Age | Commit message (Collapse) | Author |
|
Fixes #524
|
|
|
|
|
|
|
|
This patch adds two new options to /CONNECT and /SERVER to let the user
pin either an x509 certificate and/or the public key of a given server.
It is possible to fetch the certificate outside of Irssi itself to
verify the checksum. To fetch the certificate call:
$ openssl s_client -connect chat.freenode.net:6697 < /dev/null 2>/dev/null | \
openssl x509 > freenode.cert
This will download chat.freenode.net:6697's TLS certificate and put it into the
file freenode.cert.
-tls_pinned_cert
----------------
This option allows you to specify the SHA-256 hash of the x509
certificate. When succesfully connected to the server, irssi will verify
that the given server certificate matches the pin set by the user.
The SHA-256 hash of a given certificate can be verified outside of irssi
using the OpenSSL command line tool:
$ openssl x509 -in freenode.cert -fingerprint -sha256 -noout
-tls_pinned_pubkey
------------------
This option allows you to specify the SHA-256 hash of the subject public key
information section of the server certificate. This section contains both the
cryptographic parameters for the public key, but also information about the
algorithm used together with the public key parameters.
When succesfully connected to the server, irssi will verify that the
given public key matches the pin set by the user.
The SHA-256 hash of a public key can be verified outside of irssi using
the OpenSSL command line tool:
$ openssl x509 -in freenode.cert -pubkey -noout | \
openssl pkey -pubin -outform der | \
openssl dgst -sha256 -c | \
tr a-z A-Z
It is possible to specify both -tls_pinned_cert and -tls_pinned_pubkey
together.
|
|
|
|
This patch changes the internal name of SSL to TLS. We also add -tls_*
options to /CONNECT and /SERVER, but make sure that the -ssl_* versions
of the commands continue to work like before.
|
|
Some small adjustments to the netsplit code.
|
|
By Gabriel Campana and Adrien Guinet from Quarkslab.
|
|
Fix the tab completion for paths starting with ./
|
|
Set the default STATUSMSG to @ instead of @+ if it's missing
|
|
This fixes two issues:
- IRCNet doesn't have STATUSMSG, but it supports +channels, and
including + in the default value meant processing those incorrectly
- The "bahamut hack", for old servers that support but don't advertise
STATUSMSG, didn't work since ischannel_func doesn't use the default.
The choice of @ intentionally leaves out support for other STATUSMSG
(for example, AzzurraNet's bahamut 1.4 fork seemed to support + and % in
any order, contradicting the comment in the code).
I think this is a decent tradeoff, given how those servers are uncommon
and relying on +# or %# is even less common than @#.
Fixes #531
|
|
|
|
Reported here:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=577202
|
|
|
|
|
|
|
|
By making the signal handler hooked to the "print starting" event
smarter we can avoid dumping the whole netsplit stats for every
server/channel when a message arrives.
Issue #420
|
|
completion fixes
|
|
Add modify to /channel, /server and /network
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Clean up misc.c
|
|
|
|
If the prefix contains an uppercase letter then don't use the
case-insensitive search functions.
|
|
|
|
Also, use a FORMAT to show the error message.
|
|
|
|
Make sure the current option is shown first.
|
|
This is useful to let the user choose an option between a finite set of
valid alternatives.
|
|
|
|
|
|
|
|
Handle utf8 nicks with mk_wcwidth()
|
|
|
|
This was done assuming an "indent with tab, align with spaces" approach.
get_alignment also benefited from a minor indentation fix.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|