diff options
author | Sébastien Helleu <flashcode@flashtux.org> | 2023-04-06 00:18:45 +0200 |
---|---|---|
committer | Sébastien Helleu <flashcode@flashtux.org> | 2023-04-12 17:17:30 +0200 |
commit | dec237b1048479b29e3386d5c8ce593803f2d81d (patch) | |
tree | f90e07fa720be0bce75626bf900ac208293f2279 | |
parent | 23b870ec1daa7c86983cefbf905850ea5eb5bc8e (diff) | |
download | weechat-dec237b1048479b29e3386d5c8ce593803f2d81d.zip |
irc: rename "ssl" options to "tls" (issue #1903)
40 files changed, 676 insertions, 573 deletions
diff --git a/ChangeLog.adoc b/ChangeLog.adoc index 0103ed649..802823510 100644 --- a/ChangeLog.adoc +++ b/ChangeLog.adoc @@ -36,6 +36,7 @@ New features:: * core: add item "mouse_status" in default status bar, change default color to lightgreen * api: add function config_set_version (issue #1238) * alias: use lower case for default aliases, rename all aliases to lower case on upgrade (issue #1872) + * irc: rename "ssl" options to "tls" * irc: add command `/rules` (issue #1864) * irc: add command `/knock` (issue #7) * irc: add server option "registered_mode", add fields "authentication_method" and "sasl_mechanism_used" in server (issue #1625) diff --git a/doc/cs/weechat_quickstart.cs.adoc b/doc/cs/weechat_quickstart.cs.adoc index 172c68ca2..b390a0bd4 100644 --- a/doc/cs/weechat_quickstart.cs.adoc +++ b/doc/cs/weechat_quickstart.cs.adoc @@ -113,7 +113,7 @@ Použijte příkaz `/plugin` k zobrazení nahraných pluginů, pravděpodobně u Můžete přidat irc server příkazem `/server`, například: ---- -/server add libera irc.libera.chat/6697 -ssl +/server add libera irc.libera.chat/6697 -tls ---- // TRANSLATION MISSING diff --git a/doc/de/weechat_faq.de.adoc b/doc/de/weechat_faq.de.adoc index 2429c0666..c0a9a7e85 100644 --- a/doc/de/weechat_faq.de.adoc +++ b/doc/de/weechat_faq.de.adoc @@ -729,8 +729,8 @@ anstelle der kbd:[Shift]-Taste gedrückt werden). [[irc]] == IRC -[[irc_ssl_connection]] -=== Es treten Probleme bei einer Serververbindung mittels SSL auf. Was kann ich tun? +[[irc_tls_connection]] +=== Es treten Probleme bei einer Serververbindung mittels TLS auf. Was kann ich tun? Falls macOS genutzt wird, muss mittels Homebrew `openssl` installiert werden. @@ -741,16 +741,16 @@ dass der gnutls Handshake fehlgeschlagen ist, sollte ein kleinerer Diffie-Hellman-Schlüssel verwendet werden (Standardgröße: 2048): ---- -/set irc.server.example.ssl_dhkey_size 1024 +/set irc.server.example.tls_dhkey_size 1024 ---- Falls Fehlermeldungen auftreten, die besagen, dass das Zertifikat ungültig ist, -dann kann die "ssl_verify" Überprüfung deaktiviert werden +dann kann die "tls_verify" Überprüfung deaktiviert werden (die Verbindung ist in diesem Fall weniger sicher): ---- -/set irc.server.example.ssl_verify off +/set irc.server.example.tls_verify off ---- Sollte das Zertifikat für den Server (laut CA) ungültig sein, @@ -759,30 +759,30 @@ dann kann (ersatzweise) der Fingerabdruck (SHA-512, SHA-256 or SHA-1) des Zertifikats von Hand eingetragen werden: ---- -/set irc.server.example.ssl_fingerprint 0c06e399d3c3597511dc8550848bfd2a502f0ce19883b728b73f6b7e8604243b +/set irc.server.example.tls_fingerprint 0c06e399d3c3597511dc8550848bfd2a502f0ce19883b728b73f6b7e8604243b ---- -[[irc_ssl_handshake_error]] -=== Bei einem Verbindungsaufbau zum Server via SSL erhalte ich "TLS Handshake fehlgeschlagen". Wie kann ich das beheben? +[[irc_tls_handshake_error]] +=== Bei einem Verbindungsaufbau zum Server via TLS erhalte ich "TLS Handshake fehlgeschlagen". Wie kann ich das beheben? Man sollte versuchen, eine andere Priorität zu nutzen; Im folgenden Beispiel muss "xxx" durch den betroffenen Servernamen ersetzt werden: ---- -/set irc.server.xxx.ssl_priorities "NORMAL:-VERS-TLS-ALL:+VERS-TLS1.0:+VERS-SSL3.0:%COMPAT" +/set irc.server.xxx.tls_priorities "NORMAL:-VERS-TLS-ALL:+VERS-TLS1.0:+VERS-SSL3.0:%COMPAT" ---- -[[irc_ssl_libera]] -=== Wie kann ich eine SSL gesicherte Verbindung zum libera Server herstellen? +[[irc_tls_libera]] +=== Wie kann ich eine TLS gesicherte Verbindung zum libera Server herstellen? Überprüfen Sie, ob auf Ihrem System Zertifikate installiert sind. Dies wird häufig durch das Paket "ca-certificates" bereitgestellt. -Konfiguration des Servers, Port angeben, SSL aktivieren und Verbindung herstellen: +Konfiguration des Servers, Port angeben, TLS aktivieren und Verbindung herstellen: ---- /set irc.server.libera.addresses "irc.libera.chat/6697" -/set irc.server.libera.ssl on +/set irc.server.libera.tls on /connect libera ---- @@ -1075,7 +1075,7 @@ Die Skripten für WeeChat sind mit anderen IRC-Clients nicht kompatibel und vice [[scripts_update]] === Der Befehl "/script update" liest die Skriptliste nicht ein, wie kann ich das beheben? -Als erstes sollte das Kapitel über SSL Verbindungen in dieser FAQ gelesen werden. +Als erstes sollte das Kapitel über TLS Verbindungen in dieser FAQ gelesen werden. Wenn das nicht hilft, sollte die Skriptliste von Hand gelöscht werden. Dazu folgenden Befehl in der Shell ausführen: @@ -1162,7 +1162,7 @@ Damit WeeChat weniger Speicher benötigt, solltest Du folgende Tipps umsetzen: Fifo, Logger, Perl, Python, Ruby, Lua, Tcl, Guile, JavaScript, PHP, Spell, Xfer (wird für DCC benötigst), siehe `/help weechat.plugin.autoload`. * installiere ausschließlich Skripten die Du auch nutzt -* Laden Sie keine Systemzertifikate, wenn SSL *NICHT* verwendet wird: Deaktivieren Sie diese Option: +* Laden Sie keine Systemzertifikate, wenn TLS *NICHT* verwendet wird: Deaktivieren Sie diese Option: _weechat.network.gnutls_ca_system_. * der Wert der Option _weechat.history.max_buffer_lines_number_ sollte möglichst niedrig eingestellt werden oder die Option _weechat.history.max_buffer_lines_minutes_ diff --git a/doc/de/weechat_quickstart.de.adoc b/doc/de/weechat_quickstart.de.adoc index d9e3999e9..6dfc4f53a 100644 --- a/doc/de/weechat_quickstart.de.adoc +++ b/doc/de/weechat_quickstart.de.adoc @@ -123,7 +123,7 @@ Um eine Verbindung zu einem IRC Server herzustellen, wird der `/server` Befehl verwendet. Beispiel: ---- -/server add libera irc.libera.chat/6697 -ssl +/server add libera irc.libera.chat/6697 -tls ---- In diesem Beispiel ist `libera` der interne, von Weechat genutzte Servername. diff --git a/doc/de/weechat_user.de.adoc b/doc/de/weechat_user.de.adoc index 68cda8390..f18b9ee7b 100644 --- a/doc/de/weechat_user.de.adoc +++ b/doc/de/weechat_user.de.adoc @@ -33,7 +33,7 @@ schlanker Chat-Client der für unterschiedliche Betriebssysteme entwickelt wird. wesentliche Merkmale: * Unterstützung verschiedener Protokolle (in der Hauptsache das IRC-Protokoll) -* mehrere Server Verbindungen sind möglich (mittels SSL, IPv6, proxy) +* mehrere Server Verbindungen sind möglich (mittels TLS, IPv6, proxy) * klein, schnell und schlank * den eigenen, persönlichen, Bedürfnissen anpassbar und durch Erweiterungen und Skripten in der Funktionalität erweiterbar * IRC RFCs konform @@ -166,7 +166,7 @@ WeeChat optional sind: | Paket ^(1)^ | Version | Funktionen | {cpp} compiler (pass:[g++ / clang++]) | | zum Erstellen der Binärdatei und um Test auszuführen, JavaScript Erweiterung. | gettext | | Internationalisierung (Übersetzung der Mitteilungen; Hauptsprache ist englisch). -| ca-certificates | | Zertifikate für SSL Verbindungen. +| ca-certificates | | Zertifikate für TLS Verbindungen. | libaspell-dev / libenchant-dev | | Spell Erweiterung. | python3-dev | ≥ 3.0 | Python Erweiterung. | libperl-dev | | Perl Erweiterung. @@ -741,10 +741,10 @@ Diese Installation kann durchgeführt werden, während WeeChat ausgeführt wird. === Upgrade Befehl WeeChat kann die neue Binärdatei mit Hilfe des <<command_weechat_upgrade,/upgrade>> -Befehls starten: der Bufferinhalt und nicht-SSL Verbindungen bleiben dabei erhalten. + -Eine SSL-Verbindung wird während des Upgrades getrennt und wird automatisch, +Befehls starten: der Bufferinhalt und nicht-TLS Verbindungen bleiben dabei erhalten. + +Eine TLS-Verbindung wird während des Upgrades getrennt und wird automatisch, nach dem Beenden des Upgrades, wiederhergestellt (das aufrechterhalten einer -SSL-Sitzungen ist derzeit, mit GnuTLS, nicht möglich). +TLS-Sitzungen ist derzeit, mit GnuTLS, nicht möglich). Der Befehl kann auch verwendet werden, wenn Sie den Computer neu starten müssen, z.B. um den Kernel zu aktualisieren oder WeeChat auf einen anderen Computer zu verschieben: @@ -3218,7 +3218,7 @@ Sektion in Datei _weechat.conf_: | history | /set weechat.history.* | Optionen für Befehlsverlauf (Befehle und Buffer). | proxy | <<command_weechat_proxy,/proxy>> + /set weechat.proxy.* | Proxy Optionen. -| network | /set weechat.network.* | Netzwerk/SSL Optionen. +| network | /set weechat.network.* | Netzwerk/TLS Optionen. | plugin | /set weechat.plugin.* | Optionen für Erweiterungen. | signal | /set weechat.signal.* | Optionen für Signale. | bar | <<command_weechat_bar,/bar>> + @@ -3270,11 +3270,11 @@ Standardmäßig sind keine Server angelegt. Es gibt keine Begrenzung für die Anzahl von Servern. Server können mit dem Befehl <<command_irc_server,/server>> angelegt werden. -Um zum Beispiel eine SSL verschlüsselte Verbindung zu +Um zum Beispiel eine TLS verschlüsselte Verbindung zu https://libera.chat/[libera.chat ^↗^,window=_blank] herzustellen: ---- -/server add libera irc.libera.chat/6697 -ssl +/server add libera irc.libera.chat/6697 -tls ---- Um WeeChat beim Start direkt mit dem Server zu verbinden: @@ -3354,13 +3354,13 @@ irc.server.libera.sasl_password string "${sec.data.libera}" irc.server.libera.sasl_timeout integer null -> 15 irc.server.libera.sasl_username string "alice" irc.server.libera.split_msg_max_length integer null -> 512 -irc.server.libera.ssl boolean on -irc.server.libera.ssl_cert string null -> "" -irc.server.libera.ssl_dhkey_size integer null -> 2048 -irc.server.libera.ssl_fingerprint string null -> "" -irc.server.libera.ssl_password string null -> "" -irc.server.libera.ssl_priorities string null -> "NORMAL:-VERS-SSL3.0" -irc.server.libera.ssl_verify boolean null -> on +irc.server.libera.tls boolean on +irc.server.libera.tls_cert string null -> "" +irc.server.libera.tls_dhkey_size integer null -> 2048 +irc.server.libera.tls_fingerprint string null -> "" +irc.server.libera.tls_password string null -> "" +irc.server.libera.tls_priorities string null -> "NORMAL:-VERS-SSL3.0" +irc.server.libera.tls_verify boolean null -> on irc.server.libera.usermode string null -> "" irc.server.libera.username string null -> "alice" .... @@ -3380,13 +3380,13 @@ geerbten Wert verwendet, der jetzt `on` anstelle des Standardwerts `off` ist: /unset irc.server.libera.autoconnect ---- -[[irc_ssl_certificates]] -==== SSL Zertifikate +[[irc_tls_certificates]] +==== TLS Zertifikate -Wenn eine Verbindung mittels SSL zu einem IRC Server hergestellt wird dann überprüft +Wenn eine Verbindung mittels TLS zu einem IRC Server hergestellt wird dann überprüft WeeChat immer ob dieser Verbindung sicher ist. -Einige Optionen dienen dazu eine SSL Verbindung zu nutzen: +Einige Optionen dienen dazu eine TLS Verbindung zu nutzen: weechat.network.gnutls_ca_system:: lädt beim Start die standardmäßigen vertrauenswürdigen Zertifizierungsstellen des Systems @@ -3394,19 +3394,19 @@ weechat.network.gnutls_ca_system:: weechat.network.gnutls_ca_user:: zusätzliche Datei (en) von Zertifizierungsstellen -irc.server.xxx.ssl_cert:: - Datei mit den SSL Zertifikaten die genutzt werden um automatisch Ihren Nick +irc.server.xxx.tls_cert:: + Datei mit den TLS Zertifikaten die genutzt werden um automatisch Ihren Nick zu identifizieren (zum Beispiel CertFP auf oftc, siehe unten) -irc.server.xxx.ssl_dhkey_size:: +irc.server.xxx.tls_dhkey_size:: Größe des Schlüssels der genutzt werden soll beim Schlüsseltausch mittels der Diffie-Hellman Methode (Standardwert: 2048) -irc.server.xxx.ssl_verify:: - überprüft ob der SSL Verbindung uneingeschränkt vertraut werden kann (Standardwert: AN) +irc.server.xxx.tls_verify:: + überprüft ob der TLS Verbindung uneingeschränkt vertraut werden kann (Standardwert: AN) [NOTE] -Die Option "ssl_verify" ist Vorgabe mäßig immer eingeschaltet. Das gewährleistet dass +Die Option "tls_verify" ist Vorgabe mäßig immer eingeschaltet. Das gewährleistet dass die Verifizierung sehr streng genommen wird und dadurch vielleicht versagt. Auch wenn die Verbindung mit einer vorherigen Version (<0.3.1) funktioniert hat. @@ -3416,8 +3416,8 @@ die Verbindung mit einer vorherigen Version (<0.3.1) funktioniert hat. * Importieren Sie die Zertifikate in einer Shell: ---- -$ mkdir -p ~/.config/weechat/ssl -$ wget -O ~/.config/weechat/ssl/CAs.pem https://www.spi-inc.org/ca/spi-cacert.crt +$ mkdir -p ~/.config/weechat/tls +$ wget -O ~/.config/weechat/tls/CAs.pem https://www.spi-inc.org/ca/spi-cacert.crt ---- [NOTE] @@ -3439,8 +3439,8 @@ Es ist möglich mehrere Zertifikate in der Datei CAs.pem zu verwenden. * Erstellen Sie ein Zertifikat in der Shell: ---- -$ mkdir -p ~/.config/weechat/ssl -$ cd ~/.config/weechat/ssl +$ mkdir -p ~/.config/weechat/tls +$ cd ~/.config/weechat/tls $ openssl req -nodes -newkey rsa:2048 -keyout nick.pem -x509 -days 365 -out nick.pem ---- @@ -3451,7 +3451,7 @@ das auch beispielsweise `~/.weechat` sein kann. * In WeeChat, sofern der Server "oftc" schon hinzufügt wurde: ---- -/set irc.server.oftc.ssl_cert "${weechat_config_dir}/ssl/nick.pem" +/set irc.server.oftc.tls_cert "${weechat_config_dir}/tls/nick.pem" /connect oftc /msg nickserv cert add ---- @@ -3738,7 +3738,7 @@ WeeChat unterstützt eine SASL Authentifikation, mittels verschiedener Mechanism * _scram-sha-256_: SCRAM mit SHA-256 Digest-Algorithmus * _scram-sha-512_: SCRAM mit SHA-512 Digest-Algorithmus * _ecdsa-nist256p-challenge_: Abgleich von öffentlichem/privatem Schlüssel -* _external_: SSL Zertifikat welches auf Client Seite vorliegt +* _external_: TLS Zertifikat welches auf Client Seite vorliegt Optionen für Server sind: diff --git a/doc/en/weechat_faq.en.adoc b/doc/en/weechat_faq.en.adoc index e8f6588e4..44a093729 100644 --- a/doc/en/weechat_faq.en.adoc +++ b/doc/en/weechat_faq.en.adoc @@ -691,8 +691,8 @@ you have to use kbd:[Alt] instead of kbd:[Shift]). [[irc]] == IRC -[[irc_ssl_connection]] -=== I have some problems when connecting to a server using SSL, what can I do? +[[irc_tls_connection]] +=== I have some problems when connecting to a server using TLS, what can I do? If you are using macOS, you must install `openssl` from Homebrew. A CA file will be bootstrapped using certificates from the system keychain. @@ -701,43 +701,43 @@ If you see errors about gnutls handshake, you can try to use a smaller Diffie-Hellman key (default is 2048): ---- -/set irc.server.example.ssl_dhkey_size 1024 +/set irc.server.example.tls_dhkey_size 1024 ---- -If you see errors about certificate, you can disable "ssl_verify" (be careful, +If you see errors about certificate, you can disable "tls_verify" (be careful, connection will be less secure by doing that): ---- -/set irc.server.example.ssl_verify off +/set irc.server.example.tls_verify off ---- If the server has an invalid certificate and you know what the certificate should be, you can specify the fingerprint (SHA-512, SHA-256 or SHA-1): ---- -/set irc.server.example.ssl_fingerprint 0c06e399d3c3597511dc8550848bfd2a502f0ce19883b728b73f6b7e8604243b +/set irc.server.example.tls_fingerprint 0c06e399d3c3597511dc8550848bfd2a502f0ce19883b728b73f6b7e8604243b ---- -[[irc_ssl_handshake_error]] -=== When connecting to server with SSL, I only see the error "TLS handshake failed", what can I do? +[[irc_tls_handshake_error]] +=== When connecting to server with TLS, I only see the error "TLS handshake failed", what can I do? You can try a different priority string, replace "xxx" by your server name: ---- -/set irc.server.xxx.ssl_priorities "NORMAL:-VERS-TLS-ALL:+VERS-TLS1.0:+VERS-SSL3.0:%COMPAT" +/set irc.server.xxx.tls_priorities "NORMAL:-VERS-TLS-ALL:+VERS-TLS1.0:+VERS-SSL3.0:%COMPAT" ---- -[[irc_ssl_libera]] -=== How can I connect to libera server using SSL? +[[irc_tls_libera]] +=== How can I connect to libera server using TLS? Check that you have certificates installed on your system, this is commonly provided by the package "ca-certificates". -Setup server port, SSL, then connect: +Setup server port, TLS, then connect: ---- /set irc.server.libera.addresses "irc.libera.chat/6697" -/set irc.server.libera.ssl on +/set irc.server.libera.tls on /connect libera ---- @@ -1003,7 +1003,7 @@ Scripts are not compatible with other IRC clients. [[scripts_update]] === The command "/script update" can not read scripts, how to fix that? -First check questions about SSL connection in this FAQ. +First check questions about TLS connection in this FAQ. If still not working, try to manually delete the scripts file (in your shell): @@ -1087,7 +1087,7 @@ You can try following tips to consume less memory: fifo, logger, perl, python, ruby, lua, tcl, guile, javascript, php, spell, xfer (used for DCC). See `/help weechat.plugin.autoload`. * Load only scripts that you really need. -* Do not load system certificates if SSL is *NOT* used: turn off this option: +* Do not load system certificates if TLS is *NOT* used: turn off this option: _weechat.network.gnutls_ca_system_. * Reduce value of option _weechat.history.max_buffer_lines_number_ or set value of option _weechat.history.max_buffer_lines_minutes_. diff --git a/doc/en/weechat_quickstart.en.adoc b/doc/en/weechat_quickstart.en.adoc index 3ed617276..cf03e39e3 100644 --- a/doc/en/weechat_quickstart.en.adoc +++ b/doc/en/weechat_quickstart.en.adoc @@ -105,7 +105,7 @@ other plugins in the list. You can add an IRC server with the `/server` command, for example: ---- -/server add libera irc.libera.chat/6697 -ssl +/server add libera irc.libera.chat/6697 -tls ---- In this command, `libera` is the internal server name used by WeeChat: diff --git a/doc/en/weechat_relay_protocol.en.adoc b/doc/en/weechat_relay_protocol.en.adoc index 2724b2f2a..13e192b9c 100644 --- a/doc/en/weechat_relay_protocol.en.adoc +++ b/doc/en/weechat_relay_protocol.en.adoc @@ -2317,7 +2317,7 @@ will change). [NOTE] During WeeChat upgrade, the socket remains opened (except if connection uses -SSL). +TLS). [[message_upgrade_ended]] ==== _upgrade_ended diff --git a/doc/en/weechat_user.en.adoc b/doc/en/weechat_user.en.adoc index d04104f2b..7ef9e573f 100644 --- a/doc/en/weechat_user.en.adoc +++ b/doc/en/weechat_user.en.adoc @@ -27,7 +27,7 @@ light, designed for many operating systems. Main features are: * multi-protocols (mainly IRC) -* multi-servers connection (with SSL, IPv6, proxy) +* multi-servers connection (with TLS, IPv6, proxy) * small, fast and light * customizable and extensible with plugins and scripts * compliant with IRC RFCs @@ -159,7 +159,7 @@ WeeChat: | Package ^(1)^ | Version | Features | {cpp} compiler (pass:[g++ / clang++]) | | Build and run tests, JavaScript plugin. | gettext | | Internationalization (translation of messages; base language is English). -| ca-certificates | | Certificates for SSL connections. +| ca-certificates | | Certificates for TLS connections. | libaspell-dev / libenchant-dev | | Spell plugin. | python3-dev | ≥ 3.0 | Python plugin. | libperl-dev | | Perl plugin. @@ -729,10 +729,10 @@ This can be done while WeeChat is running. === Upgrade command WeeChat can restart the new binary, in place, using the -<<command_weechat_upgrade,/upgrade>> command: the buffer contents and non-SSL +<<command_weechat_upgrade,/upgrade>> command: the buffer contents and non-TLS connections are preserved. + -The SSL connections are lost during upgrade and are restored automatically -after the upgrade (reload of SSL sessions is currently not possible +The TLS connections are lost during upgrade and are restored automatically +after the upgrade (reload of TLS sessions is currently not possible with GnuTLS). The command can also be used if you have to restart the machine, for example @@ -3158,7 +3158,7 @@ Sections in file _weechat.conf_: | history | /set weechat.history.* | History options (commands and buffers). | proxy | <<command_weechat_proxy,/proxy>> + /set weechat.proxy.* | Proxy options. -| network | /set weechat.network.* | Network/SSL options. +| network | /set weechat.network.* | Network/TLS options. | plugin | /set weechat.plugin.* | Options on plugins. | signal | /set weechat.signal.* | Options on signals. | bar | <<command_weechat_bar,/bar>> + @@ -3210,10 +3210,10 @@ By default no servers are defined. You can add as many servers as you want with the <<command_irc_server,/server>> command. For example to connect to https://libera.chat/[libera.chat ^↗^,window=_blank] -with SSL (encrypted trafic): +with TLS (encrypted trafic): ---- -/server add libera irc.libera.chat/6697 -ssl +/server add libera irc.libera.chat/6697 -tls ---- You can tell WeeChat to auto-connect to this server on startup: @@ -3292,13 +3292,13 @@ irc.server.libera.sasl_password string "${sec.data.libera}" irc.server.libera.sasl_timeout integer null -> 15 irc.server.libera.sasl_username string "alice" irc.server.libera.split_msg_max_length integer null -> 512 -irc.server.libera.ssl boolean on -irc.server.libera.ssl_cert string null -> "" -irc.server.libera.ssl_dhkey_size integer null -> 2048 -irc.server.libera.ssl_fingerprint string null -> "" -irc.server.libera.ssl_password string null -> "" -irc.server.libera.ssl_priorities string null -> "NORMAL:-VERS-SSL3.0" -irc.server.libera.ssl_verify boolean null -> on +irc.server.libera.tls boolean on +irc.server.libera.tls_cert string null -> "" +irc.server.libera.tls_dhkey_size integer null -> 2048 +irc.server.libera.tls_fingerprint string null -> "" +irc.server.libera.tls_password string null -> "" +irc.server.libera.tls_priorities string null -> "NORMAL:-VERS-SSL3.0" +irc.server.libera.tls_verify boolean null -> on irc.server.libera.usermode string null -> "" irc.server.libera.username string null -> "alice" .... @@ -3317,13 +3317,13 @@ value, which is now `on` instead of the default value `off`: /unset irc.server.libera.autoconnect ---- -[[irc_ssl_certificates]] -==== SSL certificates +[[irc_tls_certificates]] +==== TLS certificates -When connecting to IRC server with SSL, WeeChat checks by default that the +When connecting to IRC server with TLS, WeeChat checks by default that the connection is fully trusted. -Some options are used to control SSL connection: +Some options are used to control TLS connection: weechat.network.gnutls_ca_system:: load system's default trusted certificate authorities on startup @@ -3331,19 +3331,19 @@ weechat.network.gnutls_ca_system:: weechat.network.gnutls_ca_user:: extra file(s) with certificate authorities -irc.server.xxx.ssl_cert:: - SSL certificate file used to automatically identify your nick (for example +irc.server.xxx.tls_cert:: + TLS certificate file used to automatically identify your nick (for example CertFP on oftc, see below) -irc.server.xxx.ssl_dhkey_size:: +irc.server.xxx.tls_dhkey_size:: size of the key used during the Diffie-Hellman Key Exchange (by default: 2048) -irc.server.xxx.ssl_verify:: - check that the SSL connection is fully trusted (on by default) +irc.server.xxx.tls_verify:: + check that the TLS connection is fully trusted (on by default) [NOTE] -Option "ssl_verify" is on by default, so verification is strict and may fail, +Option "tls_verify" is on by default, so verification is strict and may fail, even if it was OK with versions prior to 0.3.1. [[irc_connect_oftc_with_certificate]] @@ -3352,8 +3352,8 @@ even if it was OK with versions prior to 0.3.1. * Import certificate in shell: ---- -$ mkdir -p ~/.config/weechat/ssl -$ wget -O ~/.config/weechat/ssl/CAs.pem https://www.spi-inc.org/ca/spi-cacert.crt +$ mkdir -p ~/.config/weechat/tls +$ wget -O ~/.config/weechat/tls/CAs.pem https://www.spi-inc.org/ca/spi-cacert.crt ---- [NOTE] @@ -3375,8 +3375,8 @@ It is possible to concatenate many certificates in file CAs.pem. * Create certificate in shell: ---- -$ mkdir -p ~/.config/weechat/ssl -$ cd ~/.config/weechat/ssl +$ mkdir -p ~/.config/weechat/tls +$ cd ~/.config/weechat/tls $ openssl req -nodes -newkey rsa:2048 -keyout nick.pem -x509 -days 365 -out nick.pem ---- @@ -3387,7 +3387,7 @@ which can also be for example `~/.weechat`. * In WeeChat, with "oftc" server already added: ---- -/set irc.server.oftc.ssl_cert "${weechat_config_dir}/ssl/nick.pem" +/set irc.server.oftc.tls_cert "${weechat_config_dir}/tls/nick.pem" /connect oftc /msg nickserv cert add ---- @@ -3675,7 +3675,7 @@ WeeChat supports SASL authentication, using different mechanisms: * _scram-sha-256_: SCRAM with SHA-256 digest algorithm * _scram-sha-512_: SCRAM with SHA-512 digest algorithm * _ecdsa-nist256p-challenge_: challenge with public/private key -* _external_: client side SSL cert +* _external_: client side TLS cert Options in servers are: diff --git a/doc/es/weechat_faq.es.adoc b/doc/es/weechat_faq.es.adoc index 3e61a9503..96aec5893 100644 --- a/doc/es/weechat_faq.es.adoc +++ b/doc/es/weechat_faq.es.adoc @@ -706,8 +706,8 @@ tiene que utilizar kbd:[Alt] en vez de kbd:[Shift]). [[irc]] == IRC -[[irc_ssl_connection]] -=== Tengo algunos problemas al conectarme a un servidor utilizando SSL, ¿qué puedo hacer? +[[irc_tls_connection]] +=== Tengo algunos problemas al conectarme a un servidor utilizando TLS, ¿qué puedo hacer? Si está utilizando macOS, deberá instalar `openssl` desde Homebrew. Se añadirá un archivo CA que utiliza los certificados del sistema. @@ -716,45 +716,45 @@ Si ve errores en gnutls handshake, puede intentar utilizar una clave de cifrado Diffie-Hellman (la predeterminada es 2048): ---- -/set irc.server.example.ssl_dhkey_size 1024 +/set irc.server.example.tls_dhkey_size 1024 ---- -Si ve errores sobre el certificado, puede inhabilitar "ssl_verify" (tenga cuidado, +Si ve errores sobre el certificado, puede inhabilitar "tls_verify" (tenga cuidado, la conexión será menos segura haciendo esto): ---- -/set irc.server.example.ssl_verify off +/set irc.server.example.tls_verify off ---- Si el servidor tiene un certificado inválido y usted conoce qué certificado debería ser, puede especificar la huella (fingerprint) (SHA-512, SHA-256 or SHA-1): ---- -/set irc.server.example.ssl_fingerprint 0c06e399d3c3597511dc8550848bfd2a502f0ce19883b728b73f6b7e8604243b +/set irc.server.example.tls_fingerprint 0c06e399d3c3597511dc8550848bfd2a502f0ce19883b728b73f6b7e8604243b ---- -[[irc_ssl_handshake_error]] -=== Al conectar a un servidor con SSL, solo veo el error "TLS handshake failed", ¿qué puedo hacer? +[[irc_tls_handshake_error]] +=== Al conectar a un servidor con TLS, solo veo el error "TLS handshake failed", ¿qué puedo hacer? Puede intentar una cadena de prioridad diferente, reemplace "xxx" por el nombre de su servidor: ---- -/set irc.server.xxx.ssl_priorities "NORMAL:-VERS-TLS-ALL:+VERS-TLS1.0:+VERS-SSL3.0:%COMPAT" +/set irc.server.xxx.tls_priorities "NORMAL:-VERS-TLS-ALL:+VERS-TLS1.0:+VERS-SSL3.0:%COMPAT" ---- -[[irc_ssl_libera]] -=== ¿Cómo puedo conectarme al servidor libera utilizando SSL? +[[irc_tls_libera]] +=== ¿Cómo puedo conectarme al servidor libera utilizando TLS? // TRANSLATION MISSING Check that you have certificates installed on your system, this is commonly provided by the package "ca-certificates". -Establezca el puerto del servidor, SSL, después conecte: +Establezca el puerto del servidor, TLS, después conecte: ---- /set irc.server.libera.addresses "irc.libera.chat/6697" -/set irc.server.libera.ssl on +/set irc.server.libera.tls on /connect libera ---- @@ -1030,7 +1030,7 @@ Los scripts no son compatibles con otros clientes IRC. [[scripts_update]] === El comando "/script update" no puede leer los scripts, ¿Cómo puedo solucionar eso? -Primero compruebe las preguntas sobre la conexión SSL en este documento. +Primero compruebe las preguntas sobre la conexión TLS en este documento. Si todavía no funciona, trate de manera manual eliminar los archivos de scripts (escriba en su terminal): @@ -1116,7 +1116,7 @@ Puede intentar estos trucos para consumir menos memoria: fifo, logger, perl, python, ruby, lua, tcl, guile, javascript, php, spell, xfer (usado para DCC). Vea `/help weechat.plugin.autoload`. * Cargue solo los scripts que realmente necesite. -* No cargue los certificados del sistema si SSL *NO* es utilizado: inhabilite esta opción mediante: +* No cargue los certificados del sistema si TLS *NO* es utilizado: inhabilite esta opción mediante: _weechat.network.gnutls_ca_system_. * Reduzca el valor de la opción _weechat.history.max_buffer_lines_number_ o establezca el valor de la opción _weechat.history.max_buffer_lines_minutes_. diff --git a/doc/es/weechat_quickstart.es.adoc b/doc/es/weechat_quickstart.es.adoc index b509fe18d..e4fdcf530 100644 --- a/doc/es/weechat_quickstart.es.adoc +++ b/doc/es/weechat_quickstart.es.adoc @@ -115,7 +115,7 @@ seguramente vera irc y otros. Puede añadir un servidor IRC mediante el comando `/server`, por ejemplo: ---- -/server add libera irc.libera.chat/6697 -ssl +/server add libera irc.libera.chat/6697 -tls ---- En este comando, `libera` es el nombre interno del servidor utilizado por WeeChat: diff --git a/doc/fr/weechat_faq.fr.adoc b/doc/fr/weechat_faq.fr.adoc index 7c086fcb0..d242a363f 100644 --- a/doc/fr/weechat_faq.fr.adoc +++ b/doc/fr/weechat_faq.fr.adoc @@ -712,8 +712,8 @@ kbd:[Alt] au lieu de kbd:[Shift]). [[irc]] == IRC -[[irc_ssl_connection]] -=== J'ai des problèmes pour me connecter au serveur avec SSL, que puis-je faire ? +[[irc_tls_connection]] +=== J'ai des problèmes pour me connecter au serveur avec TLS, que puis-je faire ? Si vous utilisez macOS, vous devez installer `openssl` depuis Homebrew. Un fichier CA sera installé avec le le trousseau système. @@ -723,44 +723,44 @@ vous pouvez utiliser une valeur plus petite pour la clé Diffie-Hellman (par défaut 2048) : ---- -/set irc.server.example.ssl_dhkey_size 1024 +/set irc.server.example.tls_dhkey_size 1024 ---- Si vous voyez des erreurs à propos du certificat, vous pouvez désactiver -"ssl_verify" (attention, la connexion sera moins sûre en faisant cela) : +"tls_verify" (attention, la connexion sera moins sûre en faisant cela) : ---- -/set irc.server.example.ssl_verify off +/set irc.server.example.tls_verify off ---- Si le serveur a un certificat invalide et que vous savez ce que devrait être le certificat, vous pouvez spécifier l'empreinte (SHA-512, SHA-256 ou SHA-1) : ---- -/set irc.server.example.ssl_fingerprint 0c06e399d3c3597511dc8550848bfd2a502f0ce19883b728b73f6b7e8604243b +/set irc.server.example.tls_fingerprint 0c06e399d3c3597511dc8550848bfd2a502f0ce19883b728b73f6b7e8604243b ---- -[[irc_ssl_handshake_error]] -=== Lors de la connexion SSL à un serveur, je vois juste une erreur "TLS handshake failed", que puis-je faire ? +[[irc_tls_handshake_error]] +=== Lors de la connexion TLS à un serveur, je vois juste une erreur "TLS handshake failed", que puis-je faire ? Vous pouvez essayer une chaîne de priorité différente, remplacez "xxx" par le nom de votre serveur : ---- -/set irc.server.xxx.ssl_priorities "NORMAL:-VERS-TLS-ALL:+VERS-TLS1.0:+VERS-SSL3.0:%COMPAT" +/set irc.server.xxx.tls_priorities "NORMAL:-VERS-TLS-ALL:+VERS-TLS1.0:+VERS-SSL3.0:%COMPAT" ---- -[[irc_ssl_libera]] -=== Comment puis-je me connecter à libera avec SSL ? +[[irc_tls_libera]] +=== Comment puis-je me connecter à libera avec TLS ? Vérifiez que vous avez les certificats installés sur votre système, cela est fourni généralement par le paquet "ca-certificates". -Configurez le port du serveur, SSL, puis connectez-vous : +Configurez le port du serveur, TLS, puis connectez-vous : ---- /set irc.server.libera.addresses "irc.libera.chat/6697" -/set irc.server.libera.ssl on +/set irc.server.libera.tls on /connect libera ---- @@ -1036,7 +1036,7 @@ Les scripts ne sont pas compatibles avec d'autres clients IRC. [[scripts_update]] === La commande "/script update" ne peut pas lire les scripts, comment corriger ça ? -Consultez d'abord les questions à propos des connexions SSL dans cette FAQ. +Consultez d'abord les questions à propos des connexions TLS dans cette FAQ. Si cela ne fonctionne toujours pas, essayez de supprimer manuellement le fichier avec les scripts (dans votre shell) : @@ -1127,7 +1127,7 @@ Vous pouvez essayer les astuces suivantes pour consommer moins de mémoire : spell, xfer (utilisé pour les DCC). Voir `/help weechat.plugin.autoload`. * Charger uniquement les scripts dont vous avez vraiment besoin. -* Ne pas charger les certificats si SSL n'est *PAS* utilisé : désactiver +* Ne pas charger les certificats si TLS n'est *PAS* utilisé : désactiver l'option _weechat.network.gnutls_ca_system_. * Réduire la valeur de l'option _weechat.history.max_buffer_lines_number_ ou affecter une valeur à l'option _weechat.history.max_buffer_lines_minutes_. diff --git a/doc/fr/weechat_quickstart.fr.adoc b/doc/fr/weechat_quickstart.fr.adoc index 638260b88..2a5c07332 100644 --- a/doc/fr/weechat_quickstart.fr.adoc +++ b/doc/fr/weechat_quickstart.fr.adoc @@ -110,7 +110,7 @@ devriez voir "irc" et d'autres extensions dans cette liste. Vous pouvez ajouter un serveur IRC avec la commande `/server`, par exemple : ---- -/server add libera irc.libera.chat/6697 -ssl +/server add libera irc.libera.chat/6697 -tls ---- Dans cette commande, `libera` est le nom interne du serveur utilisé par diff --git a/doc/fr/weechat_relay_protocol.fr.adoc b/doc/fr/weechat_relay_protocol.fr.adoc index 002bafc71..5a4db926f 100644 --- a/doc/fr/weechat_relay_protocol.fr.adoc +++ b/doc/fr/weechat_relay_protocol.fr.adoc @@ -2346,7 +2346,7 @@ jour, tous les pointeurs changeront). [NOTE] Pendant la mise à jour de WeeChat, le socket reste ouvert (sauf si la connexion -utilise SSL). +utilise TLS). [[message_upgrade_ended]] ==== _upgrade_ended diff --git a/doc/fr/weechat_user.fr.adoc b/doc/fr/weechat_user.fr.adoc index c5f524a74..002f49bd8 100644 --- a/doc/fr/weechat_user.fr.adoc +++ b/doc/fr/weechat_user.fr.adoc @@ -29,7 +29,7 @@ rapide et léger, conçu pour différents systèmes d'exploitation. Ses principales fonctionnalités sont les suivantes : * multi-protocoles (principalement IRC) -* connexion multi-serveurs (avec SSL, IPv6, proxy) +* connexion multi-serveurs (avec TLS, IPv6, proxy) * petit, rapide et léger * paramétrable et extensible avec des extensions et des scripts * conforme aux RFCs IRC @@ -159,7 +159,7 @@ Le tableau suivant liste les paquets optionnels pour compiler WeeChat : | Paquet ^(1)^ | Version | Fonctionnalités | compilateur {cpp} (pass:[g++ / clang++]) | | Construction et lancement des tests, extension JavaScript. | gettext | | Internationalisation (traduction des messages ; la langue de base est l'anglais). -| ca-certificates | | Certificats pour les connexions SSL. +| ca-certificates | | Certificats pour les connexions TLS. | libaspell-dev / libenchant-dev | | Extension spell. | python3-dev | ≥ 3.0 | Extension python. | libperl-dev | | Extension perl. @@ -743,9 +743,9 @@ Cela peut être fait pendant que WeeChat tourne. WeeChat peut redémarrer le nouveau binaire avec la commande <<command_weechat_upgrade,/upgrade>> : le contenu des tampons et les connexions -non SSL sont préservées. + -Les connexions SSL sont perdues pendant la mise à jour et sont automatiquement -rétablies après la mise à jour (le rechargement des sessions SSL n'est pas +non TLS sont préservées. + +Les connexions TLS sont perdues pendant la mise à jour et sont automatiquement +rétablies après la mise à jour (le rechargement des sessions TLS n'est pas possible actuellement avec GnuTLS). La commande peut aussi être utilisée si vous devez redémarrer la machine, par @@ -3256,7 +3256,7 @@ Sections dans le fichier _weechat.conf_ : | history | /set weechat.history.