diff options
35 files changed, 1129 insertions, 68 deletions
@@ -1,7 +1,7 @@ WeeChat ChangeLog ================= FlashCode <flashcode@flashtux.org> -v0.3.1-dev, 2009-10-30 +v0.3.1-dev, 2009-11-07 Version 0.3.1 (under dev!) @@ -21,6 +21,9 @@ Version 0.3.1 (under dev!) * alias: fix bug with buffer for execution of alias, when called from plugin API with function "command" (bug #27697) * alias: fix bug with arguments (bug #27440) +* irc: use self-signed certificate to auto identify on IRC server (CertFP) + (task #7492) +* irc: check SSL certificates (task #7492) * irc: add missing command 275 (patch #6952) * irc: add commands /sajoin, /samode, /sanick, /sapart, /saquit (task #9770) * irc: add options for CTCP, to block/customize CTCP reply (task #9693) diff --git a/doc/en/autogen/user/irc_options.txt b/doc/en/autogen/user/irc_options.txt index aba6df78b..95c6ab1a7 100644 --- a/doc/en/autogen/user/irc_options.txt +++ b/doc/en/autogen/user/irc_options.txt @@ -258,6 +258,21 @@ ** type: boolean ** values: on, off (default value: off) +* *irc.server_default.ssl_cert* +** description: ssl certificate file used to automatically identify your nick +** type: string +** values: any string (default value: "") + +* *irc.server_default.ssl_dhkey_size* +** description: size of the key used during the Diffie-Hellman Key Exchange +** type: integer +** values: 0 .. 2147483647 (default value: 2048) + +* *irc.server_default.ssl_verify* +** description: check that the ssl connection is fully trusted +** type: boolean +** values: on, off (default value: on) + * *irc.server_default.username* ** description: user name to use on server ** type: string diff --git a/doc/en/autogen/user/weechat_options.txt b/doc/en/autogen/user/weechat_options.txt index b0f8ffae0..ec9d054a1 100644 --- a/doc/en/autogen/user/weechat_options.txt +++ b/doc/en/autogen/user/weechat_options.txt @@ -548,10 +548,10 @@ ** type: boolean ** values: on, off (default value: on) -* *weechat.network.gnutls_dh_prime_bitsmax_lines* -** description: minimum size in bits for handshake using Diffie Hellman key exchange -** type: integer -** values: 0 .. 2147483647 (default value: 512) +* *weechat.network.gnutls_ca_file* +** description: file containing the certificate authorities +** type: string +** values: any string (default value: "%h/ssl/CAs.pem") * *weechat.plugin.autoload* ** description: comma separated list of plugins to load automatically at startup, "*" means all plugins found (names may be partial, for example "perl" is ok for "perl.so") diff --git a/doc/fr/autogen/user/irc_options.txt b/doc/fr/autogen/user/irc_options.txt index c83dfabfd..9ada8d1d5 100644 --- a/doc/fr/autogen/user/irc_options.txt +++ b/doc/fr/autogen/user/irc_options.txt @@ -258,6 +258,21 @@ ** type: booléen ** valeurs: on, off (valeur par défaut: off) +* *irc.server_default.ssl_cert* +** description: fichier de certificat ssl utilisé pour identifier automatiquement votre pseudo +** type: chaîne +** valeurs: toute chaîne (valeur par défaut: "") + +* *irc.server_default.ssl_dhkey_size* +** description: taille de clé utilisée pour l'échange de clé Diffie-Hellman +** type: entier +** valeurs: 0 .. 2147483647 (valeur par défaut: 2048) + +* *irc.server_default.ssl_verify* +** description: vérifier que la connexion ssl est entièrement de confiance +** type: booléen +** valeurs: on, off (valeur par défaut: on) + * *irc.server_default.username* ** description: nom d'utilisateur pour le serveur ** type: chaîne diff --git a/doc/fr/autogen/user/weechat_options.txt b/doc/fr/autogen/user/weechat_options.txt index 223bc338b..231f158ba 100644 --- a/doc/fr/autogen/user/weechat_options.txt +++ b/doc/fr/autogen/user/weechat_options.txt @@ -548,10 +548,10 @@ ** type: booléen ** valeurs: on, off (valeur par défaut: on) -* *weechat.network.gnutls_dh_prime_bitsmax_lines* -** description: taille minimum en bits pour la poignée de main (handshake) utilisant un échange de clé Diffie Hellman -** type: entier -** valeurs: 0 .. 2147483647 (valeur par défaut: 512) +* *weechat.network.gnutls_ca_file* +** description: fichier contenant les autorités de certification +** type: chaîne +** valeurs: toute chaîne (valeur par défaut: "%h/ssl/CAs.pem") * *weechat.plugin.autoload* ** description: liste des extensions à charger automatiquement au démarrage, "*" signifie toutes (séparées par des virgules, les noms peuvent être partiels, par exemple "perl" est ok pour "perl.so") @@ -6,7 +6,7 @@ msgid "" msgstr "" "Project-Id-Version: WeeChat 0.3.1-dev\n" "Report-Msgid-Bugs-To: flashcode@flashtux.org\n" -"POT-Creation-Date: 2009-11-06 21:20+0100\n" +"POT-Creation-Date: 2009-11-07 13:09+0100\n" "PO-Revision-Date: 2009-09-14 10:56+0200\n" "Last-Translator: Jiri Golembiovsky <golemj@gmail.com>\n" "Language-Team: weechat-dev <weechat-dev@nongnu.org>\n" @@ -1891,10 +1891,8 @@ msgstr "" "maximální počet příkazů, který zobrazit jako výchozí v seznamu historie (0 = " "nekonečno)" -msgid "minimum size in bits for handshake using Diffie Hellman key exchange" +msgid "file containing the certificate authorities" msgstr "" -"minimální velikost v bitech pro handshake při použití výměny klíčů Diffie " -"Hellman" msgid "" "comma separated list of plugins to load automatically at startup, \"*\" " @@ -3881,6 +3879,18 @@ msgstr "použít protokol IPv6 pro komunikaci se serverem" msgid "use SSL for server communication" msgstr "použít SSL pro komunikaci se serverem" +msgid "ssl certificate file used to automatically identify your nick" +msgstr "" + +#, fuzzy +msgid "size of the key used during the Diffie-Hellman Key Exchange" +msgstr "" +"minimální velikost v bitech pro handshake při použití výměny klíčů Diffie " +"Hellman" + +msgid "check that the ssl connection is fully trusted" +msgstr "" + msgid "password for server" msgstr "heslo pro server" @@ -4581,6 +4591,64 @@ msgid "%s%s: not enough memory" msgstr "%s%s: nedostatek paměti" #, c-format +msgid "gnutls: connected using %d-bit Diffie-Hellman shared secret exchange" +msgstr "" + +#, c-format +msgid "%sgnutls: error while checking peer's certificate" +msgstr "" + +#, c-format +msgid "%sgnutls: peer's certificate is NOT trusted" +msgstr "" + +msgid "gnutls: peer's certificate is trusted" +msgstr "" + +#, c-format +msgid "%sgnutls: peer's certificate issuer is unknown" +msgstr "" + +#, fuzzy, c-format +msgid "%sgnutls: the certificate has been revoked" +msgstr "%s%s: nemůžu číst soubor \"%s\"" + +#, fuzzy, c-format +msgid "gnutls: receiving %d certificate" +msgid_plural "gnutls: receiving %d certificates" +msgstr[0] "%s%s: nemůžu číst soubor \"%s\"" +msgstr[1] "%s%s: nemůžu číst soubor \"%s\"" +msgstr[2] "%s%s: nemůžu číst soubor \"%s\"" + +#, c-format +msgid " - certificate[%d] info:" +msgstr "" + +#, fuzzy, c-format +msgid "%sgnutls: certificate has expired" +msgstr "%s%s: nemůžu číst soubor \"%s\"" + +#, c-format +msgid "%sgnutls: certificate is not yet activated" +msgstr "" + +#, fuzzy, c-format +msgid "%sgnutls: the hostname in the certificate does NOT match \"%s\"" +msgstr "%s%s: nemůžu číst soubor \"%s\"" + +#, fuzzy +msgid "gnutls: sending one certificate" +msgstr "%s%s: nemůžu číst soubor \"%s\"" + +#, c-format +msgid " - client certificate info (%s):" +msgstr "" + +#, fuzzy, c-format +msgid "%sgnutls: unable to read certifcate \"%s\"" +msgstr "%s%s: nemůžu číst soubor \"%s\"" + +#, c-format msgid "%s%s: addresses not defined for server \"%s\", cannot connect" msgstr "%s%s: adresa pro server \"%s\" není definována, nemohu se připojit" @@ -10,7 +10,7 @@ msgid "" msgstr "" "Project-Id-Version: WeeChat 0.3.1-dev\n" "Report-Msgid-Bugs-To: flashcode@flashtux.org\n" -"POT-Creation-Date: 2009-11-06 21:20+0100\n" +"POT-Creation-Date: 2009-11-07 13:09+0100\n" "PO-Revision-Date: 2009-11-03 