1
0
mirror of https://github.com/irssi/irssi.git synced 2024-12-04 14:46:39 -05:00
Commit Graph

5260 Commits

Author SHA1 Message Date
LemonBoy
22ce6637c7 Merge pull request #577 from LemonBoy/flagz
Minor corrections to the netsplit code.
2016-11-25 21:52:42 +01:00
LemonBoy
1c0f048d2c Merge pull request #578 from ailin-nemui/dcc_buffer
add a static buffer for dcc received data
2016-11-25 21:52:30 +01:00
LemonBoy
5f0e755a00 Don't shadow the 'channel' variable when printing the netjoins.
This is the root cause of #567
2016-11-23 22:22:37 +01:00
ailin-nemui
dcffa98d46 add a static buffer for dcc received data
increased buffersize might make irssi freeze less / #159
2016-11-23 17:02:29 +01:00
LemonBoy
7574bed26c Minor corrections to the netsplit code. 2016-11-23 16:11:38 +01:00
ailin-nemui
1aff5c2c97 Merge pull request #574 from lotheac/master
add completion_empty_line setting
2016-11-11 12:18:35 +01:00
Lauri Tirkkonen
4cbf279d88 add completion_empty_line setting 2016-11-08 16:27:38 +02:00
ailin-nemui
c1a28770fb Merge pull request #573 from ailin-nemui/master
add missing inheritance to Exec item from 3532fc46
2016-11-02 13:24:21 +01:00
ailin-nemui
43934ae9ad add missing inheritance to Exec item from 3532fc46 2016-11-01 17:08:28 +01:00
ailin-nemui
1652c8a561 Merge pull request #557 from irssi/ahf/tls-pr
TLS enhancements
2016-10-31 15:15:45 +01:00
Joseph Bisch
c98f5f23ea
enforce check that chatnets are nodelists to handle invalid config 2016-10-27 11:18:37 -04:00
Alexander Færøy
6a6196eebe
Kill bell_beeps.
Fixes #524
2016-10-23 21:24:12 +02:00
Alexander Færøy
bc4e2c9ade
Shorten the certificate chain output. 2016-10-23 02:51:08 +02:00
Alexander Færøy
322625b548
Only do checks for SSL_get_server_tmp_key in network-openssl.c. 2016-10-22 22:04:33 +02:00
Alexander Færøy
0a6e66f8b7
Kill do { ... } while (0); and replace it with goto's. 2016-10-22 22:04:33 +02:00
Alexander Færøy
d501a54f4f
Emit the TLS handshake finished signal before we do verification.
This patch moves the emitted "tls handshake finished" signal to before
we do validation of the given TLS certificate. This ensures that we
display certificate information before we possibly error out and
disconnects from the server.
2016-10-22 22:04:33 +02:00
Alexander Færøy
5a04430998
Kill support for DANE.
This patch removes support for DANE validation of TLS certificates.

There wasn't enough support in the IRC community to push for this on the
majority of bigger IRC networks. If you believe this should be
reintroduced into irssi, then please come up with an implementation that
does not rely on the libval library. It is causing a lot of troubles for
our downstream maintainers.
2016-10-22 22:04:33 +02:00
Alexander Færøy
f533baa191
Lift EC_KEY declaration onto the entry of the function. 2016-10-22 22:04:32 +02:00
Alexander Færøy
25824e2d3f
Lift ASN1_STRING declaration onto the entry of the function. 2016-10-22 22:04:32 +02:00
Alexander Færøy
4e170c5233
Declare variables in the beginning of the function. 2016-10-22 22:04:32 +02:00
Alexander Færøy
53d772e48b
Make sure we clean-up after ourself upon failure. 2016-10-22 22:04:31 +02:00
Alexander Færøy
5146ce9631
Add x509 certificate and public key pinning support.
This patch adds two new options to /CONNECT and /SERVER to let the user
pin either an x509 certificate and/or the public key of a given server.

It is possible to fetch the certificate outside of Irssi itself to
verify the checksum. To fetch the certificate call:

    $ openssl s_client -connect chat.freenode.net:6697 < /dev/null 2>/dev/null | \
      openssl x509 > freenode.cert

This will download chat.freenode.net:6697's TLS certificate and put it into the
file freenode.cert.

-tls_pinned_cert
----------------

This option allows you to specify the SHA-256 hash of the x509
certificate. When succesfully connected to the server, irssi will verify
that the given server certificate matches the pin set by the user.

The SHA-256 hash of a given certificate can be verified outside of irssi
using the OpenSSL command line tool:

    $ openssl x509 -in freenode.cert -fingerprint -sha256 -noout

-tls_pinned_pubkey
------------------

This option allows you to specify the SHA-256 hash of the subject public key
information section of the server certificate. This section contains both the
cryptographic parameters for the public key, but also information about the
algorithm used together with the public key parameters.

When succesfully connected to the server, irssi will verify that the
given public key matches the pin set by the user.