* | Options d'historique (commandes et tampons). | proxy | <<command_weechat_proxy,/proxy>> + /set weechat.proxy.* | Options des proxies. -| network | /set weechat.network.* | Options réseau/SSL. +| network | /set weechat.network.* | Options réseau/TLS. | plugin | /set weechat.plugin.* | Options sur les extensions. | signal | /set weechat.signal.* | Options sur les signaux. | bar | <<command_weechat_bar,/bar>> + @@ -3309,11 +3309,11 @@ $ weechat irc://alice@irc.libera.chat/#weechat,#weechat-fr Par défaut aucun serveur n'est défini. Vous pouvez ajouter autant de serveurs que vous le souhaitez avec la commande <<command_irc_server,/server>>. -Par exemple pour vous connecter à https://libera.chat/[libera.chat ^↗^,window=_blank] avec SSL +Par exemple pour vous connecter à https://libera.chat/[libera.chat ^↗^,window=_blank] avec TLS (communications chiffrées) : ---- -/server add libera irc.libera.chat/6697 -ssl +/server add libera irc.libera.chat/6697 -tls ---- Vous pouvez demander à WeeChat de se connecter automatiquement à ce serveur @@ -3394,13 +3394,13 @@ irc.server.libera.sasl_password string "${sec.data.libera}" irc.server.libera.sasl_timeout integer null -> 15 irc.server.libera.sasl_username string "alice" irc.server.libera.split_msg_max_length integer null -> 512 -irc.server.libera.ssl boolean on -irc.server.libera.ssl_cert string null -> "" -irc.server.libera.ssl_dhkey_size integer null -> 2048 -irc.server.libera.ssl_fingerprint string null -> "" -irc.server.libera.ssl_password string null -> "" -irc.server.libera.ssl_priorities string null -> "NORMAL:-VERS-SSL3.0" -irc.server.libera.ssl_verify boolean null -> on +irc.server.libera.tls boolean on +irc.server.libera.tls_cert string null -> "" +irc.server.libera.tls_dhkey_size integer null -> 2048 +irc.server.libera.tls_fingerprint string null -> "" +irc.server.libera.tls_password string null -> "" +irc.server.libera.tls_priorities string null -> "NORMAL:-VERS-SSL3.0" +irc.server.libera.tls_verify boolean null -> on irc.server.libera.usermode string null -> "" irc.server.libera.username string null -> "alice" .... @@ -3419,13 +3419,13 @@ la valeur héritée, qui est maintenant `on` au lieu de la valeur par défaut `o /unset irc.server.libera.autoconnect ---- -[[irc_ssl_certificates]] -==== Certificats SSL +[[irc_tls_certificates]] +==== Certificats TLS -Lors de la connexion à un serveur IRC avec SSL, WeeChat vérifie par défaut que +Lors de la connexion à un serveur IRC avec TLS, WeeChat vérifie par défaut que la connexion est entièrement de confiance. -Quelques options sont utilisées pour contrôler la connexion SSL : +Quelques options sont utilisées pour contrôler la connexion TLS : weechat.network.gnutls_ca_system:: charger les certificats des autorités de certification système au démarrage @@ -3433,20 +3433,20 @@ weechat.network.gnutls_ca_system:: weechat.network.gnutls_ca_user:: fichier(s) supplémentaire(s) avec des autorités de certification -irc.server.xxx.ssl_cert:: - fichier de certificat SSL utilisé pour authentifier automatiquement votre +irc.server.xxx.tls_cert:: + fichier de certificat TLS utilisé pour authentifier automatiquement votre pseudo (par exemple CertFP sur oftc, voir ci-dessous) -irc.server.xxx.ssl_dhkey_size:: +irc.server.xxx.tls_dhkey_size:: taille de clé utilisée pour l'échange de clé Diffie-Hellman (par défaut : 2048) -irc.server.xxx.ssl_verify:: - vérifier que la connexion SSL est entièrement de confiance (activé par +irc.server.xxx.tls_verify:: + vérifier que la connexion TLS est entièrement de confiance (activé par défaut) [NOTE] -L'option "ssl_verify" est activée par défaut, donc la vérification est stricte +L'option "tls_verify" est activée par défaut, donc la vérification est stricte et peut échouer, même si cela pouvait être OK dans les versions inférieures à 0.3.1. @@ -3456,8 +3456,8 @@ et peut échouer, même si cela pouvait être OK dans les versions inférieures * Importer le certificat sous le shell : ---- -$ mkdir -p ~/.config/weechat/ssl -$ wget -O ~/.config/weechat/ssl/CAs.pem https://www.spi-inc.org/ca/spi-cacert.crt +$ mkdir -p ~/.config/weechat/tls +$ wget -O ~/.config/weechat/tls/CAs.pem https://www.spi-inc.org/ca/spi-cacert.crt ---- [NOTE] @@ -3479,8 +3479,8 @@ Il est possible de concaténer plusieurs certificats dans le fichier CAs.pem. * Créer le certificat sous le shell : ---- -$ mkdir -p ~/.config/weechat/ssl -$ cd ~/.config/weechat/ssl +$ mkdir -p ~/.config/weechat/tls +$ cd ~/.config/weechat/tls $ openssl req -nodes -newkey rsa:2048 -keyout nick.pem -x509 -days 365 -out nick.pem ---- @@ -3491,7 +3491,7 @@ config WeeChat qui peut aussi être par exemple `~/.weechat`. * Sous WeeChat, avec le serveur "oftc" déjà ajouté : ---- -/set irc.server.oftc.ssl_cert "${weechat_config_dir}/ssl/nick.pem" +/set irc.server.oftc.tls_cert "${weechat_config_dir}/tls/nick.pem" /connect oftc /msg nickserv cert add ---- @@ -3784,7 +3784,7 @@ mécanismes : * _scram-sha-256_ : SCRAM avec algorithme de hachage SHA-256 * _scram-sha-512_ : SCRAM avec algorithme de hachage SHA-512 * _ecdsa-nist256p-challenge_ : challenge avec clé publique/privée -* _external_ : certificat SSL côté client +* _external_ : certificat TLS côté client Les options dans le serveur sont : diff --git a/doc/it/weechat_faq.it.adoc b/doc/it/weechat_faq.it.adoc index 9e0850b06..4cf0cdf64 100644 --- a/doc/it/weechat_faq.it.adoc +++ b/doc/it/weechat_faq.it.adoc @@ -758,8 +758,8 @@ kbd:[Shift]). [[irc]] == IRC -[[irc_ssl_connection]] -=== Ho dei problemi nella connessione al server con SSL, cosa posso fare? +[[irc_tls_connection]] +=== Ho dei problemi nella connessione al server con TLS, cosa posso fare? // TRANSLATION MISSING If you are using macOS, you must install `openssl` from Homebrew. @@ -769,14 +769,14 @@ Se si verificano problemi con l'handshake gnutls, si può cercare di usare una chiave Diffie-Hellman più piccola (la predefinita è 2048): ---- -/set irc.server.example.ssl_dhkey_size 1024 +/set irc.server.example.tls_dhkey_size 1024 ---- -Se si verificano errori con i certificati, è possibile disabilitare "ssl_verify" +Se si verificano errori con i certificati, è possibile disabilitare "tls_verify" (attenzione, la connessione in questo modo sarà meno sicura): ---- -/set irc.server.example.ssl_verify off +/set irc.server.example.tls_verify off ---- // TRANSLATION MISSING @@ -784,30 +784,30 @@ If the server has an invalid certificate and you know what the certificate should be, you can specify the fingerprint (SHA-512, SHA-256 or SHA-1): ---- -/set irc.server.example.ssl_fingerprint 0c06e399d3c3597511dc8550848bfd2a502f0ce19883b728b73f6b7e8604243b +/set irc.server.example.tls_fingerprint 0c06e399d3c3597511dc8550848bfd2a502f0ce19883b728b73f6b7e8604243b ---- -[[irc_ssl_handshake_error]] -=== Alla connessione al server con SSL ottengo solo l'errore "handshake TLS fallito", cosa posso fare? +[[irc_tls_handshake_error]] +=== Alla connessione al server con TLS ottengo solo l'errore "handshake TLS fallito", cosa posso fare? Provare una stringa di priorità diversa, sostituendo "xxx" con il nome del server: ---- -/set irc.server.xxx.ssl_priorities "NORMAL:-VERS-TLS-ALL:+VERS-TLS1.0:+VERS-SSL3.0:%COMPAT" +/set irc.server.xxx.tls_priorities "NORMAL:-VERS-TLS-ALL:+VERS-TLS1.0:+VERS-SSL3.0:%COMPAT" ---- -[[irc_ssl_libera]] -=== Come ci si può connettere al server libera via SSL? +[[irc_tls_libera]] +=== Come ci si può connettere al server libera via TLS? // TRANSLATION MISSING Check that you have certificates installed on your system, this is commonly provided by the package "ca-certificates". -Impostare la porta del server, SSL, poi riconnettersi: +Impostare la porta del server, TLS, poi riconnettersi: ---- /set irc.server.libera.addresses "irc.libera.chat/6697" -/set irc.server.libera.ssl on +/set irc.server.libera.tls on /connect libera ---- @@ -1098,7 +1098,7 @@ Gli script non sono compatibili con altri client IRC. [[scripts_update]] === The command "/script update" can not read scripts, how to fix that? -First check questions about SSL connection in this FAQ. +First check questions about TLS connection in this FAQ. If still not working, try to manually delete the scripts file (in your shell): @@ -1190,7 +1190,7 @@ Esistono diversi trucchi per ottimizzare l'uso della memoria: See `/help weechat.plugin.autoload`. * caricare solo gli script veramente necessari // TRANSLATION MISSING -* Do not load system certificates if SSL is *NOT* used: turn off this option: +* Do not load system certificates if TLS is *NOT* used: turn off this option: _weechat.network.gnutls_ca_system_. * ridurre il valore dell'opzione _weechat.history.max_buffer_lines_number_ oppure impostare il valore dell'opzione _weechat.history.max_buffer_lines_minutes_ diff --git a/doc/it/weechat_quickstart.it.adoc b/doc/it/weechat_quickstart.it.adoc index 725d7803c..f0ddf4937 100644 --- a/doc/it/weechat_quickstart.it.adoc +++ b/doc/it/weechat_quickstart.it.adoc @@ -114,7 +114,7 @@ vedere "irc" ed altri plugin nella lista. Puoi aggiungere un server IRC con il comando `/server`, per esempio: ---- -/server add libera irc.libera.chat/6697 -ssl +/server add libera irc.libera.chat/6697 -tls ---- In questo comando, `libera` è il nome interno del server usato da WeeChat: diff --git a/doc/it/weechat_user.it.adoc b/doc/it/weechat_user.it.adoc index 3cc12444b..4269318b6 100644 --- a/doc/it/weechat_user.it.adoc +++ b/doc/it/weechat_user.it.adoc @@ -37,7 +37,7 @@ Le principali caratteristiche: // TRANSLATION MISSING * multi-protocollo (mainly IRC) -* connessione a server multipli (con SSL, IPv6, proxy) +* connessione a server multipli (con TLS, IPv6, proxy) * piccolo, veloce e leggero * personalizzabile ed estensibile con plugin e script * conforme alle RFC di IRC @@ -196,7 +196,7 @@ WeeChat: // TRANSLATION MISSING | {cpp} compiler (pass:[g++ / clang++]) | | Build and run tests, plugin JavaScript. | gettext | | Internazionalizzazione (traduzione dei messaggi; la lingua base è l'inglese). -| ca-certificates | | Certificati per le connessioni SSL. +| ca-certificates | | Certificati per le connessioni TLS. | libaspell-dev / libenchant-dev | | Plugin spell. | python3-dev | ≥ 3.0 | Plugin python. | libperl-dev | | Plugin perl. @@ -809,10 +809,10 @@ This can be done while WeeChat is running. === Upgrade command WeeChat can restart the new binary, in place, using the -<<command_weechat_upgrade,/upgrade>> command: the buffer contents and non-SSL +<<command_weechat_upgrade,/upgrade>> command: the buffer contents and non-TLS connections are preserved. + -The SSL connections are lost during upgrade and are restored automatically -after the upgrade (reload of SSL sessions is currently not possible +The TLS connections are lost during upgrade and are restored automatically +after the upgrade (reload of TLS sessions is currently not possible with GnuTLS). The command can also be used if you have to restart the machine, for example @@ -3432,7 +3432,7 @@ Sections in file _weechat.conf_: | history | /set weechat.history.* | History options (commands and buffers). | proxy | <<command_weechat_proxy,/proxy>> + /set weechat.proxy.* | Proxy options. -| network | /set weechat.network.* | Network/SSL options. +| network | /set weechat.network.* | Network/TLS options. // TRANSLATION MISSING | plugin | /set weechat.plugin.* | Options on plugins. // TRANSLATION MISSING @@ -3488,10 +3488,10 @@ By default no servers are defined. You can add as many servers as you want with the <<command_irc_server,/server>> command. For example to connect to https://libera.chat/[libera.chat ^↗^,window=_blank] -with SSL (encrypted trafic): +with TLS (encrypted trafic): ---- -/server add libera irc.libera.chat/6697 -ssl +/server add libera irc.libera.chat/6697 -tls ---- You can tell WeeChat to auto-connect to this server on startup: @@ -3570,13 +3570,13 @@ irc.server.libera.sasl_password string "${sec.data.libera}" irc.server.libera.sasl_timeout integer null -> 15 irc.server.libera.sasl_username string "alice" irc.server.libera.split_msg_max_length integer null -> 512 -irc.server.libera.ssl boolean on -irc.server.libera.ssl_cert string null -> "" -irc.server.libera.ssl_dhkey_size integer null -> 2048 -irc.server.libera.ssl_fingerprint string null -> "" -irc.server.libera.ssl_password string null -> "" -irc.server.libera.ssl_priorities string null -> "NORMAL:-VERS-SSL3.0" -irc.server.libera.ssl_verify boolean null -> on +irc.server.libera.tls boolean on +irc.server.libera.tls_cert string null -> "" +irc.server.libera.tls_dhkey_size integer null -> 2048 +irc.server.libera.tls_fingerprint string null -> "" +irc.server.libera.tls_password string null -> "" +irc.server.libera.tls_priorities string null -> "NORMAL:-VERS-SSL3.0" +irc.server.libera.tls_verify boolean null -> on irc.server.libera.usermode string null -> "" irc.server.libera.username string null -> "alice" .... @@ -3595,13 +3595,13 @@ value, which is now `on` instead of the default value `off`: /unset irc.server.libera.autoconnect ---- -[[irc_ssl_certificates]] -==== Certificati SSL +[[irc_tls_certificates]] +==== Certificati TLS -Al momento della connessione al server IRC con SSL, WeeChat verifica in +Al momento della connessione al server IRC con TLS, WeeChat verifica in maniera predefinita che la connessione sia completamente fidata. -Esistono alcune opzioni per controllare la connessione SSL: +Esistono alcune opzioni per controllare la connessione TLS: // TRANSLATION MISSING weechat.network.gnutls_ca_system:: @@ -3611,20 +3611,20 @@ weechat.network.gnutls_ca_system:: weechat.network.gnutls_ca_user:: extra file(s) with certificate authorities -irc.server.xxx.ssl_cert:: - file del certificato SSL usato per identificare automaticamente il proprio +irc.server.xxx.tls_cert:: + file del certificato TLS usato per identificare automaticamente il proprio nick ad esempio CertFP su oftc (a seguire) -irc.server.xxx.ssl_dhkey_size:: +irc.server.xxx.tls_dhkey_size:: dimensione della chiave usata durante lo Scambio Chiavi Diffie-Hellman (predefinita; 2048) -irc.server.xxx.ssl_verify:: - verifica che la connessione SSL sia totalmente fidata (opzione attivata +irc.server.xxx.tls_verify:: + verifica che la connessione TLS sia totalmente fidata (opzione attivata in maniera predefinita) [NOTE] -L'opzione "ssl_verify" è attivata per default, in questo modo la verifica è rigorosa +L'opzione "tls_verify" è attivata per default, in questo modo la verifica è rigorosa e potrebbe fallire, anche se funziona senza problemi con versioni precedenti la 0.3.1. @@ -3634,8 +3634,8 @@ la 0.3.1. * Importare certificati nella shell: ---- -$ mkdir -p ~/.config/weechat/ssl -$ wget -O ~/.config/weechat/ssl/CAs.pem https://www.spi-inc.org/ca/spi-cacert.crt +$ mkdir -p ~/.config/weechat/tls +$ wget -O ~/.config/weechat/tls/CAs.pem https://www.spi-inc.org/ca/spi-cacert.crt ---- // TRANSLATION MISSING @@ -3660,8 +3660,8 @@ E possibile concatenare più certificati nel file CAs.pem. * Creare un certificato nella shell: ---- -$ mkdir -p ~/.config/weechat/ssl -$ cd ~/.config/weechat/ssl +$ mkdir -p ~/.config/weechat/tls +$ cd ~/.config/weechat/tls $ openssl req -nodes -newkey rsa:2048 -keyout nick.pem -x509 -days 365 -out nick.pem ---- @@ -3674,7 +3674,7 @@ which can also be for example `~/.weechat`. * In WeeChat, with "oftc" server already added: ---- -/set irc.server.oftc.ssl_cert "${weechat_config_dir}/ssl/nick.pem" +/set irc.server.oftc.tls_cert "${weechat_config_dir}/tls/nick.pem" /connect oftc /msg nickserv cert add ---- @@ -3970,7 +3970,7 @@ WeeChat supports SASL authentication, using different mechanisms: * _scram-sha-512_: SCRAM with SHA-512 digest algorithm // TRANSLATION MISSING * _ecdsa-nist256p-challenge_: challenge with public/private key -* _external_: certificato SSL da lato client +* _external_: certificato TLS da lato client Le opzioni nel server sono: diff --git a/doc/ja/weechat_faq.ja.adoc b/doc/ja/weechat_faq.ja.adoc index 95b7295fc..606852ace 100644 --- a/doc/ja/weechat_faq.ja.adoc +++ b/doc/ja/weechat_faq.ja.adoc @@ -706,8 +706,8 @@ WeeChat でマウスが利用可能な場合、kbd:[Shift] [[irc]] == IRC -[[irc_ssl_connection]] -=== SSL を使うサーバへの接続中に問題が発生しました。