summary refs log tree commit diff
Commit message (Collapse)AuthorAge
* Handle TLS_WANT_POLL{IN,OUT} from tls_handshake(3) with serverJune McEnroe2021-08-20
|
* Use "secure" libtls ciphersJune McEnroe2021-08-20
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Ported from catgirl: commit 585039fb6e5097cfd16bc083c6d1c9356b237882 Author: Klemens Nanni <klemens@posteo.de> Date: Sun Jun 20 14:42:10 2021 +0000 Use "secure" libtls ciphers d3e90b6 'Use libtls "compat" ciphers' from 2018 fell back to "compat" ciphers to support irc.mozilla.org which now yields NXDOMAIN. All modern networks (should) support secure ciphers, so drop the hopefully unneeded list of less secure ciphers by avoiding tls_config_set_ciphers(3) and therefore sticking to the "secure" aka. "default" set of ciphers in libtls. A quick check shows that almost all of the big/known IRC networks support TLS1.3 already; those who do not at least comply with SSL_CTX_set_cipher_list(3)'s "HIGH" set as can be tested like this: echo \ irc.hackint.org \ irc.tilde.chat \ irc.libera.chat \ irc.efnet.nl \ irc.oftc.net | xargs -tn1 \ openssl s_client -quiet -cipher HIGH -no_ign_eof -port 6697 -host
* Use seprintf to build final 005June McEnroe2021-07-08
| | | | Rather than causing a tls_write(3) for each remaining token.
* Fix LDADD.crypt on DarwinJune McEnroe2021-06-19
|
* Add -m mode option to set user modesJune McEnroe2021-06-18
|
* Document channel keys in join optionJune McEnroe2021-06-18
|
* Use | to separate flags from config optionsJune McEnroe2021-06-18
| | | | | | | This lets mandoc generate tags for the option names as well, so you can ":t away" in less(1), for example, and anchor links in HTML output. The added No's prevent the equals signs from being part of the anchor links.
* Stop referring to server-time as IRCv3.2June McEnroe2021-06-18
| | | | | | IRCv3 has moved away from grouping specs together into versions like this. SASL is still referred to as IRCv3.2 because there are two different versions of that spec.
* Add mailing list archive to READMEJune McEnroe2021-06-17
|
* Stop accumulating ISUPPORT tokens once MOTD startsJune McEnroe2021-06-10
| | | | | This avoids duplicating tokens when a client sends VERSION and the server responds with its 005s again.
* Use seprintf for snip, removing strlcpynJune McEnroe2021-06-09
|
* Use seprintf for reserializeJune McEnroe2021-06-09
|
* Use seprintf for capListJune McEnroe2021-06-09
|
* Add seprintfJune McEnroe2021-06-09
| | | | | | | | | Based on seprint(2) from Plan 9. I'm not sure if my return value exactly matches Plan 9's in the case of truncation. seprint(2) is described only as returning a pointer to the terminating '\0', but if it does so even in the case of truncation, it is awkward for the caller to detect. This implementation returns end in the truncation case, so that (ptr == end) indicates truncation.
* Add pounce-notify to README 2.4June McEnroe2021-05-27
|
* Fix ENVIRONMENT formatting in pounce-notify(1)June McEnroe2021-05-27
|
* Add note about Libera.Chat SASL-only rangesJune McEnroe2021-05-27
|
* Add QUIRKS fileJune McEnroe2021-05-25
|
* Replace freenode with tilde.chatJune McEnroe2021-05-19
|
* notify: Reword pounce-notify manualJune McEnroe2021-05-04
|
* Clean up Makefiles, configure scriptsJune McEnroe2021-05-02
| | | | | | Default MANDIR to ${PREFIX}/man since it turns out man-db includes /usr/local/man by default. Add support for BINDIR. Separate libs out into LDADD variables.
* palaver: Exit on getopt failureJune McEnroe2021-04-30
| | | | Oops.
* notify: Implement pounce-notifyJune McEnroe2021-04-30
|
* notify: Add prospective manual page for pounce-notifyJune McEnroe2021-04-30
|
* Rename contrib to extraJune McEnroe2021-04-30
|
* palaver: Add -s flag for case-sensitive matchingJune McEnroe2021-04-30
|
* palaver: Remove last vestiges of rc scriptsJune McEnroe2021-04-29
|
* palaver: Track badge count per connection in SQLiteJune McEnroe2021-04-29
| | | | And send an accurate total badge count.
