irssi - The client of the future

Age	Commit message (Collapse)	Author
2016-10-22	Only do checks for SSL_get_server_tmp_key in network-openssl.c.	Alexander Færøy

2016-10-22	Kill do { ... } while (0); and replace it with goto's.	Alexander Færøy

2016-10-22	Emit the TLS handshake finished signal before we do verification.	Alexander Færøy
	This patch moves the emitted "tls handshake finished" signal to before we do validation of the given TLS certificate. This ensures that we display certificate information before we possibly error out and disconnects from the server.
2016-10-22	Kill support for DANE.	Alexander Færøy
	This patch removes support for DANE validation of TLS certificates. There wasn't enough support in the IRC community to push for this on the majority of bigger IRC networks. If you believe this should be reintroduced into irssi, then please come up with an implementation that does not rely on the libval library. It is causing a lot of troubles for our downstream maintainers.
2016-10-22	Lift EC_KEY declaration onto the entry of the function.	Alexander Færøy

2016-10-22	Lift ASN1_STRING declaration onto the entry of the function.	Alexander Færøy

2016-10-22	Declare variables in the beginning of the function.	Alexander Færøy

2016-10-22	Make sure we clean-up after ourself upon failure.	Alexander Færøy

2016-10-22	Add x509 certificate and public key pinning support.	Alexander Færøy
	This patch adds two new options to /CONNECT and /SERVER to let the user pin either an x509 certificate and/or the public key of a given server. It is possible to fetch the certificate outside of Irssi itself to verify the checksum. To fetch the certificate call: $ openssl s_client -connect chat.freenode.net:6697 < /dev/null 2>/dev/null \| \ openssl x509 > freenode.cert This will download chat.freenode.net:6697's TLS certificate and put it into the file freenode.cert. -tls_pinned_cert ---------------- This option allows you to specify the SHA-256 hash of the x509 certificate. When succesfully connected to the server, irssi will verify that the given server certificate matches the pin set by the user. The SHA-256 hash of a given certificate can be verified outside of irssi using the OpenSSL command line tool: $ openssl x509 -in freenode.cert -fingerprint -sha256 -noout -tls_pinned_pubkey ------------------ This option allows you to specify the SHA-256 hash of the subject public key information section of the server certificate. This section contains both the cryptographic parameters for the public key, but also information about the algorithm used together with the public key parameters. When succesfully connected to the server, irssi will verify that the given public key matches the pin set by the user. The SHA-256 hash of a public key can be verified outside of irssi using the OpenSSL command line tool: $ openssl x509 -in freenode.cert -pubkey -noout \| \ openssl pkey -pubin -outform der \| \ openssl dgst -sha256 -c \| \ tr a-z A-Z It is possible to specify both -tls_pinned_cert and -tls_pinned_pubkey together.
2016-10-22	s/SSL/TLS/ for warning strings.	Alexander Færøy

2016-10-22	Simplify TLS verification error handling.	Alexander Færøy

2016-10-22	Populate and emit TLS_REC after TLS handshake have completed.	Alexander Færøy

2016-10-22	Add TLS_REC.	Alexander Færøy
	This patch adds the TLS_REC structure. This structure is used to emit information about the TLS handshake from the core of irssi to the front-end layers such that we can display connection information to the user.
2016-10-22	Rename SSL to TLS.	Alexander Færøy
	This patch changes the internal name of SSL to TLS. We also add -tls_* options to /CONNECT and /SERVER, but make sure that the -ssl_* versions of the commands continue to work like before.
2016-10-22	Add function to convert a buffer to a colon-delimited hex string.	Alexander Færøy
	This patch adds binary_to_hex(), which can take an input buffer and convert it to colon-delimited hex strings suitable for printing for fingerprints.
2016-10-16	Always build irssi with TLS support.	Alexander Færøy
	This patch removes the optional checks for whether to build irssi with TLS support or not. This will allow us to ship a default configuration file where we connect to TLS enabled IRC servers out of the box.
2016-09-25	nullptr when doing module backward compat on invalid config	ailin-nemui

2016-06-14	Merge pull request #422 from LemonBoy/misc-cleanup	ailin-nemui
	Clean up misc.c
2016-06-13	Don't crash when the key isn't found.	LemonBoy

2016-06-13	Merge pull request #492 from LemonBoy/enum	ailin-nemui
	Enum setting implementation
2016-06-13	Use ; as separator instead of ,	LemonBoy

2016-06-13	Move the validation of the CHOICE setting value	LemonBoy
	Also, use a FORMAT to show the error message.
2016-06-12	servers-reconnect: pass unix_socket attribute to new connection	dequis
	Trying to /reconnect unix sockets turned them into inet.
2016-06-12	Strip the surrounding whitespace.	LemonBoy

2016-06-12	Use strarray_find instead of g_strv_contains	LemonBoy

2016-06-12	Add a CHOICE type to the settings system.	LemonBoy
	This is useful to let the user choose an option between a finite set of valid alternatives.
2016-06-06	Do not crash on OPTCHAN when item has no server	ailin-nemui
	May fix bugs.debian.org#826525
2016-06-05	Deprecate net_connect()	LemonBoy

2016-06-05	Factor out some redundant code and remove hashtable_get_keys	LemonBoy

2016-06-05	str_to_uofft is a tiny wrapper over strtoul{,l}	LemonBoy

2016-06-05	Update the g_istr_hash function to use the djb hash	LemonBoy

2016-06-05	Remove unused regexp_match	LemonBoy

2016-06-05	Replace strarray_length with g_strv_length	LemonBoy

2016-06-05	Replace strocpy with g_strlcpy	LemonBoy
	The only difference was that the former returned 1 if the buffer was overflown, but the return value was never checked.
2016-06-05	Check the return value of open() in rawlog.c	LemonBoy

2016-06-05	Replace mkpath with g_mkdir_with_parents	LemonBoy

2016-05-18	fix dist compilation failure	ailin-nemui
	remove illegal wcwidth.c include and compile wcwidth.c correct #include in wcwidth.c fallout from #480
2016-05-13	Convert string policies from #define to enum.	Xavier G

2016-05-13	Adjust some conditions.	Xavier G

2016-05-13	Make get_alignment() available outside special-vars.c	Xavier G

2016-05-13	get_alignment: handle UTF-8 strings.	Xavier G
	get_alignment now works with columns (width), not bytes, although it is liable to work with bytes if the given text is not a valid UTF-8 string.
2016-05-13	Fix indentation of display_sorted_nicks().	Xavier G
	This was done assuming an "indent with tab, align with spaces" approach. get_alignment also benefited from a minor indentation fix.
2016-05-13	Introduce string_chars_for_width().	Xavier G

2016-05-13	Introduce string_length() and string_width().	Xavier G

2016-05-13	Leverage string_policy().	Xavier G

2016-05-13	Introduce string_policy().	Xavier G

2016-05-13	Rename advance() into string_advance().	Xavier G

2016-05-13	Move advance() from fe-common/core to core.	Xavier G

2016-05-13	Move utf8.{h,c} from fe-common/core to core.	Xavier G

2016-04-07	net_gethosterror: Handle EAI_SYSTEM ("System error") properly	dequis
	That error code means "check errno". A few users got it and we never figured out what happened - it usually fixed itself after restarting something - so hopefully with this we'll have more information the next time.