どうすればいいですか。 +[[irc_tls_connection]] +=== TLS を使うサーバへの接続中に問題が発生しました。どうすればいいですか。 macOS をお使いの場合、必ず Homebrew から `openssl` をインストールしてください。こうすることでシステムの鍵束に含まれる証明書を使いつつ、CA @@ -716,45 +716,45 @@ gnutls ハンドシェイクに関するエラーの場合、Diffie-Hellman キ (デフォルトは 2048) のサイズを小さくすることを試してみてください: ---- -/set irc.server.example.ssl_dhkey_size 1024 +/set irc.server.example.tls_dhkey_size 1024 ---- -証明書に関するエラーの場合、"ssl_verify" を無効化してください +証明書に関するエラーの場合、"tls_verify" を無効化してください (接続の機密保護がより甘くなることに注意): ---- -/set irc.server.example.ssl_verify off +/set irc.server.example.tls_verify off ---- サーバが不正な証明書を持っており、正常な証明書がどのようなものであるかわかっている場合、証明書の指紋を設定しておくことが可能です (SHA-512、SHA-256、SHA-1): ---- -/set irc.server.example.ssl_fingerprint 0c06e399d3c3597511dc8550848bfd2a502f0ce19883b728b73f6b7e8604243b +/set irc.server.example.tls_fingerprint 0c06e399d3c3597511dc8550848bfd2a502f0ce19883b728b73f6b7e8604243b ---- -[[irc_ssl_handshake_error]] -=== SSL を使うサーバへの接続中に、"TLS handshake failed" というエラーだけが表示されます。どうすれば良いですか。 +[[irc_tls_handshake_error]] +=== TLS を使うサーバへの接続中に、"TLS handshake failed" というエラーだけが表示されます。どうすれば良いですか。 // TRANSLATION MISSING You can try a different priority string, replace "xxx" by your server name: ---- -/set irc.server.xxx.ssl_priorities "NORMAL:-VERS-TLS-ALL:+VERS-TLS1.0:+VERS-SSL3.0:%COMPAT" +/set irc.server.xxx.tls_priorities "NORMAL:-VERS-TLS-ALL:+VERS-TLS1.0:+VERS-SSL3.0:%COMPAT" ---- -[[irc_ssl_libera]] -=== どうすれば SSL を使って libera サーバに接続できますか。 +[[irc_tls_libera]] +=== どうすれば TLS を使って libera サーバに接続できますか。 // TRANSLATION MISSING Check that you have certificates installed on your system, this is commonly provided by the package "ca-certificates". -サーバポート、SSL を設定の後に接続してください: +サーバポート、TLS を設定の後に接続してください: ---- /set irc.server.libera.addresses "irc.libera.chat/6697" -/set irc.server.libera.ssl on +/set irc.server.libera.tls on /connect libera ---- @@ -1029,7 +1029,7 @@ for help). [[scripts_update]] === コマンド "/script update" でスクリプトを読み込むことができません。どうすればいいですか。 -手始めに、この FAQ の SSL 接続に関する質問を確認してください。 +手始めに、この FAQ の TLS 接続に関する質問を確認してください。 それでもだめなら、手作業で (シェルから) スクリプトリストファイルを削除してください: @@ -1116,7 +1116,7 @@ spell プラグインをリロードしてください: `/help weechat.plugin.autoload` を参照してください。 * 本当に必要なスクリプトだけをロード // TRANSLATION MISSING -* Do not load system certificates if SSL is *NOT* used: turn off this option: +* Do not load system certificates if TLS is *NOT* used: turn off this option: _weechat.network.gnutls_ca_system_. * _weechat.history.max_buffer_lines_number_ オプションの値を減らすか、_weechat.history.max_buffer_lines_minutes_ オプションに値を設定してください。 diff --git a/doc/ja/weechat_quickstart.ja.adoc b/doc/ja/weechat_quickstart.ja.adoc index 747603943..59a3b8760 100644 --- a/doc/ja/weechat_quickstart.ja.adoc +++ b/doc/ja/weechat_quickstart.ja.adoc @@ -112,7 +112,7 @@ IRC 等全てのネットワークプロトコルはそれぞれ異なるプラ IRC サーバを追加するには `/server` コマンドを使ってください、例: ---- -/server add libera irc.libera.chat/6697 -ssl +/server add libera irc.libera.chat/6697 -tls ---- このコマンドにおいて、`libera` は WeeChat が使う内部サーバ名です: diff --git a/doc/ja/weechat_relay_protocol.ja.adoc b/doc/ja/weechat_relay_protocol.ja.adoc index c55818fd3..daa0db333 100644 --- a/doc/ja/weechat_relay_protocol.ja.adoc +++ b/doc/ja/weechat_relay_protocol.ja.adoc @@ -2349,7 +2349,7 @@ _WeeChat バージョン 0.3.8 以上で利用可。_ [NOTE] WeeChat のアップグレード中、ソケットは開いたままです -(ただし SSL を使っている場合は閉じられます)。 +(ただし TLS を使っている場合は閉じられます)。 [[message_upgrade_ended]] ==== _upgrade_ended diff --git a/doc/ja/weechat_user.ja.adoc b/doc/ja/weechat_user.ja.adoc index 7425da1d7..fa50d2c5e 100644 --- a/doc/ja/weechat_user.ja.adoc +++ b/doc/ja/weechat_user.ja.adoc @@ -34,7 +34,7 @@ WeeChat (Wee Enhanced Environment for Chat) 主な特徴: * マルチプロトコル (主に IRC) -* 複数のサーバへの接続 (SSL、IPv6、プロキシをサポート) +* 複数のサーバへの接続 (TLS、IPv6、プロキシをサポート) * コンパクト、高速、軽量 * プラグインとスクリプトでカスタマイズや拡張が可能 * IRC の RFC に準拠 @@ -180,7 +180,7 @@ WeeChat: | パッケージ ^(1)^ | バージョン | Features | {cpp} コンパイラ (pass:[g++ / clang++]) | | ビルドとテストの実行、JavaScript プラグイン | gettext | | 国際化 (メッセージの翻訳; ベース言語は英語です) -| ca-certificates | | SSL 接続に必要な証明書、relay プラグインで SSL サポート +| ca-certificates | | TLS 接続に必要な証明書、relay プラグインで TLS サポート | libaspell-dev / libenchant-dev | | spell プラグイン | python3-dev | 3.0 以上 | python プラグイン | libperl-dev | | perl プラグイン @@ -779,10 +779,10 @@ This can be done while WeeChat is running. === Upgrade command WeeChat can restart the new binary, in place, using the -<<command_weechat_upgrade,/upgrade>> command: the buffer contents and non-SSL +<<command_weechat_upgrade,/upgrade>> command: the buffer contents and non-TLS connections are preserved. + -The SSL connections are lost during upgrade and are restored automatically -after the upgrade (reload of SSL sessions is currently not possible +The TLS connections are lost during upgrade and are restored automatically +after the upgrade (reload of TLS sessions is currently not possible with GnuTLS). The command can also be used if you have to restart the machine, for example @@ -3304,7 +3304,7 @@ _weechat.conf_ ファイル内のセクション: | history | /set weechat.history.* | 履歴オプション (コマンドとバッファ) | proxy | <<command_weechat_proxy,/proxy>> + /set weechat.proxy.* | プロキシオプション -| network | /set weechat.network.* | ネットワーク/SSL オプション +| network | /set weechat.network.* | ネットワーク/TLS オプション // TRANSLATION MISSING | plugin | /set weechat.plugin.* | Options on plugins. // TRANSLATION MISSING @@ -3359,10 +3359,10 @@ By default no servers are defined. You can add as many servers as you want with the <<command_irc_server,/server>> command. For example to connect to https://libera.chat/[libera.chat ^↗^,window=_blank] -with SSL (encrypted trafic): +with TLS (encrypted trafic): ---- -/server add libera irc.libera.chat/6697 -ssl +/server add libera irc.libera.chat/6697 -tls ---- You can tell WeeChat to auto-connect to this server on startup: @@ -3441,13 +3441,13 @@ irc.server.libera.sasl_password string "${sec.data.libera}" irc.server.libera.sasl_timeout integer null -> 15 irc.server.libera.sasl_username string "alice" irc.server.libera.split_msg_max_length integer null -> 512 -irc.server.libera.ssl boolean on -irc.server.libera.ssl_cert string null -> "" -irc.server.libera.ssl_dhkey_size integer null -> 2048 -irc.server.libera.ssl_fingerprint string null -> "" -irc.server.libera.ssl_password string null -> "" -irc.server.libera.ssl_priorities string null -> "NORMAL:-VERS-SSL3.0" -irc.server.libera.ssl_verify boolean null -> on +irc.server.libera.tls boolean on +irc.server.libera.tls_cert string null -> "" +irc.server.libera.tls_dhkey_size integer null -> 2048 +irc.server.libera.tls_fingerprint string null -> "" +irc.server.libera.tls_password string null -> "" +irc.server.libera.tls_priorities string null -> "NORMAL:-VERS-SSL3.0" +irc.server.libera.tls_verify boolean null -> on irc.server.libera.usermode string null -> "" irc.server.libera.username string null -> "alice" .... @@ -3466,13 +3466,13 @@ value, which is now `on` instead of the default value `off`: /unset irc.server.libera.autoconnect ---- -[[irc_ssl_certificates]] -==== SSL 証明書 +[[irc_tls_certificates]] +==== TLS 証明書 -SSL を使って IRC サーバに接続する場合、WeeChat +TLS を使って IRC サーバに接続する場合、WeeChat はデフォルトで接続が完全に信頼できるものかどうかを確認します。 -以下のオプションで SSL 接続を設定します: +以下のオプションで TLS 接続を設定します: // TRANSLATION MISSING weechat.network.gnutls_ca_system:: @@ -3482,19 +3482,19 @@ weechat.network.gnutls_ca_system:: weechat.network.gnutls_ca_user:: extra file(s) with certificate authorities -irc.server.xxx.ssl_cert:: - 自動的にニックネームを確認するために利用される SSL 証明書ファイル (例えば +irc.server.xxx.tls_cert:: + 自動的にニックネームを確認するために利用される TLS 証明書ファイル (例えば oftc サーバにおける CertFP の場合、以下を確認してください) -irc.server.xxx.ssl_dhkey_size:: +irc.server.xxx.tls_dhkey_size:: Diffie-Hellman キー交換の際に利用される鍵サイズ (デフォルト: 2048) -irc.server.xxx.ssl_verify:: - SSL 接続が完全に信頼できることの確認を行う (デフォルトで有効) +irc.server.xxx.tls_verify:: + TLS 接続が完全に信頼できることの確認を行う (デフォルトで有効) [NOTE] -"ssl_verify" オプションはデフォルトで有効です、したがって厳密な確認が行われ、0.3.1 +"tls_verify" オプションはデフォルトで有効です、したがって厳密な確認が行われ、0.3.1 より前のバージョンでは信頼性の確認に成功していたものが失敗する場合もあります。 [[irc_connect_oftc_with_certificate]] @@ -3503,8 +3503,8 @@ irc.server.xxx.ssl_verify:: * シェルを使って証明書をインポート: ---- -$ mkdir -p ~/.config/weechat/ssl -$ wget -O ~/.config/weechat/ssl/CAs.pem https://www.spi-inc.org/ca/spi-cacert.crt +$ mkdir -p ~/.config/weechat/tls +$ wget -O ~/.config/weechat/tls/CAs.pem https://www.spi-inc.org/ca/spi-cacert.crt ---- // TRANSLATION MISSING @@ -3527,8 +3527,8 @@ CAs.pem ファイル中で複数の証明書を連結することもできます * シェルで証明書を作成: ---- -$ mkdir -p ~/.config/weechat/ssl -$ cd ~/.config/weechat/ssl +$ mkdir -p ~/.config/weechat/tls +$ cd ~/.config/weechat/tls $ openssl req -nodes -newkey rsa:2048 -keyout nick.pem -x509 -days 365 -out nick.pem ---- @@ -3540,7 +3540,7 @@ which can also be for example `~/.weechat`. * WeeChat では、"oftc" サーバが既に追加されています: ---- -/set irc.server.oftc.ssl_cert "${weechat_config_dir}/ssl/nick.pem" +/set irc.server.oftc.tls_cert "${weechat_config_dir}/tls/nick.pem" /connect oftc /msg nickserv cert add ---- @@ -3833,7 +3833,7 @@ WeeChat は SASL 認証をサポートします、以下の認証メカニズム // TRANSLATION MISSING * _scram-sha-512_: SCRAM with SHA-512 digest algorithm * _ecdsa-nist256p-challenge_: 公開鍵/秘密鍵を使うチャレンジ認証 -* _external_: クライアント側 SSL 証明書 +* _external_: クライアント側 TLS 証明書 サーバオプション: diff --git a/doc/pl/weechat_faq.pl.adoc b/doc/pl/weechat_faq.pl.adoc index b361f9b4b..126f43874 100644 --- a/doc/pl/weechat_faq.pl.adoc +++ b/doc/pl/weechat_faq.pl.adoc @@ -696,8 +696,8 @@ kbd:[Shift]). [[irc]] == IRC -[[irc_ssl_connection]] -=== Mam problemy podczas połączenia z serwerem używającym SSL, co mogę zrobić? +[[irc_tls_connection]] +=== Mam problemy podczas połączenia z serwerem używającym TLS, co mogę zrobić? Jeśli używasz Mac macOS, musisz zainstalować `openssl` z Homebrew. Plik CA zostanie wygenerowany korzystając z systemowego keychaina. @@ -706,43 +706,43 @@ Jeśli widzisz błędy gnutls, możesz użyć innej wielkości klucza Diffie-Hellman (domyślnie 2048): ---- -/set irc.server.example.ssl_dhkey_size 1024 +/set irc.server.example.tls_dhkey_size 1024 ---- -Jeśli widzisz błędy związanie z certyfikatami, możesz wyłączyć opcję "ssl_verify" +Jeśli widzisz błędy związanie z certyfikatami, możesz wyłączyć opcję "tls_verify" (należy jednak uważać, ponieważ połączenie będzie mniej bezpieczne): ---- -/set irc.server.example.ssl_verify off +/set irc.server.example.tls_verify off ---- Jeśli serwer ma niewłaściwy certyfikat i wiesz jaki on powinien być, możesz podać sumę kontrolną (SHA-512, SHA-256 lub SHA-1): ---- -/set irc.server.example.ssl_fingerprint 0c06e399d3c3597511dc8550848bfd2a502f0ce19883b728b73f6b7e8604243b +/set irc.server.example.tls_fingerprint 0c06e399d3c3597511dc8550848bfd2a502f0ce19883b728b73f6b7e8604243b ---- -[[irc_ssl_handshake_error]] -=== Podczas łączenia się z serwerem poprzez SSL widzę tylko błąd "TLS handshake failed", co mogę zrobić? +[[irc_tls_handshake_error]] +=== Podczas łączenia się z serwerem poprzez TLS widzę tylko błąd "TLS handshake failed", co mogę zrobić? Możesz spróbować innego ciągu priorytetu, zamień "xxx" nazwą serwera: ---- -/set irc.server.xxx.ssl_priorities "NORMAL:-VERS-TLS-ALL:+VERS-TLS1.0:+VERS-SSL3.0:%COMPAT" +/set irc.server.xxx.tls_priorities "NORMAL:-VERS-TLS-ALL:+VERS-TLS1.0:+VERS-SSL3.0:%COMPAT" ---- -[[irc_ssl_libera]] -=== Jak mogę połączyć się z serwerem libera używając SSL? +[[irc_tls_libera]] +=== Jak mogę połączyć się z serwerem libera używając TLS? Sprawdź czy masz zainstalowane cartyfikaty w systemie, zazwyczaj zapewnia je paczka o nazwie "ca-certificates". -Ustaw port serwera, SSL, następnie się połącz: +Ustaw port serwera, TLS, następnie się połącz: ---- /set irc.server.libera.addresses "irc.libera.chat/6697" -/set irc.server.libera.ssl on +/set irc.server.libera.tls on /connect libera ---- @@ -1008,7 +1008,7 @@ Skrypty nie są kompatybilne z innymi klientami IRC. [[scripts_update]] === Komenda "/script update" nie może odczytać skryptów, jak to naprawić? -Najpierw zapoznaj się z zagadnieniami dotyczącymi połączeń SSL znajdującymi się +Najpierw zapoznaj się z zagadnieniami dotyczącymi połączeń TLS znajdującymi się w tym dokumencie. Jeśli to nie pomoże spróbuj ręcznie usunąć plik z listą skryptów (z poziomu powłoki): @@ -1094,7 +1094,7 @@ W celu zmniejszenia używanej pamięci możesz zastosować się do poniższych r ruby, lua, tcl, guile, javascript, php, spell, xfer (używana do DCC). Zobacz `/help weechat.plugin.autoload`. * ładować tylko naprawdę używane skrypty -* nie ładuj systemowych certyfikatów jeśli SSL *nie* jest używane: wyłącz tą opcję: +* nie ładuj systemowych certyfikatów jeśli TLS *nie* jest używane: wyłącz tą opcję: _weechat.network.gnutls_ca_system_. * zmniejsz wartość dla opcji _weechat.history.max_buffer_lines_number_ lub ustaw wartość opcji _weechat.history.max_buffer_lines_minutes_ diff --git a/doc/pl/weechat_quickstart.pl.adoc b/doc/pl/weechat_quickstart.pl.adoc index cb0cdf6af..be9368bfe 100644 --- a/doc/pl/weechat_quickstart.pl.adoc +++ b/doc/pl/weechat_quickstart.pl.adoc @@ -111,7 +111,7 @@ na liście "irc" oraz inne wtyczki. Możesz dodać serwer IRC za pomocą komendy `/server`, na przykład: ---- -/server add libera irc.libera.chat/6697 -ssl +/server add libera irc.libera.chat/6697 -tls ---- W tej komendzie `libera` to nazwa wewnętrzna używana przez WeeChat: diff --git a/doc/pl/weechat_user.pl.adoc b/doc/pl/weechat_user.pl.adoc index 14c439b98..3b37bc945 100644 --- a/doc/pl/weechat_user.pl.adoc +++ b/doc/pl/weechat_user.pl.adoc @@ -33,7 +33,7 @@ i lekki, przeznaczony dla wielu systemów operacyjnych. Główne cechy to: * wsparcie dla wielu protokołów (mainly IRC) -* połączenie z wieloma serwerami (z SSL, IPv6, proxy) +* połączenie z wieloma serwerami (z TLS, IPv6, proxy) * mały, szybki i lekki * konfigurowalny i rozszerzalny dzięki wtyczką i skryptom * zgodny z RFC dla IRC @@ -167,7 +167,7 @@ WeeChat: | Pakiet ^(1)^ | Wersja | Funkcje | kompilator {cpp} (pass:[g++ / clang++]) | | Kompilacja i uruchamianie testów, wtyczka JavaScript. | gettext | | Internacjonalizacja (tłumaczenie wiadomości; język bazowy to Angielski). -| ca-certificates | | Certyfikaty dla połączeń SSL. +| ca-certificates | | Certyfikaty dla połączeń TLS. | libaspell-dev / libenchant-dev | | Wtyczka spell. | python3-dev | ≥ 3.0 | Wtyczka python. | libperl-dev | | Wtyczka perl. @@ -742,9 +742,9 @@ Można to zrobić podczas działania WeeChat. WeeChat może zostać ponownie uruchomiony z nowego pliku binarnego bez potrzeby jego wyłączania za pomocą komendy <<command_weechat_upgrade,/upgrade>>: -zawartości buforów i połączenia nie SSL zostają zachowane. + -Połączenia SSL są przerywane podczas aktualizacji i są automatycznie -przywracane po jej zakończeniu (przeładowanie sesji SSL jest obecnie +zawartości buforów i połączenia nie TLS zostają zachowane. + +Połączenia TLS są przerywane podczas aktualizacji i są automatycznie +przywracane po jej zakończeniu (przeładowanie sesji TLS jest obecnie niemożliwe z użyciem GnuTLS). Komenda ta może zostać użyta również w momencie restartu maszyny, na przykład @@ -3197,7 +3197,7 @@ Sekcje w pliku _weechat.conf_: | history | /set weechat.history.* | Opcje historii (komend i buforów). | proxy | <<command_weechat_proxy,/proxy>> + /set weechat.proxy.* | Opcje proxy. -| network | /set weechat.network.* | Opcje sieci/SSL. +| network | /set weechat.network.* | Opcje sieci/TLS. | plugin | /set weechat.plugin.* | Opcje wtyczek. | signal | /set weechat.signal.