summaryrefslogtreecommitdiff
path: root/src/core
AgeCommit message (Collapse)Author
2017-02-14Do not alias /server <hostname> to /server connect <hostname>LemonBoy
Closes #559.
2017-02-06Merge pull request #622 from ailin-nemui/starttlsailin-nemui
provide net_start_ssl api
2017-02-05provide net_start_ssl apiailin-nemui
fixes #615
2017-02-03Support OpenSSL 1.1.0.LemonBoy
- X509_get_notBefore becomes X509_get0_notBefore - X509_get_notAfter becomes X509_get0_notAfter - ASN1_STRING_data becomes ASN1_STRING_get0_data (and drops the const) - The whole library is now initialized by OPENSSL_init_ssl Closes #597
2017-01-22Check whether the client certificate is expired.LemonBoy
Right now we only warn the user, the connection keeps going. Fixes #211
2017-01-06Add OPENSSL_NO_EC for solaris 11.3, see issue #598dequis
Original patch by 'Slarky' According to that ticket, the next major version of solaris won't need this. Consider reverting this when solaris 11.3 stops being relevant.
2017-01-05fix GRegex GError problemailin-nemui
2017-01-03switch for gregex and regex.hAilin Nemui
2017-01-02Use the RAW flag when building the regexps.LemonBoy
Also, plugged a memory leak when retrieving the match position.
2017-01-02Rebase against master.LemonBoy
2017-01-02Remove the regexp_compiled field.LemonBoy
It was made redundant by the introduction of the pointer to the GRegex structure. Silence the compiler warning in textbuffer.c about preg being initialized by setting it to NULL.
2017-01-02Use GLib's regexp interface (backed by PCRE)LemonBoy
2016-12-08Merge pull request #570 from josephbisch/fix-issue-563ailin-nemui
enforce check that chatnets are nodelists to handle invalid config
2016-10-27enforce check that chatnets are nodelists to handle invalid configJoseph Bisch
2016-10-22Only do checks for SSL_get_server_tmp_key in network-openssl.c.Alexander Færøy
2016-10-22Kill do { ... } while (0); and replace it with goto's.Alexander Færøy
2016-10-22Emit the TLS handshake finished signal before we do verification.Alexander Færøy
This patch moves the emitted "tls handshake finished" signal to before we do validation of the given TLS certificate. This ensures that we display certificate information before we possibly error out and disconnects from the server.
2016-10-22Kill support for DANE.Alexander Færøy
This patch removes support for DANE validation of TLS certificates. There wasn't enough support in the IRC community to push for this on the majority of bigger IRC networks. If you believe this should be reintroduced into irssi, then please come up with an implementation that does not rely on the libval library. It is causing a lot of troubles for our downstream maintainers.
2016-10-22Lift EC_KEY declaration onto the entry of the function.Alexander Færøy
2016-10-22Lift ASN1_STRING declaration onto the entry of the function.Alexander Færøy
2016-10-22Declare variables in the beginning of the function.Alexander Færøy
2016-10-22Make sure we clean-up after ourself upon failure.Alexander Færøy
2016-10-22Add x509 certificate and public key pinning support.Alexander Færøy
This patch adds two new options to /CONNECT and /SERVER to let the user pin either an x509 certificate and/or the public key of a given server. It is possible to fetch the certificate outside of Irssi itself to verify the checksum. To fetch the certificate call: $ openssl s_client -connect chat.freenode.net:6697 < /dev/null 2>/dev/null | \ openssl x509 > freenode.cert This will download chat.freenode.net:6697's TLS certificate and put it into the file freenode.cert. -tls_pinned_cert ---------------- This option allows you to specify the SHA-256 hash of the x509 certificate. When succesfully connected to the server, irssi will verify that the given server certificate matches the pin set by the user. The SHA-256 hash of a given certificate can be verified outside of irssi using the OpenSSL command line tool: $ openssl x509 -in freenode.cert -fingerprint -sha256 -noout -tls_pinned_pubkey ------------------ This option allows you to specify the SHA-256 hash of the subject public key information section of the server certificate. This section contains both the cryptographic parameters for the public key, but also information about the algorithm used together with the public key parameters. When succesfully connected to the server, irssi will verify that the given public key matches the pin set by the user. The SHA-256 hash of a public key can be verified outside of irssi using the OpenSSL command line tool: $ openssl x509 -in freenode.cert -pubkey -noout | \ openssl pkey -pubin -outform der | \ openssl dgst -sha256 -c | \ tr a-z A-Z It is possible to specify both -tls_pinned_cert and -tls_pinned_pubkey together.
2016-10-22s/SSL/TLS/ for warning strings.Alexander Færøy
2016-10-22Simplify TLS verification error handling.Alexander Færøy
2016-10-22Populate and emit TLS_REC after TLS handshake have completed.Alexander Færøy
2016-10-22Add TLS_REC.Alexander Færøy
This patch adds the TLS_REC structure. This structure is used to emit information about the TLS handshake from the core of irssi to the front-end layers such that we can display connection information to the user.
2016-10-22Rename SSL to TLS.Alexander Færøy
This patch changes the internal name of SSL to TLS. We also add -tls_* options to /CONNECT and /SERVER, but make sure that the -ssl_* versions of the commands continue to work like before.
2016-10-22Add function to convert a buffer to a colon-delimited hex string.Alexander Færøy
This patch adds binary_to_hex(), which can take an input buffer and convert it to colon-delimited hex strings suitable for printing for fingerprints.
2016-10-16Always build irssi with TLS support.Alexander Færøy
This patch removes the optional checks for whether to build irssi with TLS support or not. This will allow us to ship a default configuration file where we connect to TLS enabled IRC servers out of the box.
2016-09-25nullptr when doing module backward compat on invalid configailin-nemui
2016-06-14Merge pull request #422 from LemonBoy/misc-cleanupailin-nemui
Clean up misc.c
2016-06-13Don't crash when the key isn't found.LemonBoy
2016-06-13Merge pull request #492 from LemonBoy/enumailin-nemui
Enum setting implementation
2016-06-13Use ; as separator instead of ,LemonBoy
2016-06-13Move the validation of the CHOICE setting valueLemonBoy
Also, use a FORMAT to show the error message.
2016-06-12servers-reconnect: pass unix_socket attribute to new connectiondequis
Trying to /reconnect unix sockets turned them into inet.
2016-06-12Strip the surrounding whitespace.LemonBoy
2016-06-12Use strarray_find instead of g_strv_containsLemonBoy
2016-06-12Add a CHOICE type to the settings system.LemonBoy
This is useful to let the user choose an option between a finite set of valid alternatives.
2016-06-06Do not crash on OPTCHAN when item has no serverailin-nemui
May fix bugs.debian.org#826525
2016-06-05Deprecate net_connect()LemonBoy
2016-06-05Factor out some redundant code and remove hashtable_get_keysLemonBoy
2016-06-05str_to_uofft is a tiny wrapper over strtoul{,l}LemonBoy
2016-06-05Update the g_istr_hash function to use the djb hashLemonBoy
2016-06-05Remove unused regexp_matchLemonBoy
2016-06-05Replace strarray_length with g_strv_lengthLemonBoy
2016-06-05Replace strocpy with g_strlcpyLemonBoy
The only difference was that the former returned 1 if the buffer was overflown, but the return value was never checked.
2016-06-05Check the return value of open() in rawlog.cLemonBoy
2016-06-05Replace mkpath with g_mkdir_with_parentsLemonBoy