Age | Commit message (Collapse) | Author |
|
This patch adds two new options to /CONNECT and /SERVER to let the user
pin either an x509 certificate and/or the public key of a given server.
It is possible to fetch the certificate outside of Irssi itself to
verify the checksum. To fetch the certificate call:
$ openssl s_client -connect chat.freenode.net:6697 < /dev/null 2>/dev/null | \
openssl x509 > freenode.cert
This will download chat.freenode.net:6697's TLS certificate and put it into the
file freenode.cert.
-tls_pinned_cert
----------------
This option allows you to specify the SHA-256 hash of the x509
certificate. When succesfully connected to the server, irssi will verify
that the given server certificate matches the pin set by the user.
The SHA-256 hash of a given certificate can be verified outside of irssi
using the OpenSSL command line tool:
$ openssl x509 -in freenode.cert -fingerprint -sha256 -noout
-tls_pinned_pubkey
------------------
This option allows you to specify the SHA-256 hash of the subject public key
information section of the server certificate. This section contains both the
cryptographic parameters for the public key, but also information about the
algorithm used together with the public key parameters.
When succesfully connected to the server, irssi will verify that the
given public key matches the pin set by the user.
The SHA-256 hash of a public key can be verified outside of irssi using
the OpenSSL command line tool:
$ openssl x509 -in freenode.cert -pubkey -noout | \
openssl pkey -pubin -outform der | \
openssl dgst -sha256 -c | \
tr a-z A-Z
It is possible to specify both -tls_pinned_cert and -tls_pinned_pubkey
together.
|
|
This patch changes the internal name of SSL to TLS. We also add -tls_*
options to /CONNECT and /SERVER, but make sure that the -ssl_* versions
of the commands continue to work like before.
|
|
This patch removes the optional checks for whether to build irssi with
TLS support or not. This will allow us to ship a default configuration
file where we connect to TLS enabled IRC servers out of the box.
|
|
|
|
|
|
|
|
Ip's aren't selected using random() anymore, also select the ip version
by using getaddrinfo and some proper hints.
|
|
|
|
Fixes: #135
|
|
g_io_channel_close flushes the buffer and does not return errors.
g_io_channel_shutdown(handle, TRUE, NULL) keeps that behavior.
|
|
|
|
Fixes: Bug #305
git-svn-id: file:///var/www/svn.irssi.org/SVN/irssi/trunk@5231 dbcabf3a-b0e7-0310-adc4-f8d773084564
|
|
This patch refactors how we are passing connection information for SSL
connections. This will allow us to emit signals with a SERVER_REC as
parameter during SSL handshake.
git-svn-id: file:///var/www/svn.irssi.org/SVN/irssi/trunk@5219 dbcabf3a-b0e7-0310-adc4-f8d773084564
|
|
git-svn-id: file:///var/www/svn.irssi.org/SVN/irssi/trunk@5137 dbcabf3a-b0e7-0310-adc4-f8d773084564
|
|
connecting to
git-svn-id: file:///var/www/svn.irssi.org/SVN/irssi/trunk@5104 dbcabf3a-b0e7-0310-adc4-f8d773084564
|
|
Use g_string_printf() instead of g_string_sprintf() (which is considered deprecated.)
git-svn-id: file:///var/www/svn.irssi.org/SVN/irssi/trunk@5004 dbcabf3a-b0e7-0310-adc4-f8d773084564
|
|
net_sendbuffer_receive_line
function to read linewise from the associated io channel.
Rewrite irc/dcc/proxy read logic on top of it.
git-svn-id: file:///var/www/svn.irssi.org/SVN/irssi/trunk@4841 dbcabf3a-b0e7-0310-adc4-f8d773084564
|
|
git-svn-id: http://svn.irssi.org/repos/irssi/trunk@4783 dbcabf3a-b0e7-0310-adc4-f8d773084564
|
|
ascii only strings.
git-svn-id: http://svn.irssi.org/repos/irssi/trunk@4739 dbcabf3a-b0e7-0310-adc4-f8d773084564
|
|
git-svn-id: http://svn.irssi.org/repos/irssi/trunk@4536 dbcabf3a-b0e7-0310-adc4-f8d773084564
|
|
git-svn-id: http://svn.irssi.org/repos/irssi/trunk@4490 dbcabf3a-b0e7-0310-adc4-f8d773084564
|
|
git-svn-id: http://svn.irssi.org/repos/irssi/trunk@4489 dbcabf3a-b0e7-0310-adc4-f8d773084564
|
|
error message.
git-svn-id: http://svn.irssi.org/repos/irssi/trunk@3197 dbcabf3a-b0e7-0310-adc4-f8d773084564
|
|
certificate. See the -ssl_* options for /SERVER and /SERVER ADD. Patch by
Joel Eriksson <je-irssi@bitnux.com>.
git-svn-id: http://svn.irssi.org/repos/irssi/trunk@3146 dbcabf3a-b0e7-0310-adc4-f8d773084564
|
|
git-svn-id: http://svn.irssi.org/repos/irssi/trunk@3141 dbcabf3a-b0e7-0310-adc4-f8d773084564
|
|
to perl.