* | Opcje sygnałów. | bar | <<command_weechat_bar,/bar>> + @@ -3251,10 +3251,10 @@ Domyślnie nie są zdefiniowane żadne serwery. Możesz dodać ich tyle ile chce za pomocą polecenia <<command_irc_server,/server>>. Na przykład w celu połączenia się do https://libera.chat/[libera.chat ^↗^,window=_blank] -używając SSL (szyfrowane połączenie): +używając TLS (szyfrowane połączenie): ---- -/server add libera irc.libera.chat/6697 -ssl +/server add libera irc.libera.chat/6697 -tls ---- Możesz powiedzieć WeeChat, aby automatycznie łączył się z tym serwerem po @@ -3335,13 +3335,13 @@ irc.server.libera.sasl_password string "${sec.data.libera}" irc.server.libera.sasl_timeout integer null -> 15 irc.server.libera.sasl_username string "alice" irc.server.libera.split_msg_max_length integer null -> 512 -irc.server.libera.ssl boolean on -irc.server.libera.ssl_cert string null -> "" -irc.server.libera.ssl_dhkey_size integer null -> 2048 -irc.server.libera.ssl_fingerprint string null -> "" -irc.server.libera.ssl_password string null -> "" -irc.server.libera.ssl_priorities string null -> "NORMAL:-VERS-SSL3.0" -irc.server.libera.ssl_verify boolean null -> on +irc.server.libera.tls boolean on +irc.server.libera.tls_cert string null -> "" +irc.server.libera.tls_dhkey_size integer null -> 2048 +irc.server.libera.tls_fingerprint string null -> "" +irc.server.libera.tls_password string null -> "" +irc.server.libera.tls_priorities string null -> "NORMAL:-VERS-SSL3.0" +irc.server.libera.tls_verify boolean null -> on irc.server.libera.usermode string null -> "" irc.server.libera.username string null -> "alice" .... @@ -3361,13 +3361,13 @@ wartości, która teraz ma wartość `on` zamiast domyślnego `off`: /unset irc.server.libera.autoconnect ---- -[[irc_ssl_certificates]] -==== Certyfikaty SSL +[[irc_tls_certificates]] +==== Certyfikaty TLS Podczas łączenia się z serwerem IRC, WeeChat domyślnie sprawdza czy połączenie jest w pełni zaufane. -Niektóre opcje są używane do kontroli połączenia SSL: +Niektóre opcje są używane do kontroli połączenia TLS: weechat.network.gnutls_ca_system:: ładuje domyślne systemowe zaufane urzędy cetyfikujące @@ -3375,18 +3375,18 @@ weechat.network.gnutls_ca_system:: weechat.network.gnutls_ca_user:: dodatkowy plik(i) urzędów certyfikacyjnych -irc.server.xxx.ssl_cert:: - certyfikat SSL używany do automatycznej identyfikacji twojego nicka (na +irc.server.xxx.tls_cert:: + certyfikat TLS używany do automatycznej identyfikacji twojego nicka (na przykład CertFP w sieci oftc, zobacz niżej) -irc.server.xxx.ssl_dhkey_size:: +irc.server.xxx.tls_dhkey_size:: rozmiar klucza użytego podczas wymiany kluczy Diffie-Hellman (domyślnie: 2048) -irc.server.xxx.ssl_verify:: - sprawdź, że połączenie SSL jest w pełni zaufane (domyślnie włączone) +irc.server.xxx.tls_verify:: + sprawdź, że połączenie TLS jest w pełni zaufane (domyślnie włączone) [NOTE] -Opcja "ssl_verify" jest domyślnie włączona, weryfikacja jest restrykcyjna i może +Opcja "tls_verify" jest domyślnie włączona, weryfikacja jest restrykcyjna i może się nie powieść, nawet jeśli wszystko było OK w wersjach przed 0.3.1. [[irc_connect_oftc_with_certificate]] @@ -3395,8 +3395,8 @@ się nie powieść, nawet jeśli wszystko było OK w wersjach przed 0.3.1. * Import certyfikatu w kosoli: ---- -$ mkdir -p ~/.config/weechat/ssl -$ wget -O ~/.config/weechat/ssl/CAs.pem https://www.spi-inc.org/ca/spi-cacert.crt +$ mkdir -p ~/.config/weechat/tls +$ wget -O ~/.config/weechat/tls/CAs.pem https://www.spi-inc.org/ca/spi-cacert.crt ---- [NOTE] @@ -3418,8 +3418,8 @@ Możliwe jest umieszczenie wielu certyfikatów w pliku CAs.pem. * Tworzenie certyfikatu w konsoli: ---- -$ mkdir -p ~/.config/weechat/ssl -$ cd ~/.config/weechat/ssl +$ mkdir -p ~/.config/weechat/tls +$ cd ~/.config/weechat/tls $ openssl req -nodes -newkey rsa:2048 -keyout nick.pem -x509 -days 365 -out nick.pem ---- @@ -3430,7 +3430,7 @@ który może być ustawiony na przykład na `~/.weechat`. * W WeeChat z dodanym wcześniej serwerem "oftc": ---- -/set irc.server.oftc.ssl_cert "${weechat_config_dir}/ssl/nick.pem" +/set irc.server.oftc.tls_cert "${weechat_config_dir}/tls/nick.pem" /connect oftc /msg nickserv cert add ---- @@ -3439,7 +3439,7 @@ Więcej informacji można znaleźć odwiedzając https://www.oftc.net/NickServ/CertFP/[tą stronę ^↗^,window=_blank]. [[irc_ircv3_support]] -==== Wsparcie dla IRCv3 +==== Wsparcie dla IRCv3 WeeChat wspiera następujące https://ircv3.net/irc/[rozszerzenia IRCv3 ^↗^,window=_blank]: @@ -3719,7 +3719,7 @@ WeeChat wspiera uwierzytelnianie SASL, używając różnych mechanizmów: * _scram-sha-256_: SCRAM z użyciem algorytmu SHA-256 * _scram-sha-512_: SCRAM z użyciem algorytmu SHA-512 * _ecdsa-nist256p-challenge_: klucz prywatny/publiczny -* _external_: certyfikat SSL po stronie klienta +* _external_: certyfikat TLS po stronie klienta Opcje dla serwerów to: @@ -5222,7 +5222,7 @@ Zmienne ustawiane za pomocą tagów w wiadomościach: | tg_tag_prefix_nick | ciąg | Kolor nicka w prefiksie (z tagu "prefix_nick_ccc"). | tg_tag_host | ciąg | Nazwa użytkownika i host, format: username@host (z tagu "host_xxx"). | tg_tag_notify | ciąg | Poziom powiadomień (_none_, _message_, _private_, _highlight_). -| tg_tag_irc_xxx | ciąg | Tag wiadomości IRC (klucz "xxx"). ^(1)^ +| tg_tag_irc_xxx | ciąg | Tag wiadomości IRC (klucz "xxx"). ^(1)^ | tg_notify | ciąg | Poziom powiadomień, jeśli różny od _none_. | tg_msg_pv | ciąg | "1" dla prywatnej wiadomości, inaczej "0". |=== diff --git a/doc/ru/weechat_quickstart.ru.adoc b/doc/ru/weechat_quickstart.ru.adoc index 0cef81f81..4cd29bfc8 100644 --- a/doc/ru/weechat_quickstart.ru.adoc +++ b/doc/ru/weechat_quickstart.ru.adoc @@ -121,7 +121,7 @@ For more information about `/fset` command and keys, see `/help fset`. Вы можете добавить IRC сервер с помощью команды `/server`, например: ---- -/server add libera irc.libera.chat/6697 -ssl +/server add libera irc.libera.chat/6697 -tls ---- // TRANSLATION MISSING diff --git a/doc/sr/weechat_faq.sr.adoc b/doc/sr/weechat_faq.sr.adoc index 2601cce07..f3d10ea40 100644 --- a/doc/sr/weechat_faq.sr.adoc +++ b/doc/sr/weechat_faq.sr.adoc @@ -616,49 +616,49 @@ $ printf '\033[?1002l' [[irc]] == IRC -[[irc_ssl_connection]] -=== Имам проблеме са повезивањем на сервер преко SSL, шта може да се уради? +[[irc_tls_connection]] +=== Имам проблеме са повезивањем на сервер преко TLS, шта може да се уради? Ако користите macOS, морате инсталирати `openssl` из Homebrew. CA фајл ће се добавити употребом сертификата из системског свежња кључева. Ако добијате грешке у вези gnutls руковања, можете покушати са мањим Дифи-Хелман кључем (подразумевани је дужине 2048): ---- -/set irc.server.example.ssl_dhkey_size 1024 +/set irc.server.example.tls_dhkey_size 1024 ---- -Ако видите грешке у вези сертификата, можете да искључите „ssl_verify” (али будите веома опрезни, због овога су везе мање безбедне): +Ако видите грешке у вези сертификата, можете да искључите „tls_verify” (али будите веома опрезни, због овога су везе мање безбедне): ---- -/set irc.server.example.ssl_verify off +/set irc.server.example.tls_verify off ---- Ако сервер поседује неважећи сертификат, а знате какав би он требало да буде, можете да наведете отисак (SHA-512, SHA-256 или SHA-1): ---- -/set irc.server.example.ssl_fingerprint 0c06e399d3c3597511dc8550848bfd2a502f0ce19883b728b73f6b7e8604243b +/set irc.server.example.tls_fingerprint 0c06e399d3c3597511dc8550848bfd2a502f0ce19883b728b73f6b7e8604243b ---- -[[irc_ssl_handshake_error]] -=== Када се успоставља веза са сервером преко SSL, видим само грешку „TLS handshake failed”, шта да радим? +[[irc_tls_handshake_error]] +=== Када се успоставља веза са сервером преко TLS, видим само грешку „TLS handshake failed”, шта да радим? Можете да покушате са другачијим стрингом приоритета, замените „xxx” са именом вашег сервера: ---- -/set irc.server.xxx.ssl_priorities "NORMAL:-VERS-TLS-ALL:+VERS-TLS1.0:+VERS-SSL3.0:%COMPAT" +/set irc.server.xxx.tls_priorities "NORMAL:-VERS-TLS-ALL:+VERS-TLS1.0:+VERS-SSL3.0:%COMPAT" ---- -[[irc_ssl_libera]] -=== Како да се повежем са libera сервером преко SSL? +[[irc_tls_libera]] +=== Како да се повежем са libera сервером преко TLS? Проверите да су на вашем систему инсталирани сертификати, обично их обезбеђује пакет „ca-certificates”. -Поставите порт сервера, SSL, затим се повежите: +Поставите порт сервера, TLS, затим се повежите: ---- /set irc.server.libera.addresses "irc.libera.chat/6697" -/set irc.server.libera.ssl on +/set irc.server.libera.tls on /connect libera ---- @@ -896,7 +896,7 @@ link:weechat_user.sr.html#max_hotlist_level_nicks[hotlist_max_level_nicks_add ^ [[scripts_update]] === Команда „/script update” не може да чита скрипте, како да то поправим? -Најпре погледајте питање у вези SSL везе у овом ЧПП. +Најпре погледајте питање у вези TLS везе у овом ЧПП. Ако још увек не функционише, покушајте ручно да обришете фајл са скриптама (из свог командног окружења): @@ -972,7 +972,7 @@ export OBJC_DISABLE_INITIALIZE_FORK_SAFETY=YES * Користите последњу стабилну верзију (требало би да има мање цурења меморије од старијих верзија). * Не учитавајте додатке које заиста и не користите, на пример: buflist, fifo, logger, perl, python, ruby, lua, tcl, guile, javascript, php, spell, xfer (користи се за DCC). Погледајте `/help weechat.plugin.autoload`. * Учитавајте само скрипте које су вам заста неопходне. -* Не учитавајте системске сертификате ако се SSL *НЕ* користи: искључите следећу опцију: _weechat.network.gnutls_ca_system. +* Не учитавајте системске сертификате ако се TLS *НЕ* користи: искључите следећу опцију: _weechat.network.gnutls_ca_system. * Смањите вредност опције _weechat.history.max_buffer_lines_number_ или поставите вредност опције _weechat.history.max_buffer_lines_minutes_. * Смањите вредност опције _weechat.history.max_commands_. diff --git a/doc/sr/weechat_quickstart.sr.adoc b/doc/sr/weechat_quickstart.sr.adoc index eac7588e0..a29a58f7b 100644 --- a/doc/sr/weechat_quickstart.sr.adoc +++ b/doc/sr/weechat_quickstart.sr.adoc @@ -96,7 +96,7 @@ WeeChat „језгро” се користи само за приказ под IRC сервер можете додати командом `/server`, на пример: ---- -/server add libera irc.libera.chat/6697 -ssl +/server add libera irc.libera.chat/6697 -tls ---- `freenode` је у овој команди интерно име сервера које користи програм WeeChat: касније ћете моћи да се повежете са њим помоћу `/connect libera`, а опције сервера су _irc.server.libera.xxx_. diff --git a/doc/sr/weechat_relay_protocol.sr.adoc b/doc/sr/weechat_relay_protocol.sr.adoc index ca9703a74..2074f2b96 100644 --- a/doc/sr/weechat_relay_protocol.sr.adoc +++ b/doc/sr/weechat_relay_protocol.sr.adoc @@ -2201,7 +2201,7 @@ _WeeChat ≥ 0.3.8._ Препоручена акција у клијенту је да се десинхронизује са програмом WeeChat (да пошаље команду _desync_), или да прекине везу са програмом WeeChat (јер ће се након ажурирања променити вредности свих показивача). [NOTE] -Током ажурирања програма WeeChat, сокет остаје отворен (осим у случају када веза користи SSL). +Током ажурирања програма WeeChat, сокет остаје отворен (осим у случају када веза користи TLS). [[message_upgrade_ended]] ==== _upgrade_ended diff --git a/doc/sr/weechat_user.sr.adoc b/doc/sr/weechat_user.sr.adoc index 86e50d75a..19c631767 100644 --- a/doc/sr/weechat_user.sr.adoc +++ b/doc/sr/weechat_user.sr.adoc @@ -31,7 +31,7 @@ WeeChat (Wee Enhanced Environment for Chat) је бесплатни чет кл Основне могућности програма су: * подржавање разне протоколе (углавном IRC) -* разни начини повезивања са сервером (преко SSL, IPv6, прокси) +* разни начини повезивања са сервером (преко TLS, IPv6, прокси) * мали је, брз и не оптерећује систем * прилагођавање и проширивање помоћу додатака и скрипти * сагласност са IRC RFC документима @@ -154,7 +154,7 @@ WeeChat мора да се изгради са CMake. | Пакет ^(1)^ | Верзија | Могућности | {cpp} компајлер (pass:[g++ / clang++]) | | Изградња и покретање тестова, JavaScript додатак. | gettext | | Интернационализација (превод порука; основни језик је енглески). -| ca-certificates | | Сертификати за SSL везе. +| ca-certificates | | Сертификати за TLS везе. | libaspell-dev / libenchant-dev | | Spell додатак. | python3-dev | ≥ 3.0 | Python додатак. | libperl-dev | | Perl додатак. @@ -690,9 +690,9 @@ WeeChat подразумевано користи XDG директоријуме [[upgrade_command]] === Команда upgrade -Програм WeeChat у месту може да поново покрене нови бинарни фајл, употребом команде <<command_weechat_upgrade,/upgrade>>: садржаји бафера и не-SSL везе се задржавају. + -Током процеса ажурирња, SSL конекције се губе и аутоматски се обнављају -након ажурирања (са GnuTLS тренутно није могуће поновно учитавање SSL сесија). +Програм WeeChat у месту може да поново покрене нови бинарни фајл, употребом команде <<command_weechat_upgrade,/upgrade>>: садржаји бафера и не-TLS везе се задржавају. + +Током процеса ажурирња, TLS конекције се губе и аутоматски се обнављају +након ажурирања (са GnuTLS тренутно није могуће поновно учитавање TLS сесија). Команда такође може да се употреби и када морате поново да покренете машину, на пример, да бисте ажурирали кернел или да преместите свој WeeChat на другу машину: @@ -2972,7 +2972,7 @@ include::{autogendir}/autogen_user_options.sr.adoc[tag=sec_options] | history | /set weechat.history.* | Опције историје (команди и бафера). | proxy | <<command_weechat_proxy,/proxy>> + /set weechat.proxy.* | Прокси опције. -| network | /set weechat.network.* | Мрежне/SSL опције. +| network | /set weechat.network.* | Мрежне/TLS опције. | plugin | /set weechat.plugin.* | Опције додатака. | signal | /set weechat.signal.* | Опције сигнала. | bar | <<command_weechat_bar,/bar>> + @@ -3022,10 +3022,10 @@ $ weechat irc://alice@irc.libera.chat/#weechat,#weechat-fr можете додати произвољан број сервера. На пример, да бисте се повезали на https://libera.chat/[libera.chat ^↗^,window=_blank] -са SSL (шифровани саобраћај): +са TLS (шифровани саобраћај): ---- -/server add libera irc.libera.chat/6697 -ssl +/server add libera irc.libera.chat/6697 -tls ---- Програму WeeChat можете наложити да се приликом покретања аутоматски повеже са овим сервером: @@ -3104,13 +3104,13 @@ irc.server.libera.sasl_password string "${sec.data.libera}" irc.server.libera.sasl_timeout integer null -> 15 irc.server.libera.sasl_username string "alice" irc.server.libera.split_msg_max_length integer null -> 512 -irc.server.libera.ssl boolean on -irc.server.libera.ssl_cert string null -> "" -irc.server.libera.ssl_dhkey_size integer null -> 2048 -irc.server.libera.ssl_fingerprint string null -> "" -irc.server.libera.ssl_password string null -> "" -irc.server.libera.ssl_priorities string null -> "NORMAL:-VERS-SSL3.0" -irc.server.libera.ssl_verify boolean null -> on +irc.server.libera.tls boolean on +irc.server.libera.tls_cert string null -> "" +irc.server.libera.tls_dhkey_size integer null -> 2048 +irc.server.libera.tls_fingerprint string null -> "" +irc.server.libera.tls_password string null -> "" +irc.server.libera.tls_priorities string null -> "NORMAL:-VERS-SSL3.0" +irc.server.libera.tls_verify boolean null -> on irc.server.libera.usermode string null -> "" irc.server.libera.username string null -> "alice" .... @@ -3129,12 +3129,12 @@ irc.server.libera.username string null -> "alice" /unset irc.server.libera.autoconnect ---- -[[irc_ssl_certificates]] -==== SSL сертификати +[[irc_tls_certificates]] +==== TLS сертификати -Када се са IRC серверима успоставља веза преко SSL, програм WeeChat подразумевано проверава да ли се вези потпуно верује. +Када се са IRC серверима успоставља веза преко TLS, програм WeeChat подразумевано проверава да ли се вези потпуно верује. -Неке опције се користе за контролу SSL везе: +Неке опције се користе за контролу TLS везе: weechat.network.gnutls_ca_system:: током покретања учитава подразумеване системске сертификате којима се верује @@ -3142,17 +3142,17 @@ weechat.network.gnutls_ca_system:: weechat.network.gnutls_ca_user:: додатни фајл(ови) са ауторитетима сертификата -irc.server.xxx.ssl_cert:: - Фајл SSL сертификата који се користи за аутоматску идентификацију вашег надимка (на пример CertFP на oftc, погледајте испод) +irc.server.xxx.tls_cert:: + Фајл TLS сертификата који се користи за аутоматску идентификацију вашег надимка (на пример CertFP на oftc, погледајте испод) -irc.server.xxx.ssl_dhkey_size:: +irc.server.xxx.tls_dhkey_size:: величина кључа који се користи током Дифи-Хелман Размене Кључева (подразумевано је: 2048) -irc.server.xxx.ssl_verify:: - провера да се SSL вези потпуно верује (подразумевано је укључено) +irc.server.xxx.tls_verify:: + провера да се TLS вези потпуно верује (подразумевано је укључено) [NOTE] -Опција „ssl_verify” је подразумевано укључена, тако да је верификација стриктна и може да не успе, чак и када је била OK у верзијама пре 0.3.1. +Опција „tls_verify” је подразумевано укључена, тако да је верификација стриктна и може да не успе, чак и када је била OK у верзијама пре 0.3.1. [[irc_connect_oftc_with_certificate]] ===== Први пример: повезивање на oftc и провера сертификата @@ -3160,8 +3160,8 @@ irc.server.xxx.ssl_verify:: * Увоз сертификата у командном окружењу: ---- -$ mkdir -p ~/.config/weechat/ssl -$ wget -O ~/.config/weechat/ssl/CAs.pem https://www.spi-inc.org/ca/spi-cacert.crt +$ mkdir -p ~/.config/weechat/tls +$ wget -O ~/.config/weechat/tls/CAs.pem https://www.spi-inc.org/ca/spi-cacert.crt ---- [NOTE] @@ -3182,8 +3182,8 @@ $ wget -O ~/.config/weechat/ssl/CAs.pem https://www.spi-inc.org/ca/spi-cacert.cr * Креирајте сертификат у командном окружењу: ---- -$ mkdir -p ~/.config/weechat/ssl -$ cd ~/.config/weechat/ssl +$ mkdir -p ~/.config/weechat/tls +$ cd ~/.config/weechat/tls $ openssl req -nodes -newkey rsa:2048 -keyout nick.pem -x509 -days 365 -out nick.pem ---- @@ -3193,7 +3193,7 @@ $ openssl req -nodes -newkey rsa:2048 -keyout nick.pem -x509 -days 365 -out nick * У програму WeeChat, када је сервер „oftc” већ додат: ---- -/set irc.server.oftc.ssl_cert "${weechat_config_dir}/ssl/nick.pem" +/set irc.server.oftc.tls_cert "${weechat_config_dir}/tls/nick.pem" /connect oftc /msg nickserv cert add ---- @@ -3477,7 +3477,7 @@ WeeChat приказује све додатне информације које * _scram-sha-256_: SCRAM са SHA-256 digest алгоритмом * _scram-sha-512_: SCRAM са SHA-512 digest алгоритмом * _ecdsa-nist256p-challenge_: изазов са јавним/приватним кључем -* _external_: SSL сертификат са клијентске стране +* _external_: TLS сертификат са клијентске стране Опције за сервере су следеће: diff --git a/src/plugins/irc/irc-bar-item.c b/src/plugins/irc/irc-bar-item.c index 48a3fcb99..6019c1b1b 100644 --- a/src/plugins/irc/irc-bar-item.c +++ b/src/plugins/irc/irc-bar-item.c @@ -137,7 +137,7 @@ irc_bar_item_buffer_name_content (struct t_gui_buffer *buffer, int short_name) snprintf (buf_name, sizeof (buf_name), "%s%s[%s%s%s]", _("server"), IRC_COLOR_BAR_DELIM, - (server && server->ssl_connected) ? IRC_COLOR_STATUS_NAME_SSL : IRC_COLOR_STATUS_NAME, + (server && server->tls_connected) ? IRC_COLOR_STATUS_NAME_TLS : IRC_COLOR_STATUS_NAME, server->name, IRC_COLOR_BAR_DELIM); } @@ -151,11 +151,11 @@ irc_bar_item_buffer_name_content (struct t_gui_buffer *buffer, int short_name) "%s%s%s%s%s%s%s%s%s%s", (part_from_channel) ? IRC_COLOR_BAR_DELIM : "", (part_from_channel) ? "(" : "", - (server && server->ssl_connected) ? IRC_COLOR_STATUS_NAME_SSL : IRC_COLOR_STATUS_NAME, + (server && server->tls_connected) ? IRC_COLOR_STATUS_NAME_TLS : IRC_COLOR_STATUS_NAME, (server && display_server) ? server->name : "", (server && display_server) ? IRC_COLOR_BAR_DELIM : "", (server && display_server) ? "/" : "", - (server && server->ssl_connected) ? IRC_COLOR_STATUS_NAME_SSL : IRC_COLOR_STATUS_NAME, + (server && server->tls_connected) ? IRC_COLOR_STATUS_NAME_TLS : IRC_COLOR_STATUS_NAME, (short_name) ? weechat_buffer_get_string (buffer, "short_name") : channel->name, (part_from_channel) ? IRC_COLOR_BAR_DELIM : "", (part_from_channel) ? ")" : ""); @@ -190,7 +190,7 @@ irc_bar_item_buffer_name_content (struct t_gui_buffer *buffer, int short_name) snprintf (buf, sizeof (buf), "%s%s", - (server && server->ssl_connected) ? IRC_COLOR_STATUS_NAME_SSL : IRC_COLOR_STATUS_NAME, + (server && server->tls_connected) ? IRC_COLOR_STATUS_NAME_TLS : IRC_COLOR_STATUS_NAME, buf_name); return strdup (buf); @@ -549,7 +549,7 @@ irc_bar_item_tls_version (const void *pointer, void *data, irc_buffer_get_server_and_channel (buffer, &server, NULL); if (server && server->is_connected) { - if (server->ssl_connected) + if (server->tls_connected) { if (server->gnutls_sess) { diff --git a/src/plugins/irc/irc-color.h b/src/plugins/irc/irc-color.h index 95b18de2e..02a2690e0 100644 --- a/src/plugins/irc/irc-color.h +++ b/src/plugins/irc/irc-color.h @@ -82,7 +82,7 @@ #define IRC_COLOR_NOTICE weechat_color(weechat_config_string(irc_config_color_notice)) #define IRC_COLOR_STATUS_NUMBER weechat_color("status_number") #define IRC_COLOR_STATUS_NAME weechat_color("status_name") -#define IRC_COLOR_STATUS_NAME_SSL weechat_color("status_name_tls") +#define IRC_COLOR_STATUS_NAME_TLS weechat_color("status_name_tls") #define IRC_COLOR_MESSAGE_JOIN weechat_color(weechat_config_string(irc_config_color_message_join)) #define IRC_COLOR_MESSAGE_ACCOUNT weechat_color(weechat_config_string(irc_config_color_message_account)) #define IRC_COLOR_MESSAGE_CHGHOST weechat_color(weechat_config_string(irc_config_color_message_chghost)) diff --git a/src/plugins/irc/irc-command.c b/src/plugins/irc/irc-command.c index 76003f957..04bfba877 100644 --- a/src/plugins/irc/irc-command.c +++ b/src/plugins/irc/irc-command.c @@ -5116,65 +5116,65 @@ irc_command_display_server (struct t_irc_server *server, int with_detail) IRC_COLOR_CHAT_VALUE, (weechat_config_boolean (server->options[IRC_SERVER_OPTION_IPV6])) ? _("on") : _("off")); - /* ssl */ - if (weechat_config_option_is_null (server->options[IRC_SERVER_OPTION_SSL])) - weechat_printf (NULL, " ssl. . . . . . . . . : (%s)", - (IRC_SERVER_OPTION_BOOLEAN(server, IRC_SERVER_OPTION_SSL)) ? + /* tls */ + if (weechat_config_option_is_null (server->options[IRC_SERVER_OPTION_TLS])) + weechat_printf (NULL, " tls. . . . . . . . . : (%s)", + (IRC_SERVER_OPTION_BOOLEAN(server, IRC_SERVER_OPTION_TLS)) ? _("on") : _("off")); else - weechat_printf (NULL, " ssl. . . . . . . . . : %s%s", + weechat_printf (NULL, " tls. . . . . . . . . : %s%s", IRC_COLOR_CHAT_VALUE, - (weechat_config_boolean (server->options[IRC_SERVER_OPTION_SSL])) ? + (weechat_config_boolean (server->options[IRC_SERVER_OPTION_TLS])) ? _("on") : _("off")); - /* ssl_cert */ - if (weechat_config_option_is_null (server->options[IRC_SERVER_OPTION_SSL_CERT])) - weechat_printf (NULL, " ssl_cert . . . . . . : ('%s')", - IRC_SERVER_OPTION_STRING(server, IRC_SERVER_OPTION_SSL_CERT)); + /* tls_cert */ + if (weechat_config_option_is_null (server->options[IRC_SERVER_OPTION_TLS_CERT])) + weechat_printf (NULL, " tls_cert . . . . . . : ('%s')", + IRC_SERVER_OPTION_STRING(server, IRC_SERVER_OPTION_TLS_CERT)); else - weechat_printf (NULL, " ssl_cert . . . . . . : %s'%s'", + weechat_printf (NULL, " tls_cert . . . . . . : %s'%s'", IRC_COLOR_CHAT_VALUE, - weechat_config_string (server->options[IRC_SERVER_OPTION_SSL_CERT])); - /* ssl_password */ - if (weechat_config_option_is_null (server->options[IRC_SERVER_OPTION_SSL_PASSWORD])) - weechat_printf (NULL, " ssl_password . . . . : %s", + weechat_config_string (server->options[IRC_SERVER_OPTION_TLS_CERT])); + /* tls_password */ + if (weechat_config_option_is_null (server->options[IRC_SERVER_OPTION_TLS_PASSWORD])) + weechat_printf (NULL, " tls_password . . . . : %s", _("(hidden)")); else - weechat_printf (NULL, " ssl_password . . . . : %s%s", + weechat_printf (NULL, " tls_password . . . . : %s%s", IRC_COLOR_CHAT_VALUE, _("(hidden)")); - /* ssl_priorities */ - if (weechat_config_option_is_null (server->options[IRC_SERVER_OPTION_SSL_PRIORITIES])) - weechat_printf (NULL, " ssl_priorities . . . : ('%s')", - IRC_SERVER_OPTION_STRING(server, IRC_SERVER_OPTION_SSL_PRIORITIES)); + /* tls_priorities */ + if (weechat_config_option_is_null (server->options[IRC_SERVER_OPTION_TLS_PRIORITIES])) + weechat_printf (NULL, " tls_priorities . . . : ('%s')", + IRC_SERVER_OPTION_STRING(server, IRC_SERVER_OPTION_TLS_PRIORITIES)); else - weechat_printf (NULL, " ssl_priorities . . . : %s'%s'", + weechat_printf (NULL, " tls_priorities . . . : %s'%s'", IRC_COLOR_CHAT_VALUE, - weechat_config_string (server->options[IRC_SERVER_OPTION_SSL_PRIORITIES])); - /* ssl_dhkey_size */ - if (weechat_config_option_is_null (server->options[IRC_SERVER_OPTION_SSL_DHKEY_SIZE])) - weechat_printf (NULL, " ssl_dhkey_size . . . : (%d)", - IRC_SERVER_OPTION_INTEGER(server, IRC_SERVER_OPTION_SSL_DHKEY_SIZE)); + weechat_config_string (server->options[IRC_SERVER_OPTION_TLS_PRIORITIES])); + /* tls_dhkey_size */ + if (weechat_config_option_is_null (server->options[IRC_SERVER_OPTION_TLS_DHKEY_SIZE])) + weechat_printf (NULL, " tls_dhkey_size . . . : (%d)", + IRC_SERVER_OPTION_INTEGER(server, IRC_SERVER_OPTION_TLS_DHKEY_SIZE)); else - weechat_printf (NULL, " ssl_dhkey_size . . . : %s%d", + weechat_printf (NULL, " tls_dhkey_size . . . : %s%d", IRC_COLOR_CHAT_VALUE, - weechat_config_integer (server->options[IRC_SERVER_OPTION_SSL_DHKEY_SIZE])); - /* ssl_fingerprint */ - if (weechat_config_option_is_null (server->options[IRC_SERVER_OPTION_SSL_FINGERPRINT])) - weechat_printf (NULL, " ssl_fingerprint. . . : ('%s')", - IRC_SERVER_OPTION_STRING(server, IRC_SERVER_OPTION_SSL_FINGERPRINT)); + weechat_config_integer (server->options[IRC_SERVER_OPTION_TLS_DHKEY_SIZE])); + /* tls_fingerprint */ + if (weechat_config_option_is_null (server->options[IRC_SERVER_OPTION_TLS_FINGERPRINT])) + weechat_printf (NULL, " tls_fingerprint. . . : ('%s')", + IRC_SERVER_OPTION_STRING(server, IRC_SERVER_OPTION_TLS_FINGERPRINT)); else - weechat_printf (NULL, " ssl_fingerprint. . . : %s'%s'", + weechat_printf (NULL, " tls_fingerprint. . . : %s'%s'", IRC_COLOR_CHAT_VALUE, - weechat_config_string (server->options[IRC_SERVER_OPTION_SSL_FINGERPRINT])); - /* ssl_verify */ - if (weechat_config_option_is_null (server->options[IRC_SERVER_OPTION_SSL_VERIFY])) - weechat_printf (NULL, " ssl_verify . . . . . : (%s)", - (IRC_SERVER_OPTION_BOOLEAN(server, IRC_SERVER_OPTION_SSL_VERIFY)) ? + weechat_config_string (server->options[IRC_SERVER_OPTION_TLS_FINGERPRINT])); + /* tls_verify */ + if (weechat_config_option_is_null (server->options[IRC_SERVER_OPTION_TLS_VERIFY])) + weechat_printf (NULL, " tls_verify . . . . . : (%s)", + (IRC_SERVER_OPTION_BOOLEAN(server, IRC_SERVER_OPTION_TLS_VERIFY)) ? _("on") : _("off")); else - weechat_printf (NULL, " ssl_verify . . . . . : %s%s", + weechat_printf (NULL, " tls_verify . . . . . : %s%s", IRC_COLOR_CHAT_VALUE, - (weechat_config_boolean (server->options[IRC_SERVER_OPTION_SSL_VERIFY])) ? + (weechat_config_boolean (server->options[IRC_SERVER_OPTION_TLS_VERIFY])) ? _("on") : _("off")); /* password */ if (weechat_config_option_is_null (server->options[IRC_SERVER_OPTION_PASSWORD])) @@ -6985,7 +6985,7 @@ irc_command_init () "added (NOT SAVED), see /help irc.look.temporary_servers\n" " option: set option for server (for boolean option, value can be " "omitted)\n" - " nooption: set boolean option to 'off' (for example: -nossl)\n" + " nooption: set boolean option to 'off' (for example: -notls)\n" " -all: connect to all servers defined in configuration\n" " -auto: connect to servers with autoconnect enabled\n" " -open: connect to all opened servers that are not currently " @@ -7001,8 +7001,8 @@ irc_command_init () " /connect libera\n" " /connect irc.oftc.net/6667\n" " /connect irc6.oftc.net/6667 -ipv6\n" - " /connect irc6.oftc.net/6697 -ipv6 -ssl\n" - " /connect my.server.org/6697 -ssl -password=test\n" + " /connect irc6.oftc.net/6697 -ipv6 -tls\n" + " /connect my.server.org/6697 -tls -password=test\n" " /connect irc://nick@irc.oftc.net/#channel\n" " /connect -switch"), "%(irc_servers)|-all|-auto|-open|-nojoin|-switch|%*", @@ -7526,7 +7526,7 @@ irc_command_init () " -temp: add a temporary server (not saved)\n" " option: set option for server (for boolean option, value can be " "omitted)\n" - "nooption: set boolean option to 'off' (for example: -nossl)\n" + "nooption: set boolean option to 'off' (for example: -notls)\n" " copy: duplicate a server\n" " rename: rename a server\n" " reorder: reorder list of servers\n" @@ -7557,7 +7557,7 @@ irc_command_init () "Examples:\n" " /server listfull\n" " /server add libera irc.libera.chat\n" - " /server add libera irc.libera.chat/6697 -ssl -autoconnect\n" + " /server add libera irc.libera.chat/6697 -tls -autoconnect\n" " /server add chatspike irc.chatspike.net/6667," "irc.duckspike.net/6667\n" " /server copy libera libera-test\n" diff --git a/src/plugins/irc/irc-config.c b/src/plugins/irc/irc-config.c index bbae1a381..da52dfe04 100644 --- a/src/plugins/irc/irc-config.c +++ b/src/plugins/irc/irc-config.c @@ -1178,7 +1178,7 @@ irc_config_server_check_value_cb (const void *pointer, void *data, } } break; - case IRC_SERVER_OPTION_SSL_PRIORITIES: + case IRC_SERVER_OPTION_TLS_PRIORITIES: pos_error = irc_config_check_gnutls_priorities (value); if (pos_error) { @@ -1749,11 +1749,11 @@ irc_config_server_new_option (struct t_config_file *config_file, callback_change_data, NULL, NULL, NULL); break; - case IRC_SERVER_OPTION_SSL: + case IRC_SERVER_OPTION_TLS: new_option = weechat_config_new_option ( config_file, section, option_name, "boolean", - N_("use SSL for server communication"), + N_("use TLS for server communication"), NULL, 0, 0, default_value, value, null_value_allowed, @@ -1765,11 +1765,11 @@ irc_config_server_new_option (struct t_config_file *config_file, callback_change_data, NULL, NULL, NULL); break; - case IRC_SERVER_OPTION_SSL_CERT: + case IRC_SERVER_OPTION_TLS_CERT: new_option = weechat_config_new_option ( config_file, section, option_name, "string", - N_("SSL certificate file used to automatically identify your " + N_("TLS certificate file used to automatically identify your " "nick " "(path is evaluated, see function string_eval_path_home in " "plugin API reference)"), @@ -1784,11 +1784,11 @@ irc_config_server_new_option (struct t_config_file *config_file, callback_change_data, NULL, NULL, NULL); break; - case IRC_SERVER_OPTION_SSL_PASSWORD: + case IRC_SERVER_OPTION_TLS_PASSWORD: new_option = weechat_config_new_option ( config_file, section, option_name, "string", - N_("password for SSL certificate's private key; " + N_("password for TLS certificate's private key; " "only used with gnutls version >= 3.1.0 " "(note: content is evaluated, see /help eval; server " "options are evaluated with ${irc_server.xxx} and " @@ -1804,7 +1804,7 @@ irc_config_server_new_option (struct t_config_file *config_file, callback_change_data, NULL, NULL, NULL); break; - case IRC_SERVER_OPTION_SSL_PRIORITIES: + case IRC_SERVER_OPTION_TLS_PRIORITIES: new_option = weechat_config_new_option ( config_file, section, option_name, "string", @@ -1823,7 +1823,7 @@ irc_config_server_new_option (struct t_config_file *config_file, callback_change_data, NULL, NULL, NULL); break; - case IRC_SERVER_OPTION_SSL_DHKEY_SIZE: + case IRC_SERVER_OPTION_TLS_DHKEY_SIZE: new_option = weechat_config_new_option ( config_file, section, option_name, "integer", @@ -1840,7 +1840,7 @@ irc_config_server_new_option (struct t_config_file *config_file, callback_change_data, NULL, NULL, NULL); break; - case IRC_SERVER_OPTION_SSL_FINGERPRINT: + case IRC_SERVER_OPTION_TLS_FINGERPRINT: new_option = weechat_config_new_option ( config_file, section, option_name, "string", @@ -1850,7 +1850,7 @@ irc_config_server_new_option (struct t_config_file *config_file, "40 chars for SHA-1 (insecure, not recommended); many " "fingerprints can be separated by commas; if this option " "is set, the other checks on certificates are NOT " - "performed (option \"ssl_verify\") " + "performed (option \"tls_verify\") " "(note: content is evaluated, see /help eval; server " "options are evaluated with ${irc_server.xxx} and " "${server} is replaced by the server name)"), @@ -1865,11 +1865,11 @@ irc_config_server_new_option (struct t_config_file *config_file, callback_change_data, NULL, NULL, NULL); break; - case IRC_SERVER_OPTION_SSL_VERIFY: + case IRC_SERVER_OPTION_TLS_VERIFY: new_option = weechat_config_new_option ( config_file, section, option_name, "boolean", - N_("check that the SSL connection is fully trusted"), + N_("check that the TLS connection is fully trusted"), NULL, 0, 0, default_value, value, null_value_allowed, @@ -1937,7 +1937,7 @@ irc_config_server_new_option (struct t_config_file *config_file, "digest algorithm, " "\"ecdsa-nist256p-challenge\" for key-based " "challenge authentication, " - "\"external\" for authentication using client side SSL " + "\"external\" for authentication using client side TLS " "certificate"), "plain|scram-sha-1|scram-sha-256|scram-sha-512|" "ecdsa-nist256p-challenge|external", @@ -2780,6 +2780,94 @@ irc_config_server_create_default_options (struct t_config_section *section) } /* + * Updates options in configuration file while reading the file. + */ + +struct t_hashtable * +irc_config_update_cb (const void *pointer, void *data, + struct t_config_file *config_file, + int version_read, + struct t_hashtable *data_read) +{ + const char *ptr_section, *ptr_option; + char *new_option, *pos_option; + int changes; + + /* make C compiler happy */ + (void) pointer; + (void) data; + (void) config_file; + + /* nothing to do if the config file is already up-to-date */ + if (version_read >= IRC_CONFIG_VERSION) + return NULL; + + changes = 0; + + if (version_read < 2) + { + /* + * changes in v2: + * - options "ssl*" renamed to "tls*" + */ + ptr_section = weechat_hashtable_get (data_read, "section"); + ptr_option = weechat_hashtable_get (data_read, "option"); + if (ptr_section + && ptr_option + && (strcmp (ptr_section, "server_default") == 0)) + { + if (strncmp (ptr_option, "ssl", 3) == 0) + { + /* convert server_default options starting with "ssl" */ + new_option = strdup (ptr_option); + if (new_option) + { + memcpy (new_option, "tls", 3); + weechat_printf ( + NULL, + _("IRC option renamed: \"irc.%s.%s\" => \"irc.%s.%s\""), + ptr_section, ptr_option, + ptr_section, new_option); + weechat_hashtable_set (data_read, "option", new_option); + changes++; + free (new_option); + } + } + } + else if (ptr_section + && ptr_option + && (strcmp (ptr_section, "server") == 0)) + { + /* convert server options starting with "ssl" */ + pos_option = strrchr (ptr_option, '.'); + if (pos_option && (strncmp (pos_option + 1, "ssl", 3) == 0)) + { + new_option = strdup (ptr_option); + if (new_option) + { + pos_option = strrchr (new_option, '.'); + if (pos_option) + { + pos_option++; + memcpy (pos_option, "tls", 3); + weechat_printf ( + NULL, + _("IRC option renamed: \"irc.%s.%s\" => \"irc.%s.