| Commit message (Collapse) | Author | Age |
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Ported from catgirl:
commit 585039fb6e5097cfd16bc083c6d1c9356b237882
Author: Klemens Nanni <klemens@posteo.de>
Date: Sun Jun 20 14:42:10 2021 +0000
Use "secure" libtls ciphers
d3e90b6 'Use libtls "compat" ciphers' from 2018 fell back to "compat"
ciphers to support irc.mozilla.org which now yields NXDOMAIN.
All modern networks (should) support secure ciphers, so drop the
hopefully unneeded list of less secure ciphers by avoiding
tls_config_set_ciphers(3) and therefore sticking to the "secure" aka.
"default" set of ciphers in libtls.
A quick check shows that almost all of the big/known IRC networks
support TLS1.3 already; those who do not at least comply with
SSL_CTX_set_cipher_list(3)'s "HIGH" set as can be tested like this:
echo \
irc.hackint.org \
irc.tilde.chat \
irc.libera.chat \
irc.efnet.nl \
irc.oftc.net |
xargs -tn1 \
openssl s_client -quiet -cipher HIGH -no_ign_eof -port 6697 -host
|
|
|
|
| |
Rather than causing a tls_write(3) for each remaining token.
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
| |
This lets mandoc generate tags for the option names as well, so you
can ":t away" in less(1), for example, and anchor links in HTML
output. The added No's prevent the equals signs from being part of
the anchor links.
|
|
|
|
|
|
| |
IRCv3 has moved away from grouping specs together into versions
like this. SASL is still referred to as IRCv3.2 because there are
two different versions of that spec.
|
| |
|
|
|
|
|
| |
This avoids duplicating tokens when a client sends VERSION and the
server responds with its 005s again.
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
|
| |
Based on seprint(2) from Plan 9. I'm not sure if my return value
exactly matches Plan 9's in the case of truncation. seprint(2) is
described only as returning a pointer to the terminating '\0', but
if it does so even in the case of truncation, it is awkward for the
caller to detect. This implementation returns end in the truncation
case, so that (ptr == end) indicates truncation.
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
|
| |
Default MANDIR to ${PREFIX}/man since it turns out man-db includes
/usr/local/man by default. Add support for BINDIR. Separate libs
out into LDADD variables.
|
|
|
|
| |
Oops.
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
| |
And send an accurate total badge count.
|
| |
|
|
|
|
|
| |
It seems some IRCds don't even parse this correctly. It also should
never have been done this way since it breaks sending channel keys.
|
| |
|
| |
|
|
|
|
|
| |
LibreTLS in particular is gaining traction in packaging, so point
to Repology pages to make users' lives easier.
|
| |
|
|
|
|
|
|
|
| |
Don't search base directories if path starts with "/", "./" or
"../", but still do if the path simply starts with ".". Bail early
if HOME is needed but unset. Don't attempt to open the original
path in configOpen and dataOpen.
|
| |
|
|
|
|
|
|
|
| |
Only request it with labeled-response, since it is impossible to
correlate messages to clients without. For clients without echo-message,
synthesize a label on PRIVMSG/NOTICE/TAGMSG, then filter out received
messages with that label.
|
| |
|
| |
|
|
|
|
|
|
| |
Don't wait for getopt_long to move all the arguments to the end. This
allows overriding options set by config files by placing flags after
them on the command line.
|
|
|
|
|
| |
Or only unsupported caps. Or, as the corresponding commit in catgirl
says, "if CAP LS doesn't list anything good."
|
| |
|
|
|
|
|
| |
Not totally clear under what conditions 437 is returned, but if it
happens during registration, we should pick a new nick.
|
|
|
|
| |
This fixes building on 32-bit platforms.
|
|
|
|
|
|
| |
I think this emulates SO_REUSEADDR, which for some reason doesn't work
on PF_UNIX. If the socket exists, check if connect(2) works, rather than
clobbering the socket being used by a still-running instance.
|
| |
|
|
|
|
|
|
| |
I don't think this is worth adding a configuration option for since real
clients will definitely accomplish registration faster than 10s and it's
long enough to even type out manually for testing.
|
|
|
|
|
|
| |
Otherwise the successful authentication message can leak information to
unauthenticated clients when both certificate and password
authentication are enabled.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Except for during writes. This prevents pounce getting blocked on a
client sending only a partial TLS record, for example.
Writes still need to block because pounce doesn't have a way to resume
them. (And it would do so by having a buffer, but sockets already have a
send buffer, so what would be the point of that?) I don't think it
should be a problem since outside of stateSync, writes only happen when
poll returns POLLOUT. I feel like ideally SO_SNDLOWAT would be set to
guarantee a full IRC message can always be written on POLLOUT, but since
it's actually TLS records being sent, it's not obvious what the size
would be.
I'm also making an assumption here that tls_read returning
TLS_WANT_POLLOUT is unlikely to happen, since I don't actually set
pollfd.events based on that. I'm not sure how wanting to resume a
tls_read after a POLLOUT could be cleanly handled. I'm just going to
hope that if it does happen, the regular poll loop will eventually sort
it out...
|
| |
|