The SHA-256 hash of a public key can be verified outside of irssi using
the OpenSSL command line tool:

    $ openssl x509 -in freenode.cert -pubkey -noout | \
      openssl pkey -pubin -outform der | \
      openssl dgst -sha256 -c | \
      tr a-z A-Z

It is possible to specify both -tls_pinned_cert and -tls_pinned_pubkey
together.
2016-10-22 22:01:50 +02:00
Alexander Færøy
c6c2e79537
Display TLS connection information when connected to a TLS enabled server. 2016-10-22 21:58:50 +02:00
Alexander Færøy
1d101afe0d
s/SSL/TLS/ for warning strings. 2016-10-22 21:58:49 +02:00
Alexander Færøy
13f75d49e0
Simplify TLS verification error handling. 2016-10-22 21:58:49 +02:00
Alexander Færøy
b630fd1703
Populate and emit TLS_REC after TLS handshake have completed. 2016-10-22 21:58:49 +02:00
Alexander Færøy
99d017720d
Add TLS_REC.
This patch adds the TLS_REC structure. This structure is used to emit
information about the TLS handshake from the core of irssi to the
front-end layers such that we can display connection information to the
user.
2016-10-22 20:37:33 +02:00
Alexander Færøy
6a286a4eb2
Use TLS by default for Freenode, IRC6, OFTC, EsperNet, EFnet, and Rizon. 2016-10-22 20:37:12 +02:00
Alexander Færøy
2be7289085
Rename SSL to TLS.
This patch changes the internal name of SSL to TLS. We also add -tls_*
options to /CONNECT and /SERVER, but make sure that the -ssl_* versions
of the commands continue to work like before.
2016-10-22 20:36:50 +02:00
Alexander Færøy
da67d3e8e6
Add function to convert a buffer to a colon-delimited hex string.
This patch adds binary_to_hex(), which can take an input buffer and
convert it to colon-delimited hex strings suitable for printing for
fingerprints.
2016-10-22 20:36:50 +02:00
Alexander Færøy
6300dfec71
Always build irssi with TLS support.
This patch removes the optional checks for whether to build irssi with
TLS support or not. This will allow us to ship a default configuration
file where we connect to TLS enabled IRC servers out of the box.
2016-10-16 14:55:48 +02:00
ailin-nemui
fb78787d4e Merge pull request #556 from koollman/master
update INSTALL requirement: terminfo or ncurses for text frontend
2016-10-12 09:48:09 +02:00
ailin-nemui
61590f31df Merge pull request #465 from LemonBoy/netsplit-print
Some small adjustments to the netsplit code.
2016-10-11 16:12:35 +02:00
ailin-nemui
0fce47a5ad Merge pull request #555 from LemonBoy/attr-signedness
Make the cap_complete field unsigned.
2016-10-07 12:56:12 +02:00
Thomas Samson
d02ef83d03 update INSTALL requirement: terminfo or ncurses for text frontend 2016-10-05 01:01:25 +02:00
LemonBoy
3667fd9fd1 Make the cap_complete field unsigned.
Fixes a problem where the field would end up as a negative number when
exposed to the perl scripts.
And move it near the other bit-packed fields so we take advantage of the
packing.
2016-09-30 19:30:43 +02:00
ailin-nemui
8d4d313cc9 Merge pull request #506 from kruton/sasl-400-byte-chunk
SASL: handle fragmentation
2016-09-26 16:43:33 +02:00
ailin-nemui
2216ed19da Merge pull request #551 from ailin-nemui/fix-550
nullptr when doing module backward compat on invalid config
2016-09-26 15:44:47 +02:00
ailin-nemui
eb20a6c846 Merge pull request #548 from ailin-nemui/buf-fix
sync buf.pl
2016-09-26 14:08:55 +02:00
ailin-nemui
f9fd50a357 nullptr when doing module backward compat on invalid config 2016-09-25 23:17:20 +02:00
ailin-nemui
31044ec004 Merge pull request #542 from LemonBoy/xs-add
Expose the CAP fields to the perl scripts.
2016-09-22 17:10:33 +02:00
ailin-nemui
1405a87b56 Merge pull request #548 from ailin-nemui/buf-fix
sync buf.pl
2016-09-22 04:27:35 +02:00
ailin-nemui
d39ad6e559 sync buf.pl 2016-09-22 04:21:15 +02:00
ailin-nemui
c98f896dfc Merge branch 'integrate/0.8.20' 2016-09-21 16:00:04 +02:00
ailin-nemui
ac73255483 Merge branch 'master' into integrate/0.8.20 2016-09-21 15:59:33 +02:00
ailin-nemui
d9b4cb34dc Merge branch 'quarkslab' 2016-09-20 19:56:06 +02:00
ailin-nemui
20b5d4d982 Update NEWS for 0.8.20 2016-09-20 19:56:06 +02:00
ailin-nemui
295a4b77f0 Patches for heap corruption and missing bounds check
By Gabriel Campana and Adrien Guinet from Quarkslab.
2016-09-20 19:56:06 +02:00
ailin-nemui
b3c6cdbb91 Merge pull request #540 from LemonBoy/reset-autorun
/script reset can now also run the autorun scripts
2016-09-19 22:14:57 +02:00
LemonBoy
0e0d99587a Expose 'cap_toggle' to the perl scripts. 2016-09-15 20:38:04 +02:00