%s\""), + ptr_section, ptr_option, + ptr_section, new_option); + weechat_hashtable_set (data_read, "option", new_option); + changes++; + } + free (new_option); + } + } + } + } + + return (changes) ? data_read : NULL; +} + +/* * Initializes IRC configuration file. * * Returns: @@ -2811,6 +2899,14 @@ irc_config_init () if (!irc_config_file) return 0; + if (!weechat_config_set_version (irc_config_file, IRC_CONFIG_VERSION, + &irc_config_update_cb, NULL, NULL)) + { + weechat_config_free (irc_config_file); + irc_config_file = NULL; + return 0; + } + /* look */ irc_config_section_look = weechat_config_new_section ( irc_config_file, "look", diff --git a/src/plugins/irc/irc-config.h b/src/plugins/irc/irc-config.h index 7b67d4fca..8e25cf71c 100644 --- a/src/plugins/irc/irc-config.h +++ b/src/plugins/irc/irc-config.h @@ -23,6 +23,8 @@ #define IRC_CONFIG_NAME "irc" #define IRC_CONFIG_PRIO_NAME (TO_STR(IRC_PLUGIN_PRIORITY) "|" IRC_CONFIG_NAME) +#define IRC_CONFIG_VERSION 2 + enum t_irc_config_look_server_buffer { IRC_CONFIG_LOOK_SERVER_BUFFER_MERGE_WITH_CORE = 0, diff --git a/src/plugins/irc/irc-server.c b/src/plugins/irc/irc-server.c index ee248dec1..7ed88ba48 100644 --- a/src/plugins/irc/irc-server.c +++ b/src/plugins/irc/irc-server.c @@ -80,13 +80,13 @@ char *irc_server_options[IRC_SERVER_NUM_OPTIONS][2] = { { "addresses", "" }, { "proxy", "" }, { "ipv6", "on" }, - { "ssl", "off" }, - { "ssl_cert", "" }, - { "ssl_password", "" }, - { "ssl_priorities", "NORMAL:-VERS-SSL3.0" }, - { "ssl_dhkey_size", "2048" }, - { "ssl_fingerprint", "" }, - { "ssl_verify", "on" }, + { "tls", "off" }, + { "tls_cert", "" }, + { "tls_password", "" }, + { "tls_priorities", "NORMAL:-VERS-SSL3.0" }, + { "tls_dhkey_size", "2048" }, + { "tls_fingerprint", "" }, + { "tls_verify", "on" }, { "password", "" }, { "capabilities", "*" }, { "sasl_mechanism", "plain" }, @@ -409,7 +409,7 @@ irc_server_eval_fingerprint (struct t_irc_server *server) int i, j, rc, algo, length; ptr_fingerprint = IRC_SERVER_OPTION_STRING(server, - IRC_SERVER_OPTION_SSL_FINGERPRINT); + IRC_SERVER_OPTION_TLS_FINGERPRINT); /* empty fingerprint is just ignored (considered OK) */ if (!ptr_fingerprint || !ptr_fingerprint[0]) @@ -1215,7 +1215,7 @@ irc_server_set_tls_version (struct t_irc_server *server) if (server->is_connected) { - if (server->ssl_connected) + if (server->tls_connected) { if (server->gnutls_sess) { @@ -1567,7 +1567,7 @@ irc_server_alloc (const char *name) new_server->authentication_method = IRC_SERVER_AUTH_METHOD_NONE; new_server->sasl_mechanism_used = -1; new_server->is_connected = 0; - new_server->ssl_connected = 0; + new_server->tls_connected = 0; new_server->disconnected = 0; new_server->gnutls_sess = NULL; new_server->tls_cert = NULL; @@ -1702,12 +1702,12 @@ irc_server_alloc (const char *name) * Fields: * - "irc": protocol (mandatory) * - "6": allow use of IPv6 (with fallback on IPv4) - * - "s": use SSL + * - "s": use TLS * - "nick": nickname to use on the server * - "pass": password for the server (can be used as nick password on most * servers) * - "server": server address - * - "port": port (default is 6667 without SSL and 6697 with SSL) + * - "port": port (default is 6667 without TLS and 6697 with TLS) * - "#chan1": channel to auto-join * * Returns pointer to new server, NULL if error. @@ -1720,7 +1720,7 @@ irc_server_alloc_with_url (const char *irc_url) char *pos_address, *pos_port, *pos_channel, *pos; char *server_address, *server_nicks, *server_autojoin; char default_port[16]; - int ipv6, ssl, length; + int ipv6, tls, length; struct t_irc_server *ptr_server; if (!irc_url || !irc_url[0]) @@ -1741,7 +1741,7 @@ irc_server_alloc_with_url (const char *irc_url) pos_channel = NULL; ipv6 = 0; - ssl = 0; + tls = 0; snprintf (default_port, sizeof (default_port), "%d", IRC_SERVER_DEFAULT_PORT); @@ -1765,26 +1765,26 @@ irc_server_alloc_with_url (const char *irc_url) } } - /* check for SSL / IPv6 */ + /* check for TLS / IPv6 */ if (weechat_strcasecmp (irc_url2, "irc6") == 0) { ipv6 = 1; } else if (weechat_strcasecmp (irc_url2, "ircs") == 0) { - ssl = 1; + tls = 1; } else if ((weechat_strcasecmp (irc_url2, "irc6s") == 0) || (weechat_strcasecmp (irc_url2, "ircs6") == 0)) { ipv6 = 1; - ssl = 1; + tls = 1; } - if (ssl) + if (tls) { snprintf (default_port, sizeof (default_port), - "%d", IRC_SERVER_DEFAULT_PORT_SSL); + "%d", IRC_SERVER_DEFAULT_PORT_TLS); } /* search for nick, password, address+port */ @@ -1861,8 +1861,8 @@ irc_server_alloc_with_url (const char *irc_url) weechat_config_option_set (ptr_server->options[IRC_SERVER_OPTION_IPV6], (ipv6) ? "on" : "off", 1); - weechat_config_option_set (ptr_server->options[IRC_SERVER_OPTION_SSL], - (ssl) ? "on" : "off", + weechat_config_option_set (ptr_server->options[IRC_SERVER_OPTION_TLS], + (tls) ? "on" : "off", 1); if (pos_nick && pos_nick[0]) { @@ -1924,7 +1924,7 @@ irc_server_alloc_with_url (const char *irc_url) /* * Applies command line options to a server. * - * For example: -ssl -nossl -password=test -proxy=myproxy + * For example: -tls -notls -password=test -proxy=myproxy */ void @@ -2558,7 +2558,7 @@ irc_server_send (struct t_irc_server *server, const char *buffer, int size_buf) return 0; } - if (server->ssl_connected) + if (server->tls_connected) { if (!server->gnutls_sess) return -1; @@ -2571,7 +2571,7 @@ irc_server_send (struct t_irc_server *server, const char *buffer, int size_buf) if (rc < 0) { - if (server->ssl_connected) + if (server->tls_connected) { weechat_printf ( server->buffer, @@ -3541,7 +3541,7 @@ irc_server_recv_cb (const void *pointer, void *data, int fd) { end_recv = 1; - if (server->ssl_connected) + if (server->tls_connected) { if (!server->gnutls_sess) return WEECHAT_RC_ERROR; @@ -3558,7 +3558,7 @@ irc_server_recv_cb (const void *pointer, void *data, int fd) buffer[num_read] = '\0'; irc_server_msgq_add_buffer (server, buffer); msgq_flush = 1; /* the flush will be done after the loop */ - if (server->ssl_connected + if (server->tls_connected && (gnutls_record_check_pending (server->gnutls_sess) > 0)) { /* @@ -3570,7 +3570,7 @@ irc_server_recv_cb (const void *pointer, void *data, int fd) } else { - if (server->ssl_connected) + if (server->tls_connected) { if ((num_read == 0) || ((num_read != GNUTLS_E_AGAIN) @@ -3982,8 +3982,8 @@ irc_server_close_connection (struct t_irc_server *server) } else { - /* close SSL connection */ - if (server->ssl_connected) + /* close TLS connection */ + if (server->tls_connected) { if (server->sock != -1) gnutls_bye (server->gnutls_sess, GNUTLS_SHUT_WR); @@ -4027,7 +4027,7 @@ irc_server_close_connection (struct t_irc_server *server) server->authentication_method = IRC_SERVER_AUTH_METHOD_NONE; server->sasl_mechanism_used = -1; server->is_connected = 0; - server->ssl_connected = 0; + server->tls_connected = 0; irc_server_set_tls_version (server); } @@ -4375,17 +4375,17 @@ irc_server_connect_cb (const void *pointer, void *data, weechat_printf ( server->buffer, _("%s%s: you should play with option " - "irc.server.%s.ssl_dhkey_size (current value is %d, try " + "irc.server.%s.tls_dhkey_size (current value is %d, try " "a lower value like %d or %d)"), weechat_prefix ("error"), IRC_PLUGIN_NAME, server->name, IRC_SERVER_OPTION_INTEGER ( - server, IRC_SERVER_OPTION_SSL_DHKEY_SIZE), + server, IRC_SERVER_OPTION_TLS_DHKEY_SIZE), IRC_SERVER_OPTION_INTEGER ( - server, IRC_SERVER_OPTION_SSL_DHKEY_SIZE) / 2, + server, IRC_SERVER_OPTION_TLS_DHKEY_SIZE) / 2, IRC_SERVER_OPTION_INTEGER ( - server, IRC_SERVER_OPTION_SSL_DHKEY_SIZE) / 4); + server, IRC_SERVER_OPTION_TLS_DHKEY_SIZE) / 4); } irc_server_close_connection (server); server->current_retry++; @@ -4776,7 +4776,7 @@ irc_server_gnutls_callback (const void *pointer, void *data, unsigned int i, cert_list_len, status; time_t cert_time; char *cert_path, *cert_str, *fingerprint_eval; - char *ssl_password; + char *tls_password; const char *ptr_cert_path, *ptr_fingerprint; int rc, ret, fingerprint_match, hostname_match, cert_temp_init; struct t_hashtable *options; @@ -4821,7 +4821,7 @@ irc_server_gnutls_callback (const void *pointer, void *data, /* get fingerprint option in server */ ptr_fingerprint = IRC_SERVER_OPTION_STRING(server, - IRC_SERVER_OPTION_SSL_FINGERPRINT); + IRC_SERVER_OPTION_TLS_FINGERPRINT); fingerprint_eval = irc_server_eval_fingerprint (server); if (!fingerprint_eval) { @@ -4942,7 +4942,7 @@ irc_server_gnutls_callback (const void *pointer, void *data, server->buffer, _("%sgnutls: certificate fingerprint does NOT match " "(check value of option " - "irc.server.%s.ssl_fingerprint)"), + "irc.server.%s.tls_fingerprint)"), weechat_prefix ("error"), server->name); rc = -1; } @@ -5012,7 +5012,7 @@ irc_server_gnutls_callback (const void *pointer, void *data, { /* using client certificate if it exists */ ptr_cert_path = IRC_SERVER_OPTION_STRING(server, - IRC_SERVER_OPTION_SSL_CERT); + IRC_SERVER_OPTION_TLS_CERT); if (ptr_cert_path && ptr_cert_path[0]) { options = weechat_hashtable_new ( @@ -5045,10 +5045,10 @@ irc_server_gnutls_callback (const void *pointer, void *data, GNUTLS_X509_FMT_PEM); /* key password */ - ssl_password = irc_server_eval_expression ( + tls_password = irc_server_eval_expression ( server, IRC_SERVER_OPTION_STRING(server, - IRC_SERVER_OPTION_SSL_PASSWORD)); + IRC_SERVER_OPTION_TLS_PASSWORD)); /* key */ gnutls_x509_privkey_init (&server->tls_cert_key); @@ -5062,7 +5062,7 @@ irc_server_gnutls_callback (const void *pointer, void *data, ret = gnutls_x509_privkey_import2 (server->tls_cert_key, &filedatum, GNUTLS_X509_FMT_PEM, - ssl_password, + tls_password, 0); #else ret = gnutls_x509_privkey_import (server->tls_cert_key, @@ -5076,7 +5076,7 @@ irc_server_gnutls_callback (const void *pointer, void *data, server->tls_cert_key, &filedatum, GNUTLS_X509_FMT_PEM, - ssl_password, + tls_password, GNUTLS_PKCS_PLAIN); } if (ret < 0) @@ -5129,8 +5129,8 @@ irc_server_gnutls_callback (const void *pointer, void *data, free (cert_str); } - if (ssl_password) - free (ssl_password); + if (tls_password) + free (tls_password); } else { @@ -5147,7 +5147,7 @@ irc_server_gnutls_callback (const void *pointer, void *data, end: /* an error should stop the handshake unless the user doesn't care */ if ((rc == -1) - && (IRC_SERVER_OPTION_BOOLEAN(server, IRC_SERVER_OPTION_SSL_VERIFY) == 0)) + && (IRC_SERVER_OPTION_BOOLEAN(server, IRC_SERVER_OPTION_TLS_VERIFY) == 0)) { rc = 0; } @@ -5288,8 +5288,8 @@ irc_server_connect (struct t_irc_server *server) IRC_PLUGIN_NAME, server->current_address, server->current_port, - (IRC_SERVER_OPTION_BOOLEAN(server, IRC_SERVER_OPTION_SSL)) ? - " (SSL)" : "", + (IRC_SERVER_OPTION_BOOLEAN(server, IRC_SERVER_OPTION_TLS)) ? + " (TLS)" : "", str_proxy_type, str_proxy_address, weechat_config_integer (proxy_port), @@ -5298,8 +5298,8 @@ irc_server_connect (struct t_irc_server *server) _("Connecting to server %s/%d%s via %s proxy %s/%d%s..."), server->current_address, server->current_port, - (IRC_SERVER_OPTION_BOOLEAN(server, IRC_SERVER_OPTION_SSL)) ? - " (SSL)" : "", + (IRC_SERVER_OPTION_BOOLEAN(server, IRC_SERVER_OPTION_TLS)) ? + " (TLS)" : "", str_proxy_type, str_proxy_address, weechat_config_integer (proxy_port), @@ -5314,16 +5314,16 @@ irc_server_connect (struct t_irc_server *server) IRC_PLUGIN_NAME, server->current_address, server->current_port, - (IRC_SERVER_OPTION_BOOLEAN(server, IRC_SERVER_OPTION_SSL)) ? - " (SSL)" : ""); + (IRC_SERVER_OPTION_BOOLEAN(server, IRC_SERVER_OPTION_TLS)) ? + " (TLS)" : ""); weechat_log_printf ( _("%s%s: connecting to server %s/%d%s..."), "", IRC_PLUGIN_NAME, server->current_address, server->current_port, - (IRC_SERVER_OPTION_BOOLEAN(server, IRC_SERVER_OPTION_SSL)) ? - " (SSL)" : ""); + (IRC_SERVER_OPTION_BOOLEAN(server, IRC_SERVER_OPTION_TLS)) ? + " (TLS)" : ""); } /* close connection if opened */ @@ -5336,10 +5336,10 @@ irc_server_connect (struct t_irc_server *server) irc_server_autojoin_create_buffers (server); } - /* init SSL if asked and connect */ - server->ssl_connected = 0; - if (IRC_SERVER_OPTION_BOOLEAN(server, IRC_SERVER_OPTION_SSL)) - server->ssl_connected = 1; + /* init TLS if asked and connect */ + server->tls_connected = 0; + if (IRC_SERVER_OPTION_BOOLEAN(server, IRC_SERVER_OPTION_TLS)) + server->tls_connected = 1; if (!server->fake_server) { server->hook_connect = weechat_hook_connect ( @@ -5348,10 +5348,10 @@ irc_server_connect (struct t_irc_server *server) server->current_port, proxy_type ? weechat_config_integer (proxy_ipv6) : IRC_SERVER_OPTION_BOOLEAN(server, IRC_SERVER_OPTION_IPV6), server->current_retry, - (server->ssl_connected) ? &server->gnutls_sess : NULL, - (server->ssl_connected) ? &irc_server_gnutls_callback : NULL, - IRC_SERVER_OPTION_INTEGER(server, IRC_SERVER_OPTION_SSL_DHKEY_SIZE), - IRC_SERVER_OPTION_STRING(server, IRC_SERVER_OPTION_SSL_PRIORITIES), + (server->tls_connected) ? &server->gnutls_sess : NULL, + (server->tls_connected) ? &irc_server_gnutls_callback : NULL, + IRC_SERVER_OPTION_INTEGER(server, IRC_SERVER_OPTION_TLS_DHKEY_SIZE), + IRC_SERVER_OPTION_STRING(server, IRC_SERVER_OPTION_TLS_PRIORITIES), IRC_SERVER_OPTION_STRING(server, IRC_SERVER_OPTION_LOCAL_HOSTNAME), &irc_server_connect_cb, server, @@ -6167,7 +6167,7 @@ irc_server_hdata_server_cb (const void *pointer, void *data, WEECHAT_HDATA_VAR(struct t_irc_server, authentication_method, INTEGER, 0, NULL, NULL); WEECHAT_HDATA_VAR(struct t_irc_server, sasl_mechanism_used, INTEGER, 0, NULL, NULL); WEECHAT_HDATA_VAR(struct t_irc_server, is_connected, INTEGER, 0, NULL, NULL); - WEECHAT_HDATA_VAR(struct t_irc_server, ssl_connected, INTEGER, 0, NULL, NULL); + WEECHAT_HDATA_VAR(struct t_irc_server, tls_connected, INTEGER, 0, NULL, NULL); WEECHAT_HDATA_VAR(struct t_irc_server, disconnected, INTEGER, 0, NULL, NULL); WEECHAT_HDATA_VAR(struct t_irc_server, gnutls_sess, POINTER, 0, NULL, NULL); WEECHAT_HDATA_VAR(struct t_irc_server, tls_cert, POINTER, 0, NULL, NULL); @@ -6289,26 +6289,26 @@ irc_server_add_to_infolist (struct t_infolist *infolist, if (!weechat_infolist_new_var_integer (ptr_item, "ipv6", IRC_SERVER_OPTION_BOOLEAN(server, IRC_SERVER_OPTION_IPV6))) return 0; - if (!weechat_infolist_new_var_integer (ptr_item, "ssl", - IRC_SERVER_OPTION_BOOLEAN(server, IRC_SERVER_OPTION_SSL))) + if (!weechat_infolist_new_var_integer (ptr_item, "tls", + IRC_SERVER_OPTION_BOOLEAN(server, IRC_SERVER_OPTION_TLS))) return 0; - if (!weechat_infolist_new_var_string (ptr_item, "ssl_cert", - IRC_SERVER_OPTION_STRING(server, IRC_SERVER_OPTION_SSL_CERT))) + if (!weechat_infolist_new_var_string (ptr_item, "tls_cert", + IRC_SERVER_OPTION_STRING(server, IRC_SERVER_OPTION_TLS_CERT))) return 0; - if (!weechat_infolist_new_var_string (ptr_item, "ssl_password", - IRC_SERVER_OPTION_STRING(server, IRC_SERVER_OPTION_SSL_PASSWORD))) + if (!weechat_infolist_new_var_string (ptr_item, "tls_password", + IRC_SERVER_OPTION_STRING(server, IRC_SERVER_OPTION_TLS_PASSWORD))) return 0; - if (!weechat_infolist_new_var_string (ptr_item, "ssl_priorities", - IRC_SERVER_OPTION_STRING(server, IRC_SERVER_OPTION_SSL_PRIORITIES))) + if (!weechat_infolist_new_var_string (ptr_item, "tls_priorities", + IRC_SERVER_OPTION_STRING(server, IRC_SERVER_OPTION_TLS_PRIORITIES))) return 0; - if (!weechat_infolist_new_var_integer (ptr_item, "ssl_dhkey_size", - IRC_SERVER_OPTION_INTEGER(server, IRC_SERVER_OPTION_SSL_DHKEY_SIZE))) + if (!weechat_infolist_new_var_integer (ptr_item, "tls_dhkey_size", + IRC_SERVER_OPTION_INTEGER(server, IRC_SERVER_OPTION_TLS_DHKEY_SIZE))) return 0; - if (!weechat_infolist_new_var_string (ptr_item, "ssl_fingerprint", - IRC_SERVER_OPTION_STRING(server, IRC_SERVER_OPTION_SSL_FINGERPRINT))) + if (!weechat_infolist_new_var_string (ptr_item, "tls_fingerprint", + IRC_SERVER_OPTION_STRING(server, IRC_SERVER_OPTION_TLS_FINGERPRINT))) return 0; - if (!weechat_infolist_new_var_integer (ptr_item, "ssl_verify", - IRC_SERVER_OPTION_BOOLEAN(server, IRC_SERVER_OPTION_SSL_VERIFY))) + if (!weechat_infolist_new_var_integer (ptr_item, "tls_verify", + IRC_SERVER_OPTION_BOOLEAN(server, IRC_SERVER_OPTION_TLS_VERIFY))) return 0; if (!weechat_infolist_new_var_string (ptr_item, "password", IRC_SERVER_OPTION_STRING(server, IRC_SERVER_OPTION_PASSWORD))) @@ -6420,7 +6420,7 @@ irc_server_add_to_infolist (struct t_infolist *infolist, return 0; if (!weechat_infolist_new_var_integer (ptr_item, "is_connected", 0)) return 0; - if (!weechat_infolist_new_var_integer (ptr_item, "ssl_connected", 0)) + if (!weechat_infolist_new_var_integer (ptr_item, "tls_connected", 0)) return 0; if (!weechat_infolist_new_var_integer (ptr_item, "disconnected", 1)) return 0; @@ -6491,7 +6491,7 @@ irc_server_add_to_infolist (struct t_infolist *infolist, return 0; if (!weechat_infolist_new_var_integer (ptr_item, "is_connected", server->is_connected)) return 0; - if (!weechat_infolist_new_var_integer (ptr_item, "ssl_connected", server->ssl_connected)) + if (!weechat_infolist_new_var_integer (ptr_item, "tls_connected", server->tls_connected)) return 0; if (!weechat_infolist_new_var_integer (ptr_item, "disconnected", server->disconnected)) return 0; @@ -6623,56 +6623,56 @@ irc_server_print_log () weechat_log_printf (" ipv6. . . . . . . . . . . : %s", (weechat_config_boolean (ptr_server->options[IRC_SERVER_OPTION_IPV6])) ? "on" : "off"); - /* ssl */ - if (weechat_config_option_is_null (ptr_server->options[IRC_SERVER_OPTION_SSL])) - weechat_log_printf (" ssl . . . . . . . . . . . : null (%s)", - (IRC_SERVER_OPTION_BOOLEAN(ptr_server, IRC_SERVER_OPTION_SSL)) ? + /* tls */ + if (weechat_config_option_is_null (ptr_server->options[IRC_SERVER_OPTION_TLS])) + weechat_log_printf (" tls . . . . . . . . . . . : null (%s)", + (IRC_SERVER_OPTION_BOOLEAN(ptr_server, IRC_SERVER_OPTION_TLS)) ? "on" : "off"); else - weechat_log_printf (" ssl . . . . . . . . . . . : %s", - (weechat_config_boolean (ptr_server->options[IRC_SERVER_OPTION_SSL])) ? + weechat_log_printf (" tls . . . . . . . . . . . : %s", + (weechat_config_boolean (ptr_server->options[IRC_SERVER_OPTION_TLS])) ? "on" : "off"); - /* ssl_cert */ - if (weechat_config_option_is_null (ptr_server->options[IRC_SERVER_OPTION_SSL_CERT])) - weechat_log_printf (" ssl_cert. . . . . . . . . : null ('%s')", - IRC_SERVER_OPTION_STRING(ptr_server, IRC_SERVER_OPTION_SSL_CERT)); + /* tls_cert */ + if (weechat_config_option_is_null (ptr_server->options[IRC_SERVER_OPTION_TLS_CERT])) + weechat_log_printf (" tls_cert. . . . . . . . . : null ('%s')", + IRC_SERVER_OPTION_STRING(ptr_server, IRC_SERVER_OPTION_TLS_CERT)); else - weechat_log_printf (" ssl_cert. . . . . . . . . : '%s'", - weechat_config_string (ptr_server->options[IRC_SERVER_OPTION_SSL_CERT])); - /* ssl_password */ - if (weechat_config_option_is_null (ptr_server->options[IRC_SERVER_OPTION_SSL_PASSWORD])) - weechat_log_printf (" ssl_password. . . . . . . : null"); + weechat_log_printf (" tls_cert. . . . . . . . . : '%s'", + weechat_config_string (ptr_server->options[IRC_SERVER_OPTION_TLS_CERT])); + /* tls_password */ + if (weechat_config_option_is_null (ptr_server->options[IRC_SERVER_OPTION_TLS_PASSWORD])) + weechat_log_printf (" tls_password. . . . . . . : null"); else - weechat_log_printf (" ssl_password. . . . . . . : (hidden)"); - /* ssl_priorities */ - if (weechat_config_option_is_null (ptr_server->options[IRC_SERVER_OPTION_SSL_PRIORITIES])) - weechat_log_printf (" ssl_priorities. . . . . . : null ('%s')", - IRC_SERVER_OPTION_STRING(ptr_server, IRC_SERVER_OPTION_SSL_PRIORITIES)); + weechat_log_printf (" tls_password. . . . . . . : (hidden)"); + /* tls_priorities */ + if (weechat_config_option_is_null (ptr_server->options[IRC_SERVER_OPTION_TLS_PRIORITIES])) + weechat_log_printf (" tls_priorities. . . . . . : null ('%s')", + IRC_SERVER_OPTION_STRING(ptr_server, IRC_SERVER_OPTION_TLS_PRIORITIES)); else - weechat_log_printf (" ssl_priorities. . . . . . : '%s'", - weechat_config_string (ptr_server->options[IRC_SERVER_OPTION_SSL_PRIORITIES])); - /* ssl_dhkey_size */ - if (weechat_config_option_is_null (ptr_server->options[IRC_SERVER_OPTION_SSL_DHKEY_SIZE])) - weechat_log_printf (" ssl_dhkey_size. . . . . . : null ('%d')", - IRC_SERVER_OPTION_INTEGER(ptr_server, IRC_SERVER_OPTION_SSL_DHKEY_SIZE)); + weechat_log_printf (" tls_priorities. . . . . . : '%s'", + weechat_config_string (ptr_server->options[IRC_SERVER_OPTION_TLS_PRIORITIES])); + /* tls_dhkey_size */ + if (weechat_config_option_is_null (ptr_server->options[IRC_SERVER_OPTION_TLS_DHKEY_SIZE])) + weechat_log_printf (" tls_dhkey_size. . . . . . : null ('%d')", + IRC_SERVER_OPTION_INTEGER(ptr_server, IRC_SERVER_OPTION_TLS_DHKEY_SIZE)); else - weechat_log_printf (" ssl_dhkey_size. . . . . . : '%d'", - weechat_config_integer (ptr_server->options[IRC_SERVER_OPTION_SSL_DHKEY_SIZE])); - /* ssl_fingerprint */ - if (weechat_config_option_is_null (ptr_server->options[IRC_SERVER_OPTION_SSL_FINGERPRINT])) - weechat_log_printf (" ssl_fingerprint . . . . . : null ('%s')", - IRC_SERVER_OPTION_STRING(ptr_server, IRC_SERVER_OPTION_SSL_FINGERPRINT)); + weechat_log_printf (" tls_dhkey_size. . . . . . : '%d'", + weechat_config_integer (ptr_server->options[IRC_SERVER_OPTION_TLS_DHKEY_SIZE])); + /* tls_fingerprint */ + if (weechat_config_option_is_null (ptr_server->options[IRC_SERVER_OPTION_TLS_FINGERPRINT])) + weechat_log_printf (" tls_fingerprint . . . . . : null ('%s')", + IRC_SERVER_OPTION_STRING(ptr_server, IRC_SERVER_OPTION_TLS_FINGERPRINT)); else - weechat_log_printf (" ssl_fingerprint . . . . . : '%s'", - weechat_config_string (ptr_server->options[IRC_SERVER_OPTION_SSL_FINGERPRINT])); - /* ssl_verify */ - if (weechat_config_option_is_null (ptr_server->options[IRC_SERVER_OPTION_SSL_VERIFY])) - weechat_log_printf (" ssl_verify. . . . . . . . : null (%s)", - (IRC_SERVER_OPTION_BOOLEAN(ptr_server, IRC_SERVER_OPTION_SSL_VERIFY)) ? + weechat_log_printf (" tls_fingerprint . . . . . : '%s'", + weechat_config_string (ptr_server->options[IRC_SERVER_OPTION_TLS_FINGERPRINT])); + /* tls_verify */ + if (weechat_config_option_is_null (ptr_server->options[IRC_SERVER_OPTION_TLS_VERIFY])) + weechat_log_printf (" tls_verify. . . . . . . . : null (%s)", + (IRC_SERVER_OPTION_BOOLEAN(ptr_server, IRC_SERVER_OPTION_TLS_VERIFY)) ? "on" : "off"); else - weechat_log_printf (" ssl_verify. . . . . . . . : %s", - (weechat_config_boolean (ptr_server->options[IRC_SERVER_OPTION_SSL_VERIFY])) ? + weechat_log_printf (" tls_verify. . . . . . . . : %s", + (weechat_config_boolean (ptr_server->options[IRC_SERVER_OPTION_TLS_VERIFY])) ? "on" : "off"); /* password */ if (weechat_config_option_is_null (ptr_server->options[IRC_SERVER_OPTION_PASSWORD])) @@ -6917,7 +6917,7 @@ irc_server_print_log () weechat_log_printf (" authentication_method . . : %d", ptr_server->authentication_method); weechat_log_printf (" sasl_mechanism_used . . . : %d", ptr_server->sasl_mechanism_used); weechat_log_printf (" is_connected. . . . . . . : %d", ptr_server->is_connected); - weechat_log_printf (" ssl_connected . . . . . . : %d", ptr_server->ssl_connected); + weechat_log_printf (" tls_connected . . . . . . : %d", ptr_server->tls_connected); weechat_log_printf (" disconnected. . . . . . . : %d", ptr_server->disconnected); weechat_log_printf (" gnutls_sess . . . . . . . : 0x%lx", ptr_server->gnutls_sess); weechat_log_printf (" tls_cert. . . . . . . . . : 0x%lx", ptr_server->tls_cert); diff --git a/src/plugins/irc/irc-server.h b/src/plugins/irc/irc-server.h index 7ac282a8f..e40f8b62e 100644 --- a/src/plugins/irc/irc-server.h +++ b/src/plugins/irc/irc-server.h @@ -52,13 +52,13 @@ enum t_irc_server_option IRC_SERVER_OPTION_ADDRESSES = 0, /* server addresses (IP/name with port) */ IRC_SERVER_OPTION_PROXY, /* proxy used for server (optional) */ IRC_SERVER_OPTION_IPV6, /* use IPv6 protocol */ - IRC_SERVER_OPTION_SSL, /* SSL protocol */ - IRC_SERVER_OPTION_SSL_CERT, /* client ssl certificate file */ - IRC_SERVER_OPTION_SSL_PASSWORD, /* client ssl certificate key password */ - IRC_SERVER_OPTION_SSL_PRIORITIES, /* gnutls priorities */ - IRC_SERVER_OPTION_SSL_DHKEY_SIZE, /* Diffie Hellman key size */ - IRC_SERVER_OPTION_SSL_FINGERPRINT, /* SHA1 fingerprint of certificate */ - IRC_SERVER_OPTION_SSL_VERIFY, /* check if the connection is trusted */ + IRC_SERVER_OPTION_TLS, /* TLS protocol */ + IRC_SERVER_OPTION_TLS_CERT, /* client TLS certificate file */ + IRC_SERVER_OPTION_TLS_PASSWORD, /* client TLS certificate key password */ + IRC_SERVER_OPTION_TLS_PRIORITIES, /* gnutls priorities */ + IRC_SERVER_OPTION_TLS_DHKEY_SIZE, /* Diffie Hellman key size */ + IRC_SERVER_OPTION_TLS_FINGERPRINT, /* SHA1 fingerprint of certificate */ + IRC_SERVER_OPTION_TLS_VERIFY, /* check if the connection is trusted */ IRC_SERVER_OPTION_PASSWORD, /* password for server */ IRC_SERVER_OPTION_CAPABILITIES, /* client capabilities to enable */ IRC_SERVER_OPTION_SASL_MECHANISM,/* mechanism for SASL authentication */ @@ -121,7 +121,7 @@ enum t_irc_server_option : weechat_config_string_default(irc_config_server_default[__index]))) #define IRC_SERVER_DEFAULT_PORT 6667 -#define IRC_SERVER_DEFAULT_PORT_SSL 6697 +#define IRC_SERVER_DEFAULT_PORT_TLS 6697 #define IRC_SERVER_DEFAULT_NICKS "weechat1,weechat2,weechat3,weechat4,weechat5" /* number of queues for sending messages */ @@ -212,11 +212,11 @@ struct t_irc_server int authentication_method; /* authentication method used to login */ int sasl_mechanism_used; /* SASL method used at login time */ int is_connected; /* 1 if WeeChat is connected to server */ - int ssl_connected; /* = 1 if connected with SSL */ + int tls_connected; /* = 1 if connected with TLS */ int disconnected; /* 1 if server has been disconnected */ - gnutls_session_t gnutls_sess; /* gnutls session (only if SSL is used) */ - gnutls_x509_crt_t tls_cert; /* certificate used if ssl_cert is set */ - gnutls_x509_privkey_t tls_cert_key; /* key used if ssl_cert is set */ + gnutls_session_t gnutls_sess; /* gnutls session (only if TLS is used) */ + gnutls_x509_crt_t tls_cert; /* certificate used if tls_cert is set */ + gnutls_x509_privkey_t tls_cert_key; /* key used if tls_cert is set */ char *unterminated_message; /* beginning of a message in input buf */ int nicks_count; /* number of nicknames */ char **nicks_array; /* nicknames (after split) */ diff --git a/src/plugins/irc/irc-upgrade.c b/src/plugins/irc/irc-upgrade.c index 355a085c0..ec34b9a85 100644 --- a/src/plugins/irc/irc-upgrade.c +++ b/src/plugins/irc/irc-upgrade.c @@ -431,7 +431,11 @@ irc_upgrade_read_cb (const void *pointer, void *data, irc_upgrade_current_server->sasl_mechanism_used = -1; } irc_upgrade_current_server->is_connected = weechat_infolist_integer (infolist, "is_connected"); - irc_upgrade_current_server->ssl_connected = weechat_infolist_integer (infolist, "ssl_connected"); + /* "tls_connected" replaces "ssl_connected" in WeeChat 4.0.0 */ + if (weechat_infolist_search_var (infolist, "tls_connected")) + irc_upgrade_current_server->tls_connected = weechat_infolist_integer (infolist, "tls_connected"); + else + irc_upgrade_current_server->tls_connected = weechat_infolist_integer (infolist, "ssl_connected"); irc_upgrade_current_server->disconnected = weechat_infolist_integer (infolist, "disconnected"); str = weechat_infolist_string (infolist, "unterminated_message"); if (str) diff --git a/src/plugins/irc/irc.c b/src/plugins/irc/irc.c index ea6612cec..f545dd603 100644 --- a/src/plugins/irc/irc.c +++ b/src/plugins/irc/irc.c @@ -104,7 +104,7 @@ irc_signal_upgrade_cb (const void *pointer, void *data, void *signal_data) { struct t_irc_server *ptr_server; - int quit, ssl_disconnected; + int quit, tls_disconnected; /* make C compiler happy */ (void) pointer; @@ -127,25 +127,25 @@ irc_signal_upgrade_cb (const void *pointer, void *data, quit = (signal_data && (strcmp (signal_data, "quit") == 0)); - ssl_disconnected = 0; + tls_disconnected = 0; for (ptr_server = irc_servers; ptr_server; ptr_server = ptr_server->next_server) { /* - * FIXME: it's not possible to upgrade with SSL servers connected + * FIXME: it's not possible to upgrade with TLS servers connected * (GnuTLS library can't reload data after upgrade), so we close - * connection for all SSL servers currently connected + * connection for all TLS servers currently connected */ - if (ptr_server->is_connected && (ptr_server->ssl_connected || quit)) + if (ptr_server->is_connected && (ptr_server->tls_connected || quit)) { if (!quit) { - ssl_disconnected++; + tls_disconnected++; weechat_printf ( ptr_server->buffer, _("%s%s: disconnecting from server because upgrade can't " - "work for servers connected via SSL"), + "work for servers connected via TLS"), weechat_prefix ("error"), IRC_PLUGIN_NAME); } irc_server_disconnect (ptr_server, 0, 0); @@ -160,18 +160,18 @@ irc_signal_upgrade_cb (const void *pointer, void *data, ptr_server->reconnect_delay - 1; } } - if (ssl_disconnected > 0) + if (tls_disconnected > 0) { weechat_printf ( NULL, NG_("%s%s: disconnected from %d server " - "(SSL connection not supported with upgrade)", + "(TLS connection not supported with upgrade)", "%s%s: disconnected from %d servers " - "(SSL connection not supported with upgrade)", - ssl_disconnected), + "(TLS connection not supported with upgrade)", + tls_disconnected), weechat_prefix ("error"), IRC_PLUGIN_NAME, - ssl_disconnected); + tls_disconnected); } return WEECHAT_RC_OK; diff --git a/tests/unit/plugins/irc/test-irc-server.cpp b/tests/unit/plugins/irc/test-irc-server.cpp index 2727c47c8..f80f6cd66 100644 --- a/tests/unit/plugins/irc/test-irc-server.cpp +++ b/tests/unit/plugins/irc/test-irc-server.cpp @@ -544,7 +544,7 @@ TEST(IrcServer, AllocWithUrl) STRCMP_EQUAL("irc.example.org/6667", CONFIG_STRING(server->options[IRC_SERVER_OPTION_ADDRESSES])); LONGS_EQUAL(0, CONFIG_BOOLEAN(server->options[IRC_SERVER_OPTION_IPV6])); - LONGS_EQUAL(0, CONFIG_BOOLEAN(server->options[IRC_SERVER_OPTION_SSL])); + LONGS_EQUAL(0, CONFIG_BOOLEAN(server->options[IRC_SERVER_OPTION_TLS])); POINTERS_EQUAL(NULL, CONFIG_STRING(server->options[IRC_SERVER_OPTION_PASSWORD])); POINTERS_EQUAL(NULL, @@ -560,7 +560,7 @@ TEST(IrcServer, AllocWithUrl) STRCMP_EQUAL("irc.example.org/7000", CONFIG_STRING(server->options[IRC_SERVER_OPTION_ADDRESSES])); LONGS_EQUAL(0, CONFIG_BOOLEAN(server->options[IRC_SERVER_OPTION_IPV6])); - LONGS_EQUAL(0, CONFIG_BOOLEAN(server->options[IRC_SERVER_OPTION_SSL])); + LONGS_EQUAL(0, CONFIG_BOOLEAN(server->options[IRC_SERVER_OPTION_TLS])); POINTERS_EQUAL(NULL, CONFIG_STRING(server->options[IRC_SERVER_OPTION_PASSWORD])); POINTERS_EQUAL(NULL, @@ -576,7 +576,7 @@ TEST(IrcServer, AllocWithUrl) STRCMP_EQUAL("irc.example.org/7000", CONFIG_STRING(server->options[IRC_SERVER_OPTION_ADDRESSES])); LONGS_EQUAL(1, CONFIG_BOOLEAN(server->options[IRC_SERVER_OPTION_IPV6])); - LONGS_EQUAL(0, CONFIG_BOOLEAN(server->options[IRC_SERVER_OPTION_SSL])); + LONGS_EQUAL(0, CONFIG_BOOLEAN(server->options[IRC_SERVER_OPTION_TLS])); POINTERS_EQUAL(NULL, CONFIG_STRING(server->options[IRC_SERVER_OPTION_PASSWORD])); POINTERS_EQUAL(NULL, @@ -585,14 +585,14 @@ TEST(IrcServer, AllocWithUrl) CONFIG_STRING(server->options[IRC_SERVER_OPTION_AUTOJOIN])); irc_server_free (server); - /* address, SSL */ + /* address, TLS */ server = irc_server_alloc_with_url ("ircs://irc.example.org"); CHECK(server); STRCMP_EQUAL(server->name, "irc.example.org"); STRCMP_EQUAL("irc.example.org/6697", CONFIG_STRING(server->options[IRC_SERVER_OPTION_ADDRESSES])); LONGS_EQUAL(0, CONFIG_BOOLEAN(server->options[IRC_SERVER_OPTION_IPV6])); - LONGS_EQUAL(1, CONFIG_BOOLEAN(server->options[IRC_SERVER_OPTION_SSL])); + LONGS_EQUAL(1, CONFIG_BOOLEAN(server->options[IRC_SERVER_OPTION_TLS])); POINTERS_EQUAL(NULL, CONFIG_STRING(server->options[IRC_SERVER_OPTION_PASSWORD])); POINTERS_EQUAL(NULL, @@ -601,14 +601,14 @@ TEST(IrcServer, AllocWithUrl) CONFIG_STRING(server->options[IRC_SERVER_OPTION_AUTOJOIN])); irc_server_free (server); - /* address, IPv6, SSL */ + /* address, IPv6, TLS */ server = irc_server_alloc_with_url ("irc6s://irc.example.org"); CHECK(server); STRCMP_EQUAL(server->name, "irc.example.org"); STRCMP_EQUAL("irc.example.org/6697", CONFIG_STRING(server->options[IRC_SERVER_OPTION_ADDRESSES])); LONGS_EQUAL(1, CONFIG_BOOLEAN(server->options[IRC_SERVER_OPTION_IPV6])); - LONGS_EQUAL(1, CONFIG_BOOLEAN(server->options[IRC_SERVER_OPTION_SSL])); + LONGS_EQUAL(1, CONFIG_BOOLEAN(server->options[IRC_SERVER_OPTION_TLS])); POINTERS_EQUAL(NULL, CONFIG_STRING(server->options[IRC_SERVER_OPTION_PASSWORD])); POINTERS_EQUAL(NULL, @@ -617,14 +617,14 @@ TEST(IrcServer, AllocWithUrl) CONFIG_STRING(server->options[IRC_SERVER_OPTION_AUTOJOIN])); irc_server_free (server); - /* address/port, SSL */ + /* address/port, TLS */ server = irc_server_alloc_with_url ("ircs://irc.example.org:7000"); CHECK(server); STRCMP_EQUAL(server->name, "irc.example.org"); STRCMP_EQUAL("irc.example.org/7000", CONFIG_STRING(server->options[IRC_SERVER_OPTION_ADDRESSES])); LONGS_EQUAL(0, CONFIG_BOOLEAN(server->options[IRC_SERVER_OPTION_IPV6])); - LONGS_EQUAL(1, CONFIG_BOOLEAN(server->options[IRC_SERVER_OPTION_SSL])); + LONGS_EQUAL(1, CONFIG_BOOLEAN(server->options[IRC_SERVER_OPTION_TLS])); POINTERS_EQUAL(NULL, CONFIG_STRING(server->options[IRC_SERVER_OPTION_PASSWORD])); POINTERS_EQUAL(NULL, @@ -640,7 +640,7 @@ TEST(IrcServer, AllocWithUrl) STRCMP_EQUAL("irc.example.org/6667", CONFIG_STRING(server->options[IRC_SERVER_OPTION_ADDRESSES])); LONGS_EQUAL(0, CONFIG_BOOLEAN(server->options[IRC_SERVER_OPTION_IPV6])); - LONGS_EQUAL(0, CONFIG_BOOLEAN(server->options[IRC_SERVER_OPTION_SSL])); + LONGS_EQUAL(0, CONFIG_BOOLEAN(server->options[IRC_SERVER_OPTION_TLS])); POINTERS_EQUAL(NULL, CONFIG_STRING(server->options[IRC_SERVER_OPTION_PASSWORD])); STRCMP_EQUAL("alice,alice1,alice2,alice3,alice4", @@ -656,7 +656,7 @@ TEST(IrcServer, AllocWithUrl) STRCMP_EQUAL("irc.example.org/6667", CONFIG_STRING(server->options[IRC_SERVER_OPTION_ADDRESSES])); LONGS_EQUAL(0, CONFIG_BOOLEAN(server->options[IRC_SERVER_OPTION_IPV6])); - LONGS_EQUAL(0, CONFIG_BOOLEAN(server->options[IRC_SERVER_OPTION_SSL])); + LONGS_EQUAL(0, CONFIG_BOOLEAN(server->options[IRC_SERVER_OPTION_TLS])); STRCMP_EQUAL("secret", CONFIG_STRING(server->options[IRC_SERVER_OPTION_PASSWORD])); STRCMP_EQUAL("alice,alice1,alice2,alice3,alice4", @@ -673,7 +673,7 @@ TEST(IrcServer, AllocWithUrl) STRCMP_EQUAL("irc.example.org/6667", CONFIG_STRING(server->options[IRC_SERVER_OPTION_ADDRESSES])); LONGS_EQUAL(0, CONFIG_BOOLEAN(server->options[IRC_SERVER_OPTION_IPV6])); - LONGS_EQUAL(0, CONFIG_BOOLEAN(server->options[IRC_SERVER_OPTION_SSL])); + LONGS_EQUAL(0, CONFIG_BOOLEAN(server->options[IRC_SERVER_OPTION_TLS])); STRCMP_EQUAL("secret", CONFIG_STRING(server->options[IRC_SERVER_OPTION_PASSWORD])); STRCMP_EQUAL("alice,alice1,alice2,alice3,alice4", |