This patch adds support for the OTR protocol to irssi. This is an import
of the external irssi-otr project that we are now taking over
maintership for.
Major thanks to the original authors of Irssi-OTR: Uli Meis and David
Goulet. Thanks to the OTR community in #OTR on OFTC, thanks to everyone
who have helped testing the patches and submitted UI suggestions.
warning:
* may be buggy
This commit adds support for sideways splits into Irssi. To that regard,
there are a number of new commands available
the "R" commands:
/window new rsplit - make a new sideways split
/window rshow - show an existing window to the right
/window rgrow/rshrink/rsize/rbalance
- manipulate the size of your sideways split windows
the "D" commands:
/window dup/ddown/dleft/dright
- navigate the windows directionally, as an alternative to
/window up/down that you can bind to some key
/window move dleft/dright - the same for moving
Enjoy!
Add a more detailed paragraph about service bots
Fixes#699
I would like to add another paragraph about how freenode is
broken and spits at you the whole list instead of empty list
if you attempt to use network side filtering......
This patch removes support for DANE validation of TLS certificates.
There wasn't enough support in the IRC community to push for this on the
majority of bigger IRC networks. If you believe this should be
reintroduced into irssi, then please come up with an implementation that
does not rely on the libval library. It is causing a lot of troubles for
our downstream maintainers.
This patch adds two new options to /CONNECT and /SERVER to let the user
pin either an x509 certificate and/or the public key of a given server.
It is possible to fetch the certificate outside of Irssi itself to
verify the checksum. To fetch the certificate call:
$ openssl s_client -connect chat.freenode.net:6697 < /dev/null 2>/dev/null | \
openssl x509 > freenode.cert
This will download chat.freenode.net:6697's TLS certificate and put it into the
file freenode.cert.
-tls_pinned_cert
----------------
This option allows you to specify the SHA-256 hash of the x509
certificate. When succesfully connected to the server, irssi will verify
that the given server certificate matches the pin set by the user.
The SHA-256 hash of a given certificate can be verified outside of irssi
using the OpenSSL command line tool:
$ openssl x509 -in freenode.cert -fingerprint -sha256 -noout
-tls_pinned_pubkey
------------------
This option allows you to specify the SHA-256 hash of the subject public key
information section of the server certificate. This section contains both the
cryptographic parameters for the public key, but also information about the
algorithm used together with the public key parameters.
When succesfully connected to the server, irssi will verify that the
given public key matches the pin set by the user.
The SHA-256 hash of a public key can be verified outside of irssi using
the OpenSSL command line tool:
$ openssl x509 -in freenode.cert -pubkey -noout | \
openssl pkey -pubin -outform der | \
openssl dgst -sha256 -c | \
tr a-z A-Z
It is possible to specify both -tls_pinned_cert and -tls_pinned_pubkey
together.
This patch adds the TLS_REC structure. This structure is used to emit
information about the TLS handshake from the core of irssi to the
front-end layers such that we can display connection information to the
user.
This patch changes the internal name of SSL to TLS. We also add -tls_*
options to /CONNECT and /SERVER, but make sure that the -ssl_* versions
of the commands continue to work like before.