17:08+0100\n" "Last-Translator: Nils G <weechatter@arcor.de>\n" "Language-Team: weechat-dev <weechat-dev@nongnu.org>\n" @@ -1953,10 +1953,8 @@ msgstr "" "Standardwert für die maximale Anzahl der angezeigten Befehle im Verlauf (0: " "unbegrenzt)" -msgid "minimum size in bits for handshake using Diffie Hellman key exchange" +msgid "file containing the certificate authorities" msgstr "" -"Mindestanzahl, in Bits, für den Handshake (es wird dazu Diffie Hellman key " -"exchange genutzt)" msgid "" "comma separated list of plugins to load automatically at startup, \"*\" " @@ -4002,6 +4000,18 @@ msgstr "Server über IPv6 ansprechen" msgid "use SSL for server communication" msgstr "Server über SSL ansprechen" +msgid "ssl certificate file used to automatically identify your nick" +msgstr "" + +#, fuzzy +msgid "size of the key used during the Diffie-Hellman Key Exchange" +msgstr "" +"Mindestanzahl, in Bits, für den Handshake (es wird dazu Diffie Hellman key " +"exchange genutzt)" + +msgid "check that the ssl connection is fully trusted" +msgstr "" + msgid "password for server" msgstr "Passwort für den Server" @@ -4708,6 +4718,63 @@ msgid "%s%s: not enough memory" msgstr "%s%s: Nicht genügend Speicher" #, c-format +msgid "gnutls: connected using %d-bit Diffie-Hellman shared secret exchange" +msgstr "" + +#, c-format +msgid "%sgnutls: error while checking peer's certificate" +msgstr "" + +#, c-format +msgid "%sgnutls: peer's certificate is NOT trusted" +msgstr "" + +msgid "gnutls: peer's certificate is trusted" +msgstr "" + +#, c-format +msgid "%sgnutls: peer's certificate issuer is unknown" +msgstr "" + +#, fuzzy, c-format +msgid "%sgnutls: the certificate has been revoked" +msgstr "%s%s: Kann Datei \"%s\" nicht lesen" + +#, fuzzy, c-format +msgid "gnutls: receiving %d certificate" +msgid_plural "gnutls: receiving %d certificates" +msgstr[0] "%s%s: Kann Datei \"%s\" nicht lesen" +msgstr[1] "%s%s: Kann Datei \"%s\" nicht lesen" + +#, c-format +msgid " - certificate[%d] info:" +msgstr "" + +#, fuzzy, c-format +msgid "%sgnutls: certificate has expired" +msgstr "%s%s: Kann Datei \"%s\" nicht lesen" + +#, c-format +msgid "%sgnutls: certificate is not yet activated" +msgstr "" + +#, fuzzy, c-format +msgid "%sgnutls: the hostname in the certificate does NOT match \"%s\"" +msgstr "%s%s: Kann Datei \"%s\" nicht lesen" + +#, fuzzy +msgid "gnutls: sending one certificate" +msgstr "%s%s: Kann Datei \"%s\" nicht lesen" + +#, c-format +msgid " - client certificate info (%s):" +msgstr "" + +#, fuzzy, c-format +msgid "%sgnutls: unable to read certifcate \"%s\"" +msgstr "%s%s: Kann Datei \"%s\" nicht lesen" + +#, c-format msgid "%s%s: addresses not defined for server \"%s\", cannot connect" msgstr "" "%s%s: Adresse für den Server \"%s\" nicht definiert, Verbindung wird nicht " @@ -8,7 +8,7 @@ msgid "" msgstr "" "Project-Id-Version: WeeChat 0.3.1-dev\n" "Report-Msgid-Bugs-To: flashcode@flashtux.org\n" -"POT-Creation-Date: 2009-11-06 21:20+0100\n" +"POT-Creation-Date: 2009-11-07 13:09+0100\n" "PO-Revision-Date: 2009-09-06 21:25+0200\n" "Last-Translator: Elián Hanisch <lambdae2@gmail.com>\n" "Language-Team: weechat-dev <weechat-dev@nongnu.org>\n" @@ -1694,7 +1694,7 @@ msgstr "" "número máximo de comandos para mostrar por defecto en el listado del " "historial (0 = ilimitado)" -msgid "minimum size in bits for handshake using Diffie Hellman key exchange" +msgid "file containing the certificate authorities" msgstr "" #, fuzzy @@ -3696,6 +3696,15 @@ msgstr "usar el protocolo IPv6 para la comunicación con el servidor" msgid "use SSL for server communication" msgstr "usar SSL para la comunicación con el servidor" +msgid "ssl certificate file used to automatically identify your nick" +msgstr "" + +msgid "size of the key used during the Diffie-Hellman Key Exchange" +msgstr "" + +msgid "check that the ssl connection is fully trusted" +msgstr "" + msgid "password for server" msgstr "contraseña del servidor" @@ -4407,6 +4416,63 @@ msgid "%s%s: not enough memory" msgstr "%s%s: no hay suficiente memoria" #, c-format +msgid "gnutls: connected using %d-bit Diffie-Hellman shared secret exchange" +msgstr "" + +#, c-format +msgid "%sgnutls: error while checking peer's certificate" +msgstr "" + +#, c-format +msgid "%sgnutls: peer's certificate is NOT trusted" +msgstr "" + +msgid "gnutls: peer's certificate is trusted" +msgstr "" + +#, c-format +msgid "%sgnutls: peer's certificate issuer is unknown" +msgstr "" + +#, fuzzy, c-format +msgid "%sgnutls: the certificate has been revoked" +msgstr "No es posible escribir un fichero de log para un búfer\n" + +#, fuzzy, c-format +msgid "gnutls: receiving %d certificate" +msgid_plural "gnutls: receiving %d certificates" +msgstr[0] "No es posible escribir un fichero de log para un búfer\n" +msgstr[1] "No es posible escribir un fichero de log para un búfer\n" + +#, c-format +msgid " - certificate[%d] info:" +msgstr "" + +#, fuzzy, c-format +msgid "%sgnutls: certificate has expired" +msgstr "No es posible escribir un fichero de log para un búfer\n" + +#, c-format +msgid "%sgnutls: certificate is not yet activated" +msgstr "" + +#, fuzzy, c-format +msgid "%sgnutls: the hostname in the certificate does NOT match \"%s\"" +msgstr "No es posible escribir un fichero de log para un búfer\n" + +#, fuzzy +msgid "gnutls: sending one certificate" +msgstr "No es posible escribir un fichero de log para un búfer\n" + +#, c-format +msgid " - client certificate info (%s):" +msgstr "" + +#, fuzzy, c-format +msgid "%sgnutls: unable to read certifcate \"%s\"" +msgstr "No es posible escribir un fichero de log para un búfer\n" + +#, c-format msgid "%s%s: addresses not defined for server \"%s\", cannot connect" msgstr "" "%s%s: dirección sin definir para el servidor \"%s\", no es posible " @@ -6,8 +6,8 @@ msgid "" msgstr "" "Project-Id-Version: WeeChat 0.3.1-dev\n" "Report-Msgid-Bugs-To: flashcode@flashtux.org\n" -"POT-Creation-Date: 2009-11-06 21:20+0100\n" -"PO-Revision-Date: 2009-11-01 08:27+0100\n" +"POT-Creation-Date: 2009-11-07 13:09+0100\n" +"PO-Revision-Date: 2009-11-07 13:09+0100\n" "Last-Translator: FlashCode <flashcode@flashtux.org>\n" "Language-Team: weechat-dev <weechat-dev@nongnu.org>\n" "MIME-Version: 1.0\n" @@ -1937,10 +1937,8 @@ msgstr "" "nombre maximum de commandes à afficher par défaut dans le listing " "d'historique (0 = sans limite)" -msgid "minimum size in bits for handshake using Diffie Hellman key exchange" -msgstr "" -"taille minimum en bits pour la poignée de main (handshake) utilisant un " -"échange de clé Diffie Hellman" +msgid "file containing the certificate authorities" +msgstr "fichier contenant les autorités de certification" msgid "" "comma separated list of plugins to load automatically at startup, \"*\" " @@ -3968,6 +3966,17 @@ msgstr "utiliser le protocole IPv6 pour la communication avec le serveur" msgid "use SSL for server communication" msgstr "utiliser SSL pour la communication avec le serveur" +msgid "ssl certificate file used to automatically identify your nick" +msgstr "" +"fichier de certificat ssl utilisé pour identifier automatiquement votre " +"pseudo" + +msgid "size of the key used during the Diffie-Hellman Key Exchange" +msgstr "taille de clé utilisée pour l'échange de clé Diffie-Hellman" + +msgid "check that the ssl connection is fully trusted" +msgstr "vérifier que la connexion ssl est entièrement de confiance" + msgid "password for server" msgstr "mot de passe pour le serveur" @@ -4673,6 +4682,63 @@ msgid "%s%s: not enough memory" msgstr "%s%s: pas assez de mémoire" #, c-format +msgid "gnutls: connected using %d-bit Diffie-Hellman shared secret exchange" +msgstr "" +"gnutls: connecté en utilisant un échange secret Diffie-Hellman de %d bits" + +#, c-format +msgid "%sgnutls: error while checking