summary refs log tree commit diff
path: root/debian/compat (unfollow)
Commit message (Expand)Author
can't be connected to 2.1June McEnroe I think this emulates SO_REUSEADDR, which for some reason doesn't work on PF_UNIX. If the socket exists, check if connect(2) works, rather than clobbering the socket being used by a still-running instance. 2020-11-21Clean up main loop loopsJune McEnroe 2020-11-20Add lazy client registration timeoutJune McEnroe I don't think this is worth adding a configuration option for since real clients will definitely accomplish registration faster than 10s and it's long enough to even type out manually for testing. 2020-11-16Only allow clients to AUTHENTICATE if using a certJune McEnroe Otherwise the successful authentication message can leak information to unauthenticated clients when both certificate and password authentication are enabled. 2020-11-16Set client sockets non-blockingJune McEnroe Except for during writes. This prevents pounce getting blocked on a client sending only a partial TLS record, for example. Writes still need to block because pounce doesn't have a way to resume them. (And it would do so by having a buffer, but sockets already have a send buffer, so what would be the point of that?) I don't think it should be a problem since outside of stateSync, writes only happen when poll returns POLLOUT. I feel like ideally SO_SNDLOWAT would be set to guarantee a full IRC message can always be written on POLLOUT, but since it's actually TLS records being sent, it's not obvious what the size would be. I'm also making an assumption here that tls_read returning TLS_WANT_POLLOUT is unlikely to happen, since I don't actually set pollfd.events based on that. I'm not sure how wanting to resume a tls_read after a POLLOUT could be cleanly handled. I'm just going to hope that if it does happen, the regular poll loop will eventually sort it out... 2020-11-14Swap localAccept parameter orderJune McEnroe 2020-11-14Only send shutdown QUIT and ERROR to registered clientsJune McEnroe 2020-11-14Make struct Client publicJune McEnroe 2020-11-13Wait for POLLIN to do client tls_handshakeJune McEnroe Otherwise a client could cause pounce to hang (since the sockets are left blocking) by opening a connection without handshaking! Oops, that's pretty bad. Since the sockets are still blocking, a hang can still be caused by a client sending a partial handshake then waiting. More fixes to follow. pounce is slightly protected from this when used with calico, as it applies a timeout to waiting for the ClientHello. 2020-11-13Use a fixed size pollfd array in calicoJune McEnroe My thinking here is that it's better to not allocate in response to incoming connections. This also just makes the code a little simpler. 2020-11-13Disallow / anywhere in server nameJune McEnroe 2020-11-12Check bounds of ClientHello extensions lengthJune McEnroe 2020-11-10Report paths in unveil errorsJune McEnroe 2020-10-24contrib/palaver: Use open_memstream instead of fmemopenJune McEnroe Somehow I never knew about this function. Much better than fmemopen with mode "w". 2020-10-11Handle signals before the main loopJune McEnroe This is a long-standing issue I ignored. 2020-09-09Fix possibliy uninitialized error 2.0June McEnroe It won't be, but gcc thinks it might. 2020-08-31Refactor reserialization and client self-producingJune McEnroe 2020-08-30Add chmod+chown to certbot exampleJune McEnroe 2020-08-30Rearrange bounce.c, move non-main mains below mainJune McEnroe 2020-08-30Sandbox pounce with unveil(2)June McEnroe 2020-08-28Refactor certificate loading and load all certs from config pathsJune McEnroe 2020-08-27Sandbox pounce with pledge(2)June McEnroe unveil(2) is a bit complicated to apply to this, I'll have to think about it more. 2020-08-27Sandbox calico with pledge(2) and unveil(2)June McEnroe 2020-08-27Add support for OpenBSDJune McEnroe 2020-08-27Remove rc scriptsJune McEnroe 2020-08-27contrib/palaver: Fix documented database pathJune McEnroe 2020-08-27contrib/palaver: Remove rc scriptJune McEnroe 2020-08-27contrib/palaver: Fix database search and creationJune McEnroe 2020-08-27contrib/palaver: Use pounce's XDG directoryJune McEnroe 2020-08-27contrib/palaver: Only allow HTTPSJune McEnroe 2020-08-25Support the pounce_env rc variableJune McEnroe 2020-08-25Remove deprecated option namesJune McEnroe The next release will be 2.0 so these can be removed now. 2020-08-25Document configuration and data file searchJune McEnroe 2020-08-24Use dataOpen for save fileJune McEnroe 2020-08-24Use configOpen to load localCAJune McEnroe 2020-08-24Use configPath to load client cert/privJune McEnroe 2020-08-24Use configOpen in getopt_configJune McEnroe 2020-08-24Import xdg.c from catgirlJune McEnroe 2020-08-23Replace “RAND_bytes” by “getentropy”Issam E. Maghni This removes the dependency on libcrypto. Signed-off-by: Issam E. Maghni <issam.e.maghni@mailbox.org> 2020-08-16contrib/palaver: Add no message preview flagsJune McEnroe 2020-08-13contrib/palaver: Don't set channel for PMsJune McEnroe 2020-08-13Fix unintended interception of NICK after registrationJune McEnroe Another bug caused by trying to support broken clients. I'm annoyed. 2020-08-12Add Additional Components section to READMEJune McEnroe 2020-08-12Document -L / palaver optionJune McEnroe 2020-08-11contrib/palaver: Document service configurationJune McEnroe 2020-08-11contrib/palaver: Add install target and rc scriptJune McEnroe 2020-08-11contrib/palaver: Implement command and notificationsJune McEnroe