svn-id: http://svn.irssi.org/repos/irssi/trunk@2290 dbcabf3a-b0e7-0310-adc4-f8d773084564
2001-12-14Added reference counting to server record. At least now we don't accidentallyTimo Sirainen
use a destroyed server record when some /command disconnects the server (shouldn't happen really) or when irc_send_cmd() fails sending data to server and disconnects the server (I don't know if this ever happens, but if it does, it very well could have caused crashes) git-svn-id: http://svn.irssi.org/repos/irssi/trunk@2243 dbcabf3a-b0e7-0310-adc4-f8d773084564
2001-11-19/UPGRADE didn't work properly when you were connected to multiple servers.Timo Sirainen
git-svn-id: http://svn.irssi.org/repos/irssi/trunk@2080 dbcabf3a-b0e7-0310-adc4-f8d773084564
2001-11-19/UPGRADE - upgrade-on-the-fly feature. Currently only moves the activeTimo Sirainen
server connections to the new irssi process, but that should be enough to never quit from IRC again :) git-svn-id: http://svn.irssi.org/repos/irssi/trunk@2070 dbcabf3a-b0e7-0310-adc4-f8d773084564