peer's certificate" +msgstr "%sgnutls: erreur de verification du certificat de l'hôte" + +#, c-format +msgid "%sgnutls: peer's certificate is NOT trusted" +msgstr "%sgnutls: le certificat de l'hôte n'est PAS de confiance" + +msgid "gnutls: peer's certificate is trusted" +msgstr "gnutls: le certificat de l'hôte est de confiance" + +#, c-format +msgid "%sgnutls: peer's certificate issuer is unknown" +msgstr "%sgnutls: l'émetteur du certificat de l'hôte est inconnu" + +#, c-format +msgid "%sgnutls: the certificate has been revoked" +msgstr "%sgnutls: le certificat a été révoqué" + +#, c-format +msgid "gnutls: receiving %d certificate" +msgid_plural "gnutls: receiving %d certificates" +msgstr[0] "gnutls: réception de %d certificat" +msgstr[1] "gnutls: réception de %d certificats" + +#, c-format +msgid " - certificate[%d] info:" +msgstr " - info certificat[%d]:" + +#, c-format +msgid "%sgnutls: certificate has expired" +msgstr "%sgnutls: le certificat a expiré" + +#, c-format +msgid "%sgnutls: certificate is not yet activated" +msgstr "%sgnutls: le certificat n'a pas encore été activé" + +#, c-format +msgid "%sgnutls: the hostname in the certificate does NOT match \"%s\"" +msgstr "%sgnutls: le nom d'hôte du certificat ne correspond PAS à \"%s\"" + +msgid "gnutls: sending one certificate" +msgstr "gnutls: envoi d'un certificat" + +#, c-format +msgid " - client certificate info (%s):" +msgstr " - info certificat client (%s):" + +#, c-format +msgid "%sgnutls: unable to read certifcate \"%s\"" +msgstr "%sgnutls: impossible de lire le certificat \"%s\"" + +#, c-format msgid "%s%s: addresses not defined for server \"%s\", cannot connect" msgstr "" "%s%s: adresses non définies pour le serveur \"%s\", connexion impossible" @@ -12,7 +12,7 @@ msgid "" msgstr "" "Project-Id-Version: WeeChat 0.3.1-dev\n" "Report-Msgid-Bugs-To: flashcode@flashtux.org\n" -"POT-Creation-Date: 2009-11-06 21:20+0100\n" +"POT-Creation-Date: 2009-11-07 13:09+0100\n" "PO-Revision-Date: 2009-09-20 13:51+0200\n" "Last-Translator: Andras Voroskoi <voroskoi@frugalware.org>\n" "Language-Team: weechat-dev <weechat-dev@nongnu.org>\n" @@ -1810,7 +1810,7 @@ msgstr "" "megjeleníthető parancsok maximális száma előzmények listázásakor ( 0 = " "korlátlan)" -msgid "minimum size in bits for handshake using Diffie Hellman key exchange" +msgid "file containing the certificate authorities" msgstr "" #, fuzzy @@ -3821,6 +3821,15 @@ msgstr "IPv6 protokoll használata a kapcsolathoz" msgid "use SSL for server communication" msgstr "SSL használata a a kapcsolathoz" +msgid "ssl certificate file used to automatically identify your nick" +msgstr "" + +msgid "size of the key used during the Diffie-Hellman Key Exchange" +msgstr "" + +msgid "check that the ssl connection is fully trusted" +msgstr "" + #, fuzzy msgid "password for server" msgstr "jelszó az IRC szerveren" @@ -4521,6 +4530,63 @@ msgid "%s%s: not enough memory" msgstr "Nincs elég memória az új sorhoz\n" #, c-format +msgid "gnutls: connected using %d-bit Diffie-Hellman shared secret exchange" +msgstr "" + +#, c-format +msgid "%sgnutls: error while checking peer's certificate" +msgstr "" + +#, c-format +msgid "%sgnutls: peer's certificate is NOT trusted" +msgstr "" + +msgid "gnutls: peer's certificate is trusted" +msgstr "" + +#, c-format +msgid "%sgnutls: peer's certificate issuer is unknown" +msgstr "" + +#, fuzzy, c-format +msgid "%sgnutls: the certificate has been revoked" +msgstr "Nem sikerült a(z) \"%s\" naplófájlt írni\n" + +#, fuzzy, c-format +msgid "gnutls: receiving %d certificate" +msgid_plural "gnutls: receiving %d certificates" +msgstr[0] "Nem sikerült a(z) \"%s\" naplófájlt írni\n" +msgstr[1] "Nem sikerült a(z) \"%s\" naplófájlt írni\n" + +#, c-format +msgid " - certificate[%d] info:" +msgstr "" + +#, fuzzy, c-format +msgid "%sgnutls: certificate has expired" +msgstr "Nem sikerült a(z) \"%s\" naplófájlt írni\n" + +#, c-format +msgid "%sgnutls: certificate is not yet activated" +msgstr "" + +#, fuzzy, c-format +msgid "%sgnutls: the hostname in the certificate does NOT match \"%s\"" +msgstr "Nem sikerült a(z) \"%s\" naplófájlt írni\n" + +#, fuzzy +msgid "gnutls: sending one certificate" +msgstr "Nem sikerült a(z) \"%s\" naplófájlt írni\n" + +#, c-format +msgid " - client certificate info (%s):" +msgstr "" + +#, fuzzy, c-format +msgid "%sgnutls: unable to read certifcate \"%s\"" +msgstr "Nem sikerült a(z) \"%s\" naplófájlt írni\n" + +#, c-format msgid "%s%s: addresses not defined for server \"%s\", cannot connect" msgstr "" @@ -8,7 +8,7 @@ msgid "" msgstr "" "Project-Id-Version: Weechat 0.31-dev\n" "Report-Msgid-Bugs-To: flashcode@flashtux.org\n" -"POT-Creation-Date: 2009-11-06 21:20+0100\n" +"POT-Creation-Date: 2009-11-07 13:09+0100\n" "PO-Revision-Date: 2009-11-03 14:16+0100\n" "Last-Translator: Marco Paolone <marcopaolone@gmail.com>\n" "Language-Team: weechat-dev <weechat-dev@nongnu.org>\n" @@ -1880,10 +1880,8 @@ msgstr "" "numero massimo predefinito di comandi da visualizzare nella cronologia (0 = " "nessun limite)" -msgid "minimum size in bits for handshake using Diffie Hellman key exchange" +msgid "file containing the certificate authorities" msgstr "" -"dimensione minima in bit per l'handshake utilizzando lo scambio chiavi " -"Diffie Hellman" msgid "" "comma separated list of plugins to load automatically at startup, \"*\" " @@ -3905,6 +3903,18 @@ msgstr "utilizza il protocollo IPv6 per le comunicazioni col server" msgid "use SSL for server communication" msgstr "utilizza SSL per le comunicazioni col server" +msgid "ssl certificate file used to automatically identify your nick" +msgstr "" + +#, fuzzy +msgid "size of the key used during the Diffie-Hellman Key Exchange" +msgstr "" +"dimensione minima in bit per l'handshake utilizzando lo scambio chiavi " +"Diffie Hellman" + +msgid "check that the ssl connection is fully trusted" +msgstr "" + msgid "password for server" msgstr "password per il server" @@ -4600,6 +4610,63 @@ msgid "%s%s: not enough memory" msgstr "%s%s: memoria non sufficiente" #, c-format +msgid "gnutls: connected using %d-bit Diffie-Hellman shared secret exchange" +msgstr "" + +#, c-format +msgid "%sgnutls: error while checking peer's certificate" +msgstr "" + +#, c-format +msgid "%sgnutls: peer's certificate is NOT trusted" +msgstr "" + +msgid "gnutls: peer's certificate is trusted" +msgstr "" + +#, c-format +msgid "%sgnutls: peer's certificate issuer is unknown" +msgstr "" + +#, fuzzy, c-format +msgid "%sgnutls: the certificate has been revoked" +msgstr "%s%s: impossibile leggere il file \"%s\"" + +#, fuzzy, c-format +msgid "gnutls: receiving %d certificate" +msgid_plural "gnutls: receiving %d certificates" +msgstr[0] "%s%s: impossibile leggere il file \"%s\"" +msgstr[1] "%s%s: impossibile leggere il file \"%s\"" + +#, c-format +msgid " - certificate[%d] info:" +msgstr "" + +#, fuzzy, c-format +msgid "%sgnutls: certificate has expired" +msgstr "%s%s: impossibile leggere il file \"%s\"" + +#, c-format +msgid "%sgnutls: certificate is not yet activated" +msgstr "" + +#, fuzzy, c-format +msgid "%sgnutls: the hostname in the certificate does NOT match \"%s\"" +msgstr "%s%s: impossibile leggere il file \"%s\"" + +#, fuzzy +msgid "gnutls: sending one certificate" +msgstr "%s%s: impossibile leggere il file \"%s\"" + +#, c-format +msgid " - client certificate info (%s):" +msgstr "" + +#, fuzzy, c-format +msgid "%sgnutls: unable to read certifcate \"%s\"" +msgstr "%s%s: impossibile leggere il file \"%s\"" + +#, c-format msgid "%s%s: addresses not defined for server \"%s\", cannot connect" msgstr "" "%s%s: indirizzo non definito per il server \"%s\", impossibile connettersi" @@ -9,7 +9,7 @@ msgid "" msgstr "" "Project-Id-Version: WeeChat 0.3.1-dev\n" "Report-Msgid-Bugs-To: flashcode@flashtux.org\n" -"POT-Creation-Date: 2009-11-06 21:20+0100\n" +"POT-Creation-Date: 2009-11-07 13:09+0100\n" "PO-Revision-Date: 2009-09-06 21:25+0200\n" "Last-Translator: Krzysztof Korościk <soltys@szluug.org>\n" "Language-Team: Polish\n" @@ -1923,10 +1923,8 @@ msgstr "" "maksymalna ilośc komend domyślnie wyświetlanych w listingu historii (0 = bez " "ograniczeń)" -msgid "minimum size in bits for handshake using Diffie Hellman key exchange" +msgid "file containing the certificate authorities" msgstr "" -"minimalny rozmiar w bitach do nawiązania połączenia wykorzystując wymiane " -"kluczy Diffie Hellmana" msgid "" "comma separated list of plugins to load automatically at startup, \"*\" " @@ -3921,6 +3919,18 @@ msgstr "użyj protokołu IPv6 do komunikacji z serwerem" msgid "use SSL for server communication" msgstr "użyj protokołu SSL do komunikacji z serwerem" +msgid "ssl certificate file used to automatically identify your nick" +msgstr "" + +#, fuzzy +msgid "size of the key used during the Diffie-Hellman Key Exchange" +msgstr "" +"minimalny rozmiar w bitach do nawiązania połączenia wykorzystując wymiane " +"kluczy Diffie Hellmana" + +msgid "check that the ssl connection is fully trusted" +msgstr "" + msgid "password for server" msgstr "hasło dla serwera" @@ -4631,6 +4641,64 @@ msgid "%s%s: not enough memory" msgstr "%s%s: za mało pamięci" #, c-format +msgid "gnutls: connected using %d-bit Diffie-Hellman shared secret exchange" +msgstr "" + +#, c-format +msgid "%sgnutls: error while checking peer's certificate" +msgstr "" + +#, c-format +msgid "%sgnutls: peer's certificate is NOT trusted" +msgstr "" + +msgid "gnutls: peer's certificate is trusted" +msgstr "" + +#, c-format +msgid "%sgnutls: peer's certificate issuer is unknown" +msgstr "" + +#, fuzzy, c-format +msgid "%sgnutls: the certificate has been revoked" +msgstr "%s%s: nie można odczytać pliku \"%s\"" + +#, fuzzy, c-format +msgid "gnutls: receiving %d certificate" +msgid_plural "gnutls: receiving %d certificates" +msgstr[0] "%s%s: nie można odczytać pliku \"%s\"" +msgstr[1] "%s%s: nie można odczytać pliku \"%s\"" +msgstr[2] "%s%s: nie można odczytać pliku \"%s\"" + +#, c-format +msgid " - certificate[%d] info:" +msgstr "" + +#, fuzzy, c-format +msgid "%sgnutls: certificate has expired" +msgstr "%s%s: nie można odczytać pliku \"%s\"" + +#, c-format +msgid "%sgnutls: certificate is not yet activated" +msgstr "" + +#, fuzzy, c-format +msgid "%sgnutls: the hostname in the certificate does NOT match \"%s\"" +msgstr "%s%s: nie można odczytać pliku \"%s\"" + +#, fuzzy +msgid "gnutls: sending one certificate" +msgstr "%s%s: nie można odczytać pliku \"%s\"" + +#, c-format +msgid " - client certificate info (%s):" +msgstr "" + +#, fuzzy, c-format +msgid "%sgnutls: unable to read certifcate \"%s\"" +msgstr "%s%s: nie można odczytać pliku \"%s\"" + +#, c-format msgid "%s%s: addresses not defined for server \"%s\", cannot connect" msgstr "" "%s%s: adres nie zdefiniowany dla serwera \"%s\", nie można się połączyć" @@ -6,7 +6,7 @@ msgid "" msgstr "" "Project-Id-Version: WeeChat 0.3.1-dev\n" "Report-Msgid-Bugs-To: flashcode@flashtux.org\n" -"POT-Creation-Date: 2009-11-06 21:20+0100\n" +"POT-Creation-Date: 2009-11-07 13:09+0100\n" "PO-Revision-Date: 2009-09-20 13:50+0200\n" "Last-Translator: Pavel Shevchuk <stlwrt@gmail.com>\n" "Language-Team: weechat-dev <weechat-dev@nongnu.org>\n" @@ -1818,7 +1818,7 @@ msgstr "" "максимальное количество отображаемых команд в листинге истории (0 = не " "ограничено)" -msgid "minimum size in bits for handshake using Diffie Hellman key exchange" +msgid "file containing the certificate authorities" msgstr "" #, fuzzy @@ -3822,6 +3822,15 @@ msgstr "использовать IPv6 при связи с сервером" msgid "use SSL for server communication" msgstr "использовать SSL при связи с сервером" +msgid "ssl certificate file used to automatically identify your nick" +msgstr "" + +msgid "size of the key used during the Diffie-Hellman Key Exchange" +msgstr "" + +msgid "check that the ssl connection is fully trusted" +msgstr "" + #, fuzzy msgid "password for server" msgstr "пароль, используемый при подключении к IRC серверу" @@ -4529,6 +4538,64 @@ msgid "%s%s: not enough memory" msgstr "Недостаточно памяти для новой строчки\n" #, c-format +msgid "gnutls: connected using %d-bit Diffie-Hellman shared secret exchange" +msgstr "" + +#, c-format +msgid "%sgnutls: error while checking peer's certificate" +msgstr "" + +#, c-format +msgid "%sgnutls: peer's certificate is NOT trusted" +msgstr "" + +msgid "gnutls: peer's certificate is trusted" +msgstr "" + +#, c-format +msgid "%sgnutls: peer's certificate issuer is unknown" +msgstr "" + +#, fuzzy, c-format +msgid "%sgnutls: the certificate has been revoked" +msgstr "Не могу записать лог-файл \"%s\"\n" + +#, fuzzy, c-format +msgid "gnutls: receiving %d certificate" +msgid_plural "gnutls: receiving %d certificates" +msgstr[0] "Не могу записать лог-файл \"%s\"\n" +msgstr[1] "Не могу записать лог-файл \"%s\"\n" +msgstr[2] "Не могу записать лог-файл \"%s\"\n" + +#, c-format +msgid " - certificate[%d] info:" +msgstr "" + +#, fuzzy, c-format +msgid "%sgnutls: certificate has expired" +msgstr "Не могу записать лог-файл \"%s\"\n" + +#, c-format +msgid "%sgnutls: certificate is not yet activated" +msgstr "" + +#, fuzzy, c-format +msgid "%sgnutls: the hostname in the certificate does NOT match \"%s\"" +msgstr "Не могу записать лог-файл \"%s\"\n" + +#, fuzzy +msgid "gnutls: sending one certificate" +msgstr "Не могу записать лог-файл \"%s\"\n" + +#, c-format +msgid " - client certificate info (%s):" +msgstr "" + +#, fuzzy, c-format +msgid "%sgnutls: unable to read certifcate \"%s\"" +msgstr "Не могу записать лог-файл \"%s\"\n" + +#, c-format msgid "%s%s: addresses not defined for server \"%s\", cannot connect" msgstr "" diff --git a/po/weechat.pot b/po/weechat.pot index e13e816e5..5cee94e03 100644 --- a/po/weechat.pot +++ b/po/weechat.pot @@ -7,7 +7,7 @@ msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: flashcode@flashtux.org\n" -"POT-Creation-Date: 2009-11-06 21:20+0100\n" +"POT-Creation-Date: 2009-11-07 13:09+0100\n" "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n" "Language-Team: LANGUAGE <LL@li.org>\n" @@ -1532,7 +1532,7 @@ msgid "" "unlimited)" msgstr "" -msgid "minimum size in bits for handshake using Diffie Hellman key exchange" +msgid "file containing the certificate authorities" msgstr "" msgid "" @@ -3249,6 +3249,15 @@ msgstr "" msgid "use SSL for server communication" msgstr "" +msgid "ssl certificate file used to automatically identify your nick" +msgstr "" + +msgid "size of the key used during the Diffie-Hellman Key Exchange" +msgstr "" + +msgid "check that the ssl connection is fully trusted" +msgstr "" + msgid "password for server" msgstr "" @@ -3888,6 +3897,62 @@ msgid "%s%s: not enough memory" msgstr "" #, c-format +msgid "gnutls: connected using %d-bit Diffie-Hellman shared secret exchange" +msgstr "" + +#, c-format +msgid "%sgnutls: error while checking peer's certificate" +msgstr "" + +#, c-format +msgid "%sgnutls: peer's certificate is NOT trusted" +msgstr "" + +msgid "gnutls: peer's certificate is trusted" +msgstr "" + +#, c-format +msgid "%sgnutls: peer's certificate issuer is unknown" +msgstr "" + +#, c-format +msgid "%sgnutls: the certificate has been revoked" +msgstr "" + +#, c-format +msgid "gnutls: receiving %d certificate" +msgid_plural "gnutls: receiving %d certificates" +msgstr[0] "" +msgstr[1] "" + +#, c-format +msgid " - certificate[%d] info:" +msgstr "" + +#, c-format +msgid "%sgnutls: certificate has expired" +msgstr "" + +#, c-format +msgid "%sgnutls: certificate is not yet activated" +msgstr "" + +#, c-format +msgid "%sgnutls: the hostname in the certificate does NOT match \"%s\"" +msgstr "" + +msgid "gnutls: sending one certificate" +msgstr "" + +#, c-format +msgid " - client certificate info (%s):" +msgstr "" + +#, c-format +msgid "%sgnutls: unable to read certifcate \"%s\"" +msgstr "" + +#, c-format msgid "%s%s: addresses not defined for server \"%s\", cannot connect" msgstr "" diff --git a/src/core/wee-config.c b/src/core/wee-config.c index e572d87d3..843ca00a1 100644 --- a/src/core/wee-config.c +++ b/src/core/wee-config.c @@ -175,7 +175,7 @@ struct t_config_option *config_history_display_default; /* config, network section */ -struct t_config_option *config_network_gnutls_dh_prime_bits; +struct t_config_option *config_network_gnutls_ca_file; /* config, plugin section */ @@ -1954,12 +1954,11 @@ config_weechat_init_options () return 0; } - config_network_gnutls_dh_prime_bits = config_file_new_option ( + config_network_gnutls_ca_file = config_file_new_option ( weechat_config_file, ptr_section, - "gnutls_dh_prime_bitsmax_lines", "integer", - N_("minimum size in bits for handshake using Diffie Hellman key " - "exchange"), - NULL, 0, INT_MAX, "512", NULL, 0, NULL, NULL, NULL, NULL, NULL, NULL); + "gnutls_ca_file", "string", + N_("file containing the certificate authorities"), + NULL, 0, 0, "%h/ssl/CAs.pem", NULL, 0, NULL, NULL, NULL, NULL, NULL, NULL); /* plugin */ ptr_section = config_file_new_section (weechat_config_file, "plugin", diff --git a/src/core/wee-config.h b/src/core/wee-config.h index 0d1a550d8..48e2312d8 100644 --- a/src/core/wee-config.h +++ b/src/core/wee-config.h @@ -182,7 +182,7 @@ extern struct t_config_option *config_history_max_commands; extern struct t_config_option *config_history_max_visited_buffers; extern struct t_config_option *config_history_display_default; -extern struct t_config_option *config_network_gnutls_dh_prime_bits; +extern struct t_config_option *config_network_gnutls_ca_file; extern struct t_config_option *config_plugin_autoload; extern struct t_config_option *config_plugin_debug; diff --git a/src/core/wee-hook.c b/src/core/wee-hook.c index e57af00fc..10fe290b8 100644 --- a/src/core/wee-hook.c +++ b/src/core/wee-hook.c @@ -1432,9 +1432,9 @@ hook_process_run (struct t_hook *hook_process) */ struct t_hook * -hook_connect (struct t_weechat_plugin *plugin, const char *proxy, - const char *address, int port, int sock, int ipv6, - void *gnutls_sess, const char *local_hostname, +hook_connect (struct t_weechat_plugin *plugin, const char *proxy, const char *address, + int port, int sock, int ipv6, void *gnutls_sess, void *gnutls_cb, + int gnutls_dhkey_size, const char *local_hostname, t_hook_callback_connect *callback, void *callback_data) { struct t_hook *new_hook; @@ -1469,6 +1469,8 @@ hook_connect (struct t_weechat_plugin *plugin, const char *proxy, new_hook_connect->ipv6 = ipv6; #ifdef HAVE_GNUTLS new_hook_connect->gnutls_sess = gnutls_sess; + new_hook_connect->gnutls_cb = gnutls_cb; + new_hook_connect->gnutls_dhkey_size = gnutls_dhkey_size; #endif new_hook_connect->local_hostname = (local_hostname) ? strdup (local_hostname) : NULL; @@ -1485,6 +1487,40 @@ hook_connect (struct t_weechat_plugin *plugin, const char *proxy, } /* + * hook_connect_gnutls_set_certificates: set gnutls + */ + +#ifdef HAVE_GNUTLS +int +hook_connect_gnutls_set_certificates (gnutls_session_t tls_session, + const gnutls_datum_t *req_ca, int nreq, + const gnutls_pk_algorithm_t *pk_algos, + int pk_algos_len, + gnutls_retr_st *answer) +{ + struct t_hook *ptr_hook; + int rc; + + rc = -1; + ptr_hook = weechat_hooks[HOOK_TYPE_CONNECT]; + while (ptr_hook) + { + /* looking for the right hook using to the gnutls session pointer */ + if (*(HOOK_CONNECT(ptr_hook, gnutls_sess)) == tls_session) + { + rc = (int) (HOOK_CONNECT(ptr_hook, gnutls_cb)) + (ptr_hook->callback_data, tls_session, req_ca, nreq, + pk_algos, pk_algos_len, answer); + break; + } + ptr_hook = ptr_hook->next_hook; + } + + return rc; +} +#endif + +/* * hook_print: hook a message printed by WeeChat */ @@ -2501,6 +2537,10 @@ hook_add_to_infolist_type (struct t_infolist *infolist, #ifdef HAVE_GNUTLS if (!infolist_new_var_pointer (ptr_item, "gnutls_sess", HOOK_CONNECT(ptr_hook, gnutls_sess))) return 0; + if (!infolist_new_var_pointer (ptr_item, "gnutls_cb", HOOK_CONNECT(ptr_hook, gnutls_cb))) + return 0; + if (!infolist_new_var_integer (ptr_item, "gnutls_dhkey_size", HOOK_CONNECT(ptr_hook, gnutls_dhkey_size))) + return 0; #endif if (!infolist_new_var_string (ptr_item, "local_hostname", HOOK_CONNECT(ptr_hook, local_hostname))) return 0; @@ -2772,6 +2812,8 @@ hook_print_log () log_printf (" ipv6. . . . . . . . . : %d", HOOK_CONNECT(ptr_hook, ipv6)); #ifdef HAVE_GNUTLS log_printf (" gnutls_sess . . . . . : 0x%lx", HOOK_CONNECT(ptr_hook, gnutls_sess)); + log_printf (" gnutls_cb . . . . . . : 0x%lx", HOOK_CONNECT(ptr_hook, gnutls_cb)); + log_printf (" gnutls_dhkey_size . . : %d", HOOK_CONNECT(ptr_hook, gnutls_dhkey_size)); #endif log_printf (" local_hostname. . . . : '%s'", HOOK_CONNECT(ptr_hook, local_hostname)); log_printf (" child_read. . . . . . : %d", HOOK_CONNECT(ptr_hook, child_read)); diff --git a/src/core/wee-hook.h b/src/core/wee-hook.h index 67b1cac11..0f02778ca 100644 --- a/src/core/wee-hook.h +++ b/src/core/wee-hook.h @@ -184,6 +184,13 @@ typedef int (t_hook_callback_connect)(void *data, int status, const char *error, const char *ip_address); +#ifdef HAVE_GNUTLS +typedef int (gnutls_callback_t)(void *data, gnutls_session_t tls_session, + const gnutls_datum_t *req_ca, int nreq, + const gnutls_pk_algorithm_t *pk_algos, + int pk_algos_len, gnutls_retr_st *answer); +#endif + struct t_hook_connect { t_hook_callback_connect *callback; /* connect callback */ @@ -194,6 +201,8 @@ struct t_hook_connect int ipv6; /* IPv6 connection ? */ #ifdef HAVE_GNUTLS gnutls_session_t *gnutls_sess; /* GnuTLS session (SSL connection) */ + gnutls_callback_t *gnutls_cb; /* GnuTLS callback during handshake */ + int gnutls_dhkey_size; /* Diffie Hellman Key Exchange size */ #endif char *local_hostname; /* force local hostname (optional) */ int child_read; /* to read data in pipe from child */ @@ -345,10 +354,18 @@ extern struct t_hook *hook_process (struct t_weechat_plugin *plugin, extern struct t_hook *hook_connect (struct t_weechat_plugin *plugin, const char *proxy, const char *address, int port, int sock, int ipv6, - void *gnutls_session, + void *gnutls_session, void *gnutls_cb, + int gnutls_dhkey_size, const char *local_hostname, t_hook_callback_connect *callback, void *callback_data); +#ifdef HAVE_GNUTLS +extern int hook_connect_gnutls_set_certificates (gnutls_session_t tls_session, + const gnutls_datum_t *req_ca, int nreq, + const gnutls_pk_algorithm_t *pk_algos, + int pk_algos_len, + gnutls_retr_st *answer); +#endif extern struct t_hook *hook_print (struct t_weechat_plugin *plugin, struct t_gui_buffer *buffer, const char *tags, const char *message, diff --git a/src/core/wee-network.c b/src/core/wee-network.c index ae03d5ca3..971634458 100644 --- a/src/core/wee-network.c +++ b/src/core/wee-network.c @@ -62,14 +62,22 @@ const int gnutls_cert_type_prio[] = { GNUTLS_CRT_X509, GNUTLS_CRT_OPENPGP, 0 }; /* * network_init: init network */ - void network_init () { #ifdef HAVE_GNUTLS + char *CApath, *CApath2; + gnutls_global_init (); gnutls_certificate_allocate_credentials (&gnutls_xcred); - gnutls_certificate_set_x509_trust_file (gnutls_xcred, "ca.pem", GNUTLS_X509_FMT_PEM); + + CApath = string_replace (CONFIG_STRING(config_network_gnutls_ca_file), + "~", getenv ("HOME")); + CApath2 = string_replace (CApath, "%h", weechat_home); + + gnutls_certificate_set_x509_trust_file (gnutls_xcred, CApath2, GNUTLS_X509_FMT_PEM); + gnutls_certificate_client_set_retrieve_function (gnutls_xcred, + &hook_connect_gnutls_set_certificates); #endif } @@ -804,8 +812,10 @@ network_connect_child_read_cb (void *arg_hook_connect, int fd) { gnutls_transport_set_ptr (*HOOK_CONNECT(hook_connect, gnutls_sess), (gnutls_transport_ptr) ((unsigned long) HOOK_CONNECT(hook_connect, sock))); - gnutls_dh_set_prime_bits (*HOOK_CONNECT(hook_connect, gnutls_sess), - CONFIG_INTEGER(config_network_gnutls_dh_prime_bits)); + if (HOOK_CONNECT(hook_connect, gnutls_dhkey_size) > 0) { + gnutls_dh_set_prime_bits (*HOOK_CONNECT(hook_connect, gnutls_sess), + (unsigned int) HOOK_CONNECT(hook_connect, gnutls_dhkey_size)); + } while (1) { rc = gnutls_handshake (*HOOK_CONNECT(hook_connect, gnutls_sess)); diff --git a/src/core/wee-util.c b/src/core/wee-util.c index bfdc38be5..1d99cf3aa 100644 --- a/src/core/wee-util.c +++ b/src/core/wee-util.c @@ -358,3 +358,35 @@ util_search_full_lib_name (const char *filename, const char *sys_directory) return name_with_ext; } + +/* + * util_file_get_content: read the content of a file + * return an allocated buffer with the file content + * else NULL if an error occured + * (the buffer must be freed by the caller) + */ + +char * +util_file_get_content (const char *filename) +{ + char *buffer; + FILE *f; + size_t count, fp; + + buffer = NULL; + fp = 0; + + f = fopen(filename, "r"); + if (f) { + while(!feof(f)) { + buffer = (char *) realloc(buffer, (fp + 1024*sizeof(char))); + count = fread(&buffer[fp], sizeof(char), 1024, f); + fp += count; + } + buffer = (char *) realloc(buffer, fp + sizeof(char)); + buffer[fp] = '\0'; + fclose(f); + } + + return buffer; +} diff --git a/src/core/wee-util.h b/src/core/wee-util.h index 03932a5b4..fa073fc09 100644 --- a/src/core/wee-util.h +++ b/src/core/wee-util.h @@ -34,5 +34,5 @@ extern void util_exec_on_files (const char *directory, int hidden_files, const char *filename)); extern char *util_search_full_lib_name (const char *filename, const char *sys_directory); - +extern char *util_file_get_content (const char *filename); #endif /* wee-util.h */ diff --git a/src/core/weechat.c b/src/core/weechat.c index 581d82b99..b3f36a8e8 100644 --- a/src/core/weechat.c +++ b/src/core/weechat.c @@ -377,7 +377,6 @@ main (int argc, char *argv[]) weechat_local_charset = strdup (""); #endif utf8_init (); - network_init (); util_catch_signal (SIGINT, SIG_IGN); /* ignore SIGINT signal */ util_catch_signal (SIGQUIT, SIG_IGN); /* ignore SIGQUIT signal */ @@ -398,6 +397,7 @@ main (int argc, char *argv[]) log_init (); /* init log file */ if (config_weechat_read () < 0) /* read WeeChat configuration */ exit (EXIT_FAILURE); + network_init (); /* init networking */ gui_main_init (); /* init WeeChat interface */ if (weechat_upgrading) { diff --git a/src/plugins/irc/irc-config.c b/src/plugins/irc/irc-config.c index 37b2a8edc..89d841363 100644 --- a/src/plugins/irc/irc-config.c +++ b/src/plugins/irc/irc-config.c @@ -806,6 +806,42 @@ irc_config_server_new_option (struct t_config_file *config_file, callback_change, callback_change_data, NULL, NULL); break; + case IRC_SERVER_OPTION_SSL_CERT: + new_option = weechat_config_new_option ( + config_file, section, + option_name, "string", + N_("ssl certificate file used to automatically identify your nick"), + NULL, 0, 0, + default_value, value, + null_value_allowed, + NULL, NULL, + callback_change, callback_change_data, + NULL, NULL); + break; + case IRC_SERVER_OPTION_SSL_DHKEY_SIZE: + new_option = weechat_config_new_option ( + config_file, section, + option_name, "integer", + N_("size of the key used during the Diffie-Hellman Key Exchange"), + NULL, 0, INT_MAX, + default_value, value, + null_value_allowed, + NULL, NULL, + callback_change, callback_change_data, + NULL, NULL); + break; + case IRC_SERVER_OPTION_SSL_VERIFY: + new_option = weechat_config_new_option ( + config_file, section, + option_name, "boolean", + N_("check that the ssl connection is fully trusted"), + NULL, 0, 0, + default_value, value, + null_value_allowed, + NULL, NULL, + callback_change, callback_change_data, + NULL, NULL); + break; case IRC_SERVER_OPTION_PASSWORD: new_option = weechat_config_new_option ( config_file, section, diff --git a/src/plugins/irc/irc-display.c b/src/plugins/irc/irc-display.c index aa2e9d78c..ce84997b7 100644 --- a/src/plugins/irc/irc-display.c +++ b/src/plugins/irc/irc-display.c @@ -205,6 +205,30 @@ irc_display_server (struct t_irc_server *server, int with_detail) IRC_COLOR_CHAT_VALUE, weechat_config_boolean (server->options[IRC_SERVER_OPTION_SSL]) ? _("on") : _("off")); + + if (weechat_config_option_is_null (server->options[IRC_SERVER_OPTION_SSL_CERT])) + weechat_printf (NULL, " ssl_cert . . . . . . : ('%s')", + IRC_SERVER_OPTION_STRING(server, IRC_SERVER_OPTION_SSL_CERT)); + else + weechat_printf (NULL, " ssl_cert . . . . . . : %s'%s'", + IRC_COLOR_CHAT_VALUE, + weechat_config_string (server->options[IRC_SERVER_OPTION_SSL_CERT])); + if (weechat_config_option_is_null (server->options[IRC_SERVER_OPTION_SSL_DHKEY_SIZE])) + weechat_printf (NULL, " ssl_dhkey_size . . . : (%d)", + IRC_SERVER_OPTION_INTEGER(server, IRC_SERVER_OPTION_SSL_DHKEY_SIZE)); + else + weechat_printf (NULL, " ssl_dhkey_size . . . : %s%d", + IRC_COLOR_CHAT_VALUE, + weechat_config_integer (server->options[IRC_SERVER_OPTION_SSL_DHKEY_SIZE])); + if (weechat_config_option_is_null (server->options[IRC_SERVER_OPTION_SSL_VERIFY])) + weechat_printf (NULL, " ssl_verify . . . . . : (%s)", + (IRC_SERVER_OPTION_BOOLEAN(server, IRC_SERVER_OPTION_SSL_VERIFY)) ? + _("on") : _("off")); + else + weechat_printf (NULL, " ssl_verify . . . . . : %s%s", + IRC_COLOR_CHAT_VALUE, + weechat_config_boolean (server->options[IRC_SERVER_OPTION_SSL_VERIFY]) ? + _("on") : _("off")); if (weechat_config_option_is_null (server->options[IRC_SERVER_OPTION_PASSWORD])) weechat_printf (NULL, " password . . . . . . : %s", _("(hidden)")); diff --git a/src/plugins/irc/irc-server.c b/src/plugins/irc/irc-server.c index 8ccaf67db..2d3fbb14d 100644 --- a/src/plugins/irc/irc-server.c +++ b/src/plugins/irc/irc-server.c @@ -35,6 +35,7 @@ #ifdef HAVE_GNUTLS #include <gnutls/gnutls.h> +#include <gnutls/x509.h> #endif #include "../weechat-plugin.h" @@ -59,12 +60,13 @@ struct t_irc_message *irc_msgq_last_msg = NULL; char *irc_server_option_string[IRC_SERVER_NUM_OPTIONS] = { "addresses", "proxy", "ipv6", "ssl", "password", "autoconnect", "autoreconnect", "autoreconnect_delay", "nicks", "username", "realname", - "local_hostname", "command", "command_delay", "autojoin", "autorejoin" + "local_hostname", "command", "command_delay", "autojoin", "autorejoin", + "ssl_cert", "ssl_dhkey_size", "ssl_verify", }; char *irc_server_option_default[IRC_SERVER_NUM_OPTIONS] = -{ "", "", "off", "off", "", "off", "on", "30", "", "", "", "", "", "0", "", - "off" +{ "", "", "off", "off", "", "off", "on", "30", "", + "", "", "", "", "0", "", "off", "", "2048", "on", }; @@ -2106,6 +2108,219 @@ irc_server_create_buffer (struct t_irc_server *server) return server->buffer; } +#ifdef HAVE_GNUTLS +/* + * irc_server_gnutls_callback: gnutls callback called during handshake + * + */ +int +irc_server_gnutls_callback (void *data, gnutls_session_t tls_session, + const gnutls_datum_t *req_ca, int nreq, + const gnutls_pk_algorithm_t *pk_algos, + int pk_algos_len, gnutls_retr_st *answer) +{ + struct t_irc_server *server; + gnutls_retr_st tls_struct; + gnutls_x509_crt_t tls_cert; + gnutls_x509_privkey_t tls_cert_key; + gnutls_x509_crt_t cert_temp; + const gnutls_datum_t *cert_list; + gnutls_datum_t filedatum, cinfo; + unsigned int cert_list_len, status; + time_t cert_time; + char *cert_path0, *cert_path1, *cert_path2, *cert_str, *hostname; + const char *weechat_dir; + int rc, i, j, rinfo, hostname_match; + + /* make C compiler happy */ + (void) req_ca; + (void) nreq; + (void) pk_algos; + (void) pk_algos_len; + + if (!data) + return -1; + + server = (struct