git-svn-id: http://svn.irssi.org/repos/irssi/trunk@3042 dbcabf3a-b0e7-0310-adc4-f8d773084564
|
|
/connecting. Patch by c0ffee.
git-svn-id: http://svn.irssi.org/repos/irssi/trunk@3027 dbcabf3a-b0e7-0310-adc4-f8d773084564
|
|
git-svn-id: http://svn.irssi.org/repos/irssi/trunk@2920 dbcabf3a-b0e7-0310-adc4-f8d773084564
|
|
could have been duplicated
git-svn-id: http://svn.irssi.org/repos/irssi/trunk@2919 dbcabf3a-b0e7-0310-adc4-f8d773084564
|
|
using /SERVER ADD -ircnet.
git-svn-id: http://svn.irssi.org/repos/irssi/trunk@2890 dbcabf3a-b0e7-0310-adc4-f8d773084564
|
|
used just fine.
git-svn-id: http://svn.irssi.org/repos/irssi/trunk@2889 dbcabf3a-b0e7-0310-adc4-f8d773084564
|
|
git-svn-id: http://svn.irssi.org/repos/irssi/trunk@2874 dbcabf3a-b0e7-0310-adc4-f8d773084564
|
|
the username default to "unknown" and realname default to username.
git-svn-id: http://svn.irssi.org/repos/irssi/trunk@2866 dbcabf3a-b0e7-0310-adc4-f8d773084564
|
|
especially now that they're not fully initialized in their lookup-state
yet..
git-svn-id: http://svn.irssi.org/repos/irssi/trunk@2830 dbcabf3a-b0e7-0310-adc4-f8d773084564
|
|
server->channels list.
git-svn-id: http://svn.irssi.org/repos/irssi/trunk@2829 dbcabf3a-b0e7-0310-adc4-f8d773084564
|
|
git-svn-id: http://svn.irssi.org/repos/irssi/trunk@2821 dbcabf3a-b0e7-0310-adc4-f8d773084564
|
|
check the errno if connect() fails.
Added support for connecting to named UNIX sockets. Some cleanups with
session handling / server connecting as well.
git-svn-id: http://svn.irssi.org/repos/irssi/trunk@2819 dbcabf3a-b0e7-0310-adc4-f8d773084564
|
|
git-svn-id: http://svn.irssi.org/repos/irssi/trunk@2663 dbcabf3a-b0e7-0310-adc4-f8d773084564
|
|
use it in eg. "channel destroyed". Patch by Qrczak
git-svn-id: http://svn.irssi.org/repos/irssi/trunk@2648 dbcabf3a-b0e7-0310-adc4-f8d773084564
|
|
was only v6 address.
git-svn-id: http://svn.irssi.org/repos/irssi/trunk@2591 dbcabf3a-b0e7-0310-adc4-f8d773084564
|
|
eg. /SERVER -6 host either connects to IPv6 host or fails.
git-svn-id: http://svn.irssi.org/repos/irssi/trunk@2564 dbcabf3a-b0e7-0310-adc4-f8d773084564
|
|
they're being used after freed.
git-svn-id: http://svn.irssi.org/repos/irssi/trunk@2399 dbcabf3a-b0e7-0310-adc4-f8d773084564
|
|
we did the /NICK change. This is useful with the new irc servers changing
your nick to your UID instead of killing you, at reconnect time you'd get
"invalid nick" when irssi would try setting the UID as your nick..
git-svn-id: http://svn.irssi.org/repos/irssi/trunk@2351 dbcabf3a-b0e7-0310-adc4-f8d773084564
|
|
rawlog from servers that disconnect you too fast.
git-svn-id: http://svn.irssi.org/repos/irssi/trunk@2346 dbcabf3a-b0e7-0310-adc4-f8d773084564
|
|
git-svn-id: http://svn.irssi.org/repos/irssi/trunk@2340 dbcabf3a-b0e7-0310-adc4-f8d773084564
|
|
wants this.
git-svn-id: http://svn.irssi.org/repos/irssi/trunk@2338 dbcabf3a-b0e7-0310-adc4-f8d773084564
|
|
shouldn't emit the "server disconnected" again.
We'll now handle the remaining data coming from server after disconnection.
git-svn-id: http://svn.irssi.org/repos/irssi/trunk@2290 dbcabf3a-b0e7-0310-adc4-f8d773084564
|
|
use a destroyed server record when some /command disconnects the server
(shouldn't happen really) or when irc_send_cmd() fails sending data to server
and disconnects the server (I don't know if this ever happens, but if it does,
it very well could have caused crashes)
git-svn-id: http://svn.irssi.org/repos/irssi/trunk@2243 dbcabf3a-b0e7-0310-adc4-f8d773084564
|
|
git-svn-id: http://svn.irssi.org/repos/irssi/trunk@2080 dbcabf3a-b0e7-0310-adc4-f8d773084564
|
|
server connections to the new irssi process, but that should be enough to
never quit from IRC again :)
git-svn-id: http://svn.irssi.org/repos/irssi/trunk@2070 dbcabf3a-b0e7-0310-adc4-f8d773084564
|