| Commit message (Collapse) | Author | Age |
|
|
|
| |
LibreSSL is "a modified version of that library".
|
|
|
|
|
| |
Always generate a certificate request and pipe it to be signed, either
by the CA or by itself.
|
| |
|
| |
|
| |
|
|
|
|
|
| |
This adds an actual dependency on libcrypto, but removes a dependency on
BSD (or LibreSSL libcrypto specifically).
|
|
|
|
|
| |
Allows requesting userhost-in-names on freenode, which is available but
hidden.
|
|
|
|
| |
https://www.gnu.org/licenses/gpl-faq.en.html#GPLIncompatibleLibs
|
|
|
|
|
|
|
|
|
| |
This addresses pounce getting killed with "Excess flood" when it sends
NAMES commands for too many channels when a client connects. These
commands, as well as automatic AWAY commands, are by default throttled
to 5 per second.
Tested on freenode with 36 channels and 200ms interval.
|
|
|
|
|
|
| |
There seems to be no guidance on how an application should set this
parameter. However, every system I've looked at will limit the value to
some default maximum, usually 128.
|
|
|
|
|
|
|
| |
In the case where a signal arrives while handling a ready socket, it
should be handled as soon as possible, rather than waiting for poll to
return again. Signals will still be handled immediately if poll returns
-1 due to EINTR.
|
| |
|
| |
|
|
|
|
| |
Copied and expanded from catgirl.
|
|
|
|
|
| |
Duration is set to INT_MAX since pounce will never accept cleartext
connections.
|
|
|
|
|
|
| |
This commit introduces a '-S' command line option and a "bind" configuration
file option for selecting the source address when making outbound TCP
connections (similar to the corresponding option in catgirl(1)).
|
|
|
|
|
| |
I'm pretty sure any kind of "renewing" of these is going to suck, so
just set it long enough that the world will probably be ash by then.
|
| |
|
|
|
|
|
|
|
| |
This disambiguates client-ca and client-pass from client-cert and
client-key, which apply to opposite sides of the program.
The old option names will continue to work.
|
|
|
|
| |
Required for the rewind call when loading the CA.
|
|
|
|
|
|
|
|
|
| |
This is a little bit messy. Allows setting either -A or -W or both.
Implements SASL EXTERNAL for clients that expect that when connecting
with a client certificate.
Need to test that reloading still works inside capsicum, since I suspect
that rewind call may be blocked.
|
|
|
|
|
|
|
|
|
|
|
| |
The other upper-case options are related to the listening side of
things, not the server side, so this is more consistent.
This is incompatible, but will fail loudly, and I expect these options
are more likely set in a configuration file, if they are set at all. I
also want to free up -A for setting a client CA, but assuming your away
message is not also an existing file path, that will continue to fail
loudly.
|
|
|
|
|
|
|
| |
Turns out the more likely thing is that the fd will just continue to be
POLLIN and produce zero-length reads.
This reverts commit 5707b15920a1ce57f01db0d592487d833218be9d.
|
|
|
|
|
|
| |
This should maybe gracefully inform clients of what happened, but for
now this is much better than the infinite poll loop that happened
previously.
|
|
|
|
|
| |
This still allows using openssl(1) from PATH, but defaults to using
${LIBRESSL_PREFIX}/bin/openssl.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Otherwise, each source file that includes the header gets its own
definition, and according to the C standard (C99 6.9p5):
> If an identifier declared with external linkage is used in an
> expression (other than as part of the operand of a sizeof operator
> whose result is an integer constant), somewhere in the entire
> program there shall be exactly one external definition for the
> identifier
Most compilers use the .bss section for zero data, but if it uses
.data instead, or if -Wl,--warn-common is used, this will cause a
linking error.
|
|
|
|
| |
This inverts the meaning of -N!
|
| |
|
| |
|
|
|
|
|
|
| |
Turns out I did eventually fix this, because I may want to implement
"passive clients" for logging or notification stuff, which wouldn't
affect AWAY status either.
|
| |
|
|
|
|
|
| |
This might reduce the frequency of a client getting its own message back
because it was behind in the ring when it sent it.
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
> Notwithstanding any other provision of this License, if you modify the
> Program, your modified version must prominently offer all users
> interacting with it remotely through a computer network (if your version
> supports such interaction) an opportunity to receive the Corresponding
> Source of your version by providing access to the Corresponding Source
> from a network server at no charge, through some standard or customary
> means of facilitating copying of software.
This potentially means that every freenode user, for example, is
interacting with this software, and offering the corresponding source to
each of them is an unreasonable burden.
|
|
|
|
|
| |
This is essentially the command freenode tells you to run:
<https://freenode.net/kb/answer/certfp>.
|
| |
|
| |
|
|
|
|
| |
Let all words be four letter words.
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
| |
This is more versatile since files are more likely to be replaced than
overwritten.
|