t_irc_server *) data; + hostname = server->addresses_array[server->index_current_address]; + hostname_match = 0; + + weechat_printf (server->buffer, + _("gnutls: connected using %d-bit Diffie-Hellman shared " + "secret exchange"), + IRC_SERVER_OPTION_INTEGER (server, + IRC_SERVER_OPTION_SSL_DHKEY_SIZE)); + if (gnutls_certificate_verify_peers2 (tls_session, &status) < 0) + { + weechat_printf (server->buffer, + _("%sgnutls: error while checking peer's certificate"), + weechat_prefix ("error")); + rc = -1; + } + else + { + /* some checks */ + if (status & GNUTLS_CERT_INVALID) + { + weechat_printf (server->buffer, + _("%sgnutls: peer's certificate is NOT trusted"), + weechat_prefix ("error")); + rc = -1; + } + else + { + weechat_printf (server->buffer, + _("gnutls: peer's certificate is trusted")); + } + if (status & GNUTLS_CERT_SIGNER_NOT_FOUND) + { + weechat_printf (server->buffer, + _("%sgnutls: peer's certificate issuer is unknown"), + weechat_prefix ("error")); + rc = -1; + } + if (status & GNUTLS_CERT_REVOKED) + { + weechat_printf (server->buffer, + _("%sgnutls: the certificate has been revoked"), + weechat_prefix ("error")); + rc = -1; + } + + /* check certificates */ + if (gnutls_x509_crt_init (&cert_temp) >= 0) + { + cert_list = gnutls_certificate_get_peers (tls_session, &cert_list_len); + if (cert_list) + { + weechat_printf (server->buffer, + NG_("gnutls: receiving %d certificate", + "gnutls: receiving %d certificates", + cert_list_len), + cert_list_len); + for (i = 0, j = (int) cert_list_len; i < j; i++) + { + if (gnutls_x509_crt_import (cert_temp, &cert_list[i], GNUTLS_X509_FMT_DER) >= 0) + { + /* checking if hostname matches in the first certificate */ + if (i == 0 && gnutls_x509_crt_check_hostname (cert_temp, hostname) != 0) + { + hostname_match = 1; + } + /* displaying infos about certificate */ + rinfo = gnutls_x509_crt_print (cert_temp, GNUTLS_CRT_PRINT_ONELINE, &cinfo); + if (rinfo == 0) + { + weechat_printf (server->buffer, + _(" - certificate[%d] info:"), i + 1); + weechat_printf (server->buffer, + " - %s", cinfo.data); + gnutls_free (cinfo.data); + } + /* check expiration date */ + cert_time = gnutls_x509_crt_get_expiration_time (cert_temp); + if (cert_time < time(NULL)) + { + weechat_printf (server->buffer, + _("%sgnutls: certificate has expired"), + weechat_prefix ("error")); + rc = -1; + } + /* check expiration date */ + cert_time = gnutls_x509_crt_get_activation_time (cert_temp); + if (cert_time > time(NULL)) + { + weechat_printf (server->buffer, + _("%sgnutls: certificate is not yet activated"), + weechat_prefix ("error")); + rc = -1; + } + } + } + if (hostname_match == 0) + { + weechat_printf (server->buffer, + _("%sgnutls: the hostname in the " + "certificate does NOT match \"%s\""), + weechat_prefix ("error"), hostname); + rc = -1; + } + } + } + } + + /* using client certificate if it exists */ + cert_path0 = (char *) IRC_SERVER_OPTION_STRING(server, IRC_SERVER_OPTION_SSL_CERT); + if (cert_path0 && cert_path0[0]) + { + weechat_dir = weechat_info_get ("weechat_dir", ""); + cert_path1 = weechat_string_replace (cert_path0, "%h", weechat_dir); + cert_path2 = (cert_path1) ? + weechat_string_replace (cert_path1, "~", getenv ("HOME")) : NULL; + + if (cert_path2) + { + cert_str = weechat_file_get_content (cert_path2); + if (cert_str) + { + weechat_printf (server->buffer, + _("gnutls: sending one certificate")); + + filedatum.data = (unsigned char *) cert_str; + filedatum.size = strlen (cert_str); + + /* certificate */ + gnutls_x509_crt_init (&tls_cert); + gnutls_x509_crt_import (tls_cert, &filedatum, GNUTLS_X509_FMT_PEM); + + /* key */ + gnutls_x509_privkey_init (&tls_cert_key); + gnutls_x509_privkey_import (tls_cert_key, &filedatum, GNUTLS_X509_FMT_PEM); + + tls_struct.type = GNUTLS_CRT_X509; + tls_struct.ncerts = 1; + tls_struct.deinit_all = 0; + tls_struct.cert.x509 = &tls_cert; + tls_struct.key.x509 = tls_cert_key; + + /* client certificate info */ + rinfo = gnutls_x509_crt_print (tls_cert, GNUTLS_CRT_PRINT_ONELINE, &cinfo); + if (rinfo == 0) + { + weechat_printf (server->buffer, + _(" - client certificate info (%s):"), cert_path2); + weechat_printf (server->buffer, " - %s", cinfo.data); + gnutls_free (cinfo.data); + } + + memcpy(answer, &tls_struct, sizeof (gnutls_retr_st)); + free (cert_str); + } + else + { + weechat_printf (server->buffer, + _("%sgnutls: unable to read certifcate \"%s\""), + weechat_prefix ("error"), cert_path2); + } + } + + if (cert_path1) + free (cert_path1); + if (cert_path2) + free (cert_path2); + } + + /* an error should stop the handshake unless the user doesn't care */ + if ((rc == -1) + && (IRC_SERVER_OPTION_BOOLEAN(server, IRC_SERVER_OPTION_SSL_VERIFY) == 0)) + { + rc = 0; + } + + return rc; +} +#endif + /* * irc_server_connect: connect to an IRC server * Return: 1 if ok @@ -2313,6 +2528,7 @@ irc_server_connect (struct t_irc_server *server) server->ssl_connected = 1; #endif + server->hook_connect = weechat_hook_connect (proxy, server->addresses_array[server->index_current_address], server->ports_array[server->index_current_address], @@ -2320,8 +2536,10 @@ irc_server_connect (struct t_irc_server *server) IRC_SERVER_OPTION_BOOLEAN(server, IRC_SERVER_OPTION_IPV6), #ifdef HAVE_GNUTLS (server->ssl_connected) ? &server->gnutls_sess : NULL, + (server->ssl_connected) ? irc_server_gnutls_callback : NULL, + IRC_SERVER_OPTION_INTEGER(server, IRC_SERVER_OPTION_SSL_DHKEY_SIZE), #else - NULL, + NULL, NULL, 0, #endif IRC_SERVER_OPTION_STRING(server, IRC_SERVER_OPTION_LOCAL_HOSTNAME), &irc_server_connect_cb, @@ -2917,6 +3135,15 @@ irc_server_add_to_infolist (struct t_infolist *infolist, if (!weechat_infolist_new_var_integer (ptr_item, "ssl", IRC_SERVER_OPTION_BOOLEAN(server, IRC_SERVER_OPTION_SSL))) return 0; + if (!weechat_infolist_new_var_string (ptr_item, "ssl_cert", + IRC_SERVER_OPTION_STRING(server, IRC_SERVER_OPTION_SSL_CERT))) + return 0; + if (!weechat_infolist_new_var_integer (ptr_item, "ssl_dhkey_size", + IRC_SERVER_OPTION_INTEGER(server, IRC_SERVER_OPTION_SSL_DHKEY_SIZE))) + return 0; + if (!weechat_infolist_new_var_integer (ptr_item, "ssl_verify", + IRC_SERVER_OPTION_BOOLEAN(server, IRC_SERVER_OPTION_SSL_VERIFY))) + return 0; if (!weechat_infolist_new_var_string (ptr_item, "password", IRC_SERVER_OPTION_STRING(server, IRC_SERVER_OPTION_PASSWORD))) return 0; @@ -3043,6 +3270,26 @@ irc_server_print_log () weechat_log_printf (" ssl. . . . . . . . . : %s", weechat_config_boolean (ptr_server->options[IRC_SERVER_OPTION_SSL]) ? "on" : "off"); + if (weechat_config_option_is_null (ptr_server->options[IRC_SERVER_OPTION_SSL_CERT])) + weechat_log_printf (" ssl_cert . . . . . . : null ('%s')", + IRC_SERVER_OPTION_STRING(ptr_server, IRC_SERVER_OPTION_SSL_CERT)); + else + weechat_log_printf (" ssl_cert . . . . . . : '%s'", + weechat_config_string (ptr_server->options[IRC_SERVER_OPTION_SSL_CERT])); + if (weechat_config_option_is_null (ptr_server->options[IRC_SERVER_OPTION_SSL_DHKEY_SIZE])) + weechat_log_printf (" ssl_dhkey_size . . . : null ('%d')", + IRC_SERVER_OPTION_INTEGER(ptr_server, IRC_SERVER_OPTION_SSL_DHKEY_SIZE)); + else + weechat_log_printf (" ssl_dhkey_size . . . : '%d'", + weechat_config_integer (ptr_server->options[IRC_SERVER_OPTION_SSL_DHKEY_SIZE])); + if (weechat_config_option_is_null (ptr_server->options[IRC_SERVER_OPTION_SSL_VERIFY])) + weechat_log_printf (" ssl_verify . . . . . : null (%s)", + (IRC_SERVER_OPTION_BOOLEAN(ptr_server, IRC_SERVER_OPTION_SSL_VERIFY)) ? + "on" : "off"); + else + weechat_log_printf (" ssl_verify . . . . . : %s", + weechat_config_boolean (ptr_server->options[IRC_SERVER_OPTION_SSL_VERIFY]) ? + "on" : "off"); if (weechat_config_option_is_null (ptr_server->options[IRC_SERVER_OPTION_PASSWORD])) weechat_log_printf (" password . . . . . . : null"); else diff --git a/src/plugins/irc/irc-server.h b/src/plugins/irc/irc-server.h index a0445fec2..137278e38 100644 --- a/src/plugins/irc/irc-server.h +++ b/src/plugins/irc/irc-server.h @@ -49,6 +49,9 @@ enum t_irc_server_option IRC_SERVER_OPTION_COMMAND_DELAY, /* delay after execution of command */ IRC_SERVER_OPTION_AUTOJOIN, /* channels to automatically join */ IRC_SERVER_OPTION_AUTOREJOIN, /* auto rejoin channels when kicked */ + IRC_SERVER_OPTION_SSL_CERT, /* client ssl certificate file */ + IRC_SERVER_OPTION_SSL_DHKEY_SIZE, /* Diffie Hellman key size */ + IRC_SERVER_OPTION_SSL_VERIFY, /* check if the connection is trusted */ /* number of server options */ IRC_SERVER_NUM_OPTIONS, }; @@ -111,9 +114,7 @@ struct t_irc_server struct t_hook *hook_fd; /* hook for server socket */ int is_connected; /* 1 if WeeChat is connected to server */ int ssl_connected; /* = 1 if connected with SSL */ -#ifdef HAVE_GNUTLS gnutls_session_t gnutls_sess; /* gnutls session (only if SSL is used) */ -#endif char *unterminated_message; /* beginning of a message in input buf */ int nicks_count; /* number of nicknames */ char **nicks_array; /* nicknames (after split) */ diff --git a/src/plugins/plugin.c b/src/plugins/plugin.c index 4fc0a2ed4..b5fc5c5a8 100644 --- a/src/plugins/plugin.c +++ b/src/plugins/plugin.c @@ -407,6 +407,7 @@ plugin_load (const char *filename) new_plugin->mkdir = &util_mkdir; new_plugin->mkdir_parents = &util_mkdir_parents; new_plugin->exec_on_files = &util_exec_on_files; + new_plugin->file_get_content = &util_file_get_content; new_plugin->timeval_cmp = &util_timeval_cmp; new_plugin->timeval_diff = &util_timeval_diff; diff --git a/src/plugins/scripts/lua/weechat-lua-api.c b/src/plugins/scripts/lua/weechat-lua-api.c index df5d07cd4..85968d721 100644 --- a/src/plugins/scripts/lua/weechat-lua-api.c +++ b/src/plugins/scripts/lua/weechat-lua-api.c @@ -3615,6 +3615,8 @@ weechat_lua_api_hook_connect (lua_State *L) sock, ipv6, NULL, /* gnutls session */ + NULL, /* gnutls callback */ + 0, /* gnutls DH key size */ local_hostname, &weechat_lua_api_hook_connect_cb, function, diff --git a/src/plugins/scripts/perl/weechat-perl-api.c b/src/plugins/scripts/perl/weechat-perl-api.c index e5e528dca..4b12fff25 100644 --- a/src/plugins/scripts/perl/weechat-perl-api.c +++ b/src/plugins/scripts/perl/weechat-perl-api.c @@ -3044,6 +3044,8 @@ XS (XS_weechat_api_hook_connect) SvIV (ST (3)), /* sock */ SvIV (ST (4)), /* ipv6 */ NULL, /* gnutls session */ + NULL, /* gnutls callback */ + 0, /* gnutls DH key size */ local_hostname, &weechat_perl_api_hook_connect_cb, function, diff --git a/src/plugins/scripts/python/weechat-python-api.c b/src/plugins/scripts/python/weechat-python-api.c index 2c77a00db..a839093a0 100644 --- a/src/plugins/scripts/python/weechat-python-api.c +++ b/src/plugins/scripts/python/weechat-python-api.c @@ -3217,6 +3217,8 @@ weechat_python_api_hook_connect (PyObject *self, PyObject *args) sock, ipv6, NULL, /* gnutls session */ + NULL, /* gnutls callback */ + 0, /* gnutls DH key size */ local_hostname, &weechat_python_api_hook_connect_cb, function, diff --git a/src/plugins/scripts/ruby/weechat-ruby-api.c b/src/plugins/scripts/ruby/weechat-ruby-api.c index 71183fd2b..31d4490cc 100644 --- a/src/plugins/scripts/ruby/weechat-ruby-api.c +++ b/src/plugins/scripts/ruby/weechat-ruby-api.c @@ -3724,6 +3724,8 @@ weechat_ruby_api_hook_connect (VALUE class, VALUE proxy, VALUE address, c_sock, c_ipv6, NULL, /* gnutls session */ + NULL, /* gnutls callback */ + 0, /* gnutls DH key size */ c_local_hostname, &weechat_ruby_api_hook_connect_cb, c_function, diff --git a/src/plugins/scripts/script-api.c b/src/plugins/scripts/script-api.c index d9b25f0f6..2eaabeefc 100644 --- a/src/plugins/scripts/script-api.c +++ b/src/plugins/scripts/script-api.c @@ -926,6 +926,7 @@ script_api_hook_connect (struct t_weechat_plugin *weechat_plugin, struct t_plugin_script *script, const char *proxy, const char *address, int port, int sock, int ipv6, void *gnutls_sess, + void *gnutls_cb, int gnutls_dhkey_size, const char *local_hostname, int (*callback)(void *data, int status, const char *error, @@ -941,7 +942,8 @@ script_api_hook_connect (struct t_weechat_plugin *weechat_plugin, return NULL; new_hook = weechat_hook_connect (proxy, address, port, sock, ipv6, - gnutls_sess, local_hostname, callback, + gnutls_sess, gnutls_cb, gnutls_dhkey_size, + local_hostname, callback, new_script_callback); if (!new_hook) { diff --git a/src/plugins/scripts/script-api.h b/src/plugins/scripts/script-api.h index 2e5445100..434660f7f 100644 --- a/src/plugins/scripts/script-api.h +++ b/src/plugins/scripts/script-api.h @@ -169,7 +169,8 @@ extern struct t_hook *script_api_hook_connect (struct t_weechat_plugin *weechat_ int port, int sock, int ipv6, - void *gnutls_sess, + void *gnutls_sess, void *gnutls_cb, + int gnutls_dhkey_size, const char *local_hostname, int (*callback)(void *data, int status, diff --git a/src/plugins/scripts/tcl/weechat-tcl-api.c b/src/plugins/scripts/tcl/weechat-tcl-api.c index f7acb8ae0..04a654475 100644 --- a/src/plugins/scripts/tcl/weechat-tcl-api.c +++ b/src/plugins/scripts/tcl/weechat-tcl-api.c @@ -3462,6 +3462,8 @@ weechat_tcl_api_hook_connect (ClientData clientData, Tcl_Interp *interp, sock, ipv6, NULL, /* gnutls session */ + NULL, /* gnutls callback */ + 0, /* gnutls DH key size */ local_hostname, &weechat_tcl_api_hook_connect_cb, function, diff --git a/src/plugins/weechat-plugin.h b/src/plugins/weechat-plugin.h index 7d6d54093..9a3e79c0a 100644 --- a/src/plugins/weechat-plugin.h +++ b/src/plugins/weechat-plugin.h @@ -34,7 +34,7 @@ struct t_weelist; struct timeval; /* API version (used to check that plugin has same API and can be loaded) */ -#define WEECHAT_PLUGIN_API_VERSION "20090614-02" +#define WEECHAT_PLUGIN_API_VERSION "20091107-01" /* macros for defining plugin infos */ #define WEECHAT_PLUGIN_NAME(__name) \ @@ -190,12 +190,13 @@ struct t_weechat_plugin int (*utf8_pos) (const char *string, int real_pos); char *(*utf8_strndup) (const char *string, int length); - /* directories */ + /* directories/files */ int (*mkdir_home) (const char *directory, int mode); int (*mkdir) (const char *directory, int mode); int (*mkdir_parents) (const char *directory, int mode); void (*exec_on_files) (const char *directory, int hidden_files, void *data, void (*callback)(void *data, const char *filename)); + char *(*file_get_content) (const char *filename); /* util */ int (*timeval_cmp) (struct timeval *tv1, struct timeval *tv2); @@ -395,7 +396,8 @@ struct t_weechat_plugin int port, int sock, int ipv6, - void *gnutls_sess, + void *gnutls_sess, void *gnutls_cb, + int gnutls_dhkey_size, const char *local_hostname, int (*callback)(void *data, int status, @@ -758,6 +760,8 @@ extern int weechat_plugin_end (struct t_weechat_plugin *plugin); __callback) \ weechat_plugin->exec_on_files(__directory, __hidden_files, __data, \ __callback) +#define weechat_file_get_content(__filename) \ + weechat_plugin->file_get_content(__filename) /* util */ #define weechat_timeval_cmp(__time1, __time2) \ @@ -972,10 +976,12 @@ extern int weechat_plugin_end (struct t_weechat_plugin *plugin); weechat_plugin->hook_process(weechat_plugin, __command, __timeout, \ __callback, __callback_data) #define weechat_hook_connect(__proxy, __address, __port, __sock, \ - __ipv6, __gnutls_sess, __local_hostname, \ + __ipv6, __gnutls_sess, __gnutls_cb, \ + __gnutls_dhkey_size, __local_hostname, \ __callback, __data) \ weechat_plugin->hook_connect(weechat_plugin, __proxy, __address, \ __port, __sock, __ipv6, __gnutls_sess, \ + __gnutls_cb, __gnutls_dhkey_size, \ __local_hostname, __callback, __data) #define weechat_hook_print(__buffer, __tags, __msg, __strip__colors, \ __callback, __data) \ |