Track the address family of the last failed connection attempt
(either immediately or during TLS handshake), then disprefer
that address family during reconnection.
This patch adds two new options to /CONNECT and /SERVER to let the user
pin either an x509 certificate and/or the public key of a given server.
It is possible to fetch the certificate outside of Irssi itself to
verify the checksum. To fetch the certificate call:
$ openssl s_client -connect chat.freenode.net:6697 < /dev/null 2>/dev/null | \
openssl x509 > freenode.cert
This will download chat.freenode.net:6697's TLS certificate and put it into the
file freenode.cert.
-tls_pinned_cert
----------------
This option allows you to specify the SHA-256 hash of the x509
certificate. When succesfully connected to the server, irssi will verify
that the given server certificate matches the pin set by the user.
The SHA-256 hash of a given certificate can be verified outside of irssi
using the OpenSSL command line tool:
$ openssl x509 -in freenode.cert -fingerprint -sha256 -noout
-tls_pinned_pubkey
------------------
This option allows you to specify the SHA-256 hash of the subject public key
information section of the server certificate. This section contains both the
cryptographic parameters for the public key, but also information about the
algorithm used together with the public key parameters.
When succesfully connected to the server, irssi will verify that the
given public key matches the pin set by the user.
The SHA-256 hash of a public key can be verified outside of irssi using
the OpenSSL command line tool:
$ openssl x509 -in freenode.cert -pubkey -noout | \
openssl pkey -pubin -outform der | \
openssl dgst -sha256 -c | \
tr a-z A-Z
It is possible to specify both -tls_pinned_cert and -tls_pinned_pubkey
together.
This patch changes the internal name of SSL to TLS. We also add -tls_*
options to /CONNECT and /SERVER, but make sure that the -ssl_* versions
of the commands continue to work like before.
Passing this option will force Irssi to not execute the content of the
autosendcmd chatnet-setting upon connect.
Fixes: #738
git-svn-id: file:///var/www/svn.irssi.org/SVN/irssi/trunk@5209 dbcabf3a-b0e7-0310-adc4-f8d773084564
certificate. See the -ssl_* options for /SERVER and /SERVER ADD. Patch by
Joel Eriksson <je-irssi@bitnux.com>.
git-svn-id: http://svn.irssi.org/repos/irssi/trunk@3146 dbcabf3a-b0e7-0310-adc4-f8d773084564
check the errno if connect() fails.
Added support for connecting to named UNIX sockets. Some cleanups with
session handling / server connecting as well.
git-svn-id: http://svn.irssi.org/repos/irssi/trunk@2819 dbcabf3a-b0e7-0310-adc4-f8d773084564
a lot in reconnects etc. this should make it easier to track when it's
supposed to be destroyed. Hopefully fixes a crash I assume is related to
this but couldn't find..
git-svn-id: http://svn.irssi.org/repos/irssi/trunk@1880 dbcabf3a-b0e7-0310-adc4-f8d773084564
Several other related multiprotocol updates.
Removed /SILCSERVER from SILC, /CONNECT and /SERVER should work
properly now. Rejoining channels after reconnection works.
git-svn-id: http://svn.irssi.org/repos/irssi/trunk@1245 dbcabf3a-b0e7-0310-adc4-f8d773084564
connect to IPv4 or IPv6 address of the server. If -host or /SET
hostname is set irssi determines from it if it should use IPv4 or v6.
git-svn-id: http://svn.irssi.org/repos/irssi/trunk@1192 dbcabf3a-b0e7-0310-adc4-f8d773084564