* palaver: Drop no longer used network fieldJune McEnroe2021-04-27
|
* Don't use :trailing parameter for JOINJune McEnroe2021-04-09
| | | | | It seems some IRCds don't even parse this correctly. It also should never have been done this way since it breaks sending channel keys.
* Add donation link to README 2.3June McEnroe2021-02-05
|
* Drop pledge capabilities after binding and connectingJune McEnroe2021-02-01
|
* Add Repology links to READMEJune McEnroe2021-01-28
| | | | | LibreTLS in particular is gaining traction in packaging, so point to Repology pages to make users' lives easier.
* Clarify configuration path interpretationsJune McEnroe2021-01-28
|
* Tighten up XDG base directory path handlingJune McEnroe2021-01-28
| | | | | | | Don't search base directories if path starts with "/", "./" or "../", but still do if the path simply starts with ".". Bail early if HOME is needed but unset. Don't attempt to open the original path in configOpen and dataOpen.
* Refactor hasTag to be usable in more placesJune McEnroe2021-01-24
|
* Support echo-message capabilityJune McEnroe2021-01-24
| | | | | | | Only request it with labeled-response, since it is impossible to correlate messages to clients without. For clients without echo-message, synthesize a label on PRIVMSG/NOTICE/TAGMSG, then filter out received messages with that label.
* Add -o and -t options to trust self-signed certificates 2.2June McEnroe2021-01-11
|
* Make SYNOPSIS arguments consistent with option namesJune McEnroe2021-01-11
|
* Allow interspersing flags and config filesJune McEnroe2021-01-11
| | | | | | Don't wait for getopt_long to move all the arguments to the end. This allows overriding options set by config files by placing flags after them on the command line.
* Send CAP END if CAP LS response is emptyJune McEnroe2020-12-21
| | | | | Or only unsupported caps. Or, as the corresponding commit in catgirl says, "if CAP LS doesn't list anything good."
* Alphabetize STANDARDS sectionsJune McEnroe2020-12-18
|
* Handle 437 ERR_UNAVAILRESOURCE like ERR_NICKNAMEINUSEJune McEnroe2020-12-05
| | | | | Not totally clear under what conditions 437 is returned, but if it happens during registration, we should pick a new nick.
* Use uint64_t for save file signature 2.1p1June McEnroe2020-11-28
| | | | This fixes building on 32-bit platforms.
* Unlink existing UNIX socket if it can't be connected to 2.1June McEnroe2020-11-23
| | | | | | I think this emulates SO_REUSEADDR, which for some reason doesn't work on PF_UNIX. If the socket exists, check if connect(2) works, rather than clobbering the socket being used by a still-running instance.
* Clean up main loop loopsJune McEnroe2020-11-21
|
* Add lazy client registration timeoutJune McEnroe2020-11-20
| | | | | | I don't think this is worth adding a configuration option for since real clients will definitely accomplish registration faster than 10s and it's long enough to even type out manually for testing.
* Only allow clients to AUTHENTICATE if using a certJune McEnroe2020-11-16
| | | | | | Otherwise the successful authentication message can leak information to unauthenticated clients when both certificate and password authentication are enabled.
* Set client sockets non-blockingJune McEnroe2020-11-16
| | | | | | | | | | | | | | | | | | | | | Except for during writes. This prevents pounce getting blocked on a client sending only a partial TLS record, for example. Writes still need to block because pounce doesn't have a way to resume them. (And it would do so by having a buffer, but sockets already have a send buffer, so what would be the point of that?) I don't think it should be a problem since outside of stateSync, writes only happen when poll returns POLLOUT. I feel like ideally SO_SNDLOWAT would be set to guarantee a full IRC message can always be written on POLLOUT, but since it's actually TLS records being sent, it's not obvious what the size would be. I'm also making an assumption here that tls_read returning TLS_WANT_POLLOUT is unlikely to happen, since I don't actually set pollfd.events based on that. I'm not sure how wanting to resume a tls_read after a POLLOUT could be cleanly handled. I'm just going to hope that if it does happen, the regular poll loop will eventually sort it out...
* Swap localAccept parameter orderJune McEnroe2020-11-14
|