summary refs log tree commit diff
Commit message (Collapse)AuthorAge
* Define one CERTBOT_PATH rather than two format stringsJune McEnroe2019-11-06
|
* Change license to GPLv3June McEnroe2019-11-06
| | | | | | | | | | | | | | > Notwithstanding any other provision of this License, if you modify the > Program, your modified version must prominently offer all users > interacting with it remotely through a computer network (if your version > supports such interaction) an opportunity to receive the Corresponding > Source of your version by providing access to the Corresponding Source > from a network server at no charge, through some standard or customary > means of facilitating copying of software. This potentially means that every freenode user, for example, is interacting with this software, and offering the corresponding source to each of them is an unreasonable burden.
* Add flag to generate a client certificateJune McEnroe2019-11-06
| | | | | This is essentially the command freenode tells you to run: <https://freenode.net/kb/answer/certfp>.
* Give SYNOPSIS Ars more informative namesJune McEnroe2019-11-06
|
* Expand SASL EXTERNAL documentationJune McEnroe2019-11-06
|
* Use explicit_bzero from LibreSSLJune McEnroe2019-11-06
|
* Clean up bounce.cJune McEnroe2019-11-05
|
* Use "priv" instead of "key" in optionsJune McEnroe2019-11-05
| | | | Let all words be four letter words.
* Use arc4random_bufJune McEnroe2019-11-05
|
* Add missing includeJune McEnroe2019-11-05
|
* Use one call to set client cert and keyJune McEnroe2019-11-05
|
* Implement SASL EXTERNALJune McEnroe2019-11-05
|
* Add options for TLS client certificateJune McEnroe2019-11-04
|
* Zero PASS parameterJune McEnroe2019-11-04
|
* Don't set directory modes on installJune McEnroe2019-11-04
|
* Hash client passwords with cryptJune McEnroe2019-11-04
|
* Move base64 to bounce.hJune McEnroe2019-11-04
|
* Rename bind-unix to bind-pathJune McEnroe2019-11-03
|
* Append bindHost to bindPath if it is a directoryJune McEnroe2019-11-03
|
* Set up /var/run/calico and /usr/local/etc/pounceJune McEnroe2019-11-03
|
* Set procname in calico rc scriptJune McEnroe2019-11-02
|
* Send an unrecognized_name alert when failing to dispatchJune McEnroe2019-11-02
|
* Fix name of SNIJune McEnroe2019-11-02
|
* Unlink UNIX socket at exitJune McEnroe2019-11-02
|
* Note calico in pounce CAVEATSJune McEnroe2019-11-02
|
* Add calico rc scriptJune McEnroe2019-11-02
|
* Apply capsicum to calicoJune McEnroe2019-11-02
|
* Fix trying to cap_rights_limit a NULL saveFileJune McEnroe2019-11-02
|
* Implement UNIX-domain bindingJune McEnroe2019-11-02
|
* Don't try to sendfd if connect failedJune McEnroe2019-11-02
|
* Document pounce -U flagJune McEnroe2019-11-02
| | | | Not yet implemented.
* Add SNI socket dispatcherJune McEnroe2019-11-02
| | | | pounce can't accept connections from it yet though!
* Limit saveFile to CAP_WRITEJune McEnroe2019-11-01
|
* Implement capsicum workaround for certbotJune McEnroe2019-11-01
|
* Reload certificates using openatJune McEnroe2019-11-01
| | | | | This is more versatile since files are more likely to be replaced than overwritten.
* Re-read cert and key from the same FILEsJune McEnroe2019-11-01
|
* Use capsicumJune McEnroe2019-11-01
|
* Use explicit_bzero to clear passwordsJune McEnroe2019-10-31
| | | | | GNU doesn't implement memset_s, but both FreeBSD and GNU implement explicit_bzero. Darwin doesn't, so #define it in terms of memset_s.
* Send clients their own QUIT on shutdownJune McEnroe2019-10-31
|
* Shrink client buffer sizeJune McEnroe2019-10-31
| | | | | | | Clients are generally not going to send huge amounts at a time, and IRC messages are limited to 512 bytes. If in the future we supported message tags from clients, which have a size limit of 8191 bytes, this would unfortunately have to be set much higher.
* Iterator over pollfds in reverseJune McEnroe2019-10-31
| | | | | | | | | | | This has two advantages: 1. When removing a client, we don't need to break the loop, since the swap-remove will replace the current pollfd with one we've already handled and we can safely move on to the next (previous) one. 2. If a new client connects for the same consumer (for example if the previous one is going to time out), it will start consuming messages for that consumer, rather than them being sent to the old client.
* Clear passwords from memory with memset_sJune McEnroe2019-10-31
|
* Clean up cert path documentationJune McEnroe2019-10-30
|
* Remove client count FIXMEJune McEnroe2019-10-30
| | | | This minor thing would take too much code convolution to do.
* Preserve consumers ptr in realloc failureJune McEnroe2019-10-30
|
* Add option for ring sizeJune McEnroe2019-10-30
|
* Set away status upon connectingJune McEnroe2019-10-30
|
* Add make target for localhost.crtJune McEnroe2019-10-30
| | | | Adapted from <https://letsencrypt.org/docs/certificates-for-localhost/>.
* Warn when consumers drop messagesJune McEnroe2019-10-30
|
* Allocate ring buffer at runtimeJune McEnroe2019-10-29
|