| Commit message (Collapse) | Author | Age |
|---|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
| |
Otherwise a client could cause pounce to hang (since the sockets are
left blocking) by opening a connection without handshaking! Oops,
that's pretty bad. Since the sockets are still blocking, a hang can
still be caused by a client sending a partial handshake then waiting.
More fixes to follow.
pounce is slightly protected from this when used with calico, as it
applies a timeout to waiting for the ClientHello.
|
| | |
|
| |
|
|
| |
This is a long-standing issue I ignored.
|
| |
|
|
| |
It won't be, but gcc thinks it might.
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
| |
unveil(2) is a bit complicated to apply to this, I'll have to think
about it more.
|
| | |
|
| |
|
|
| |
The next release will be 2.0 so these can be removed now.
|
| | |
|
| | |
|
| |
|
|
|
|
| |
This removes the dependency on libcrypto.
Signed-off-by: Issam E. Maghni <issam.e.maghni@mailbox.org>
|
| |
|
|
|
|
| |
This needs to be documented! But the documentation won't make any sense
until there's something that can implement the actual functionality of
the capability.
|
| | |
|
| |
|
|
| |
LibreSSL is "a modified version of that library".
|
| |
|
|
|
| |
Always generate a certificate request and pipe it to be signed, either
by the CA or by itself.
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
| |
This adds an actual dependency on libcrypto, but removes a dependency on
BSD (or LibreSSL libcrypto specifically).
|
| |
|
|
|
| |
Allows requesting userhost-in-names on freenode, which is available but
hidden.
|
| |
|
|
| |
https://www.gnu.org/licenses/gpl-faq.en.html#GPLIncompatibleLibs
|
| |
|
|
|
|
|
|
|
| |
This addresses pounce getting killed with "Excess flood" when it sends
NAMES commands for too many channels when a client connects. These
commands, as well as automatic AWAY commands, are by default throttled
to 5 per second.
Tested on freenode with 36 channels and 200ms interval.
|
| |
|
|
|
|
| |
There seems to be no guidance on how an application should set this
parameter. However, every system I've looked at will limit the value to
some default maximum, usually 128.
|
| |
|
|
|
|
|
| |
In the case where a signal arrives while handling a ready socket, it
should be handled as soon as possible, rather than waiting for poll to
return again. Signals will still be handled immediately if poll returns
-1 due to EINTR.
|
| | |
|
| | |
|
| |
|
|
| |
Copied and expanded from catgirl.
|
| |
|
|
|
| |
Duration is set to INT_MAX since pounce will never accept cleartext
connections.
|
| |
|
|
|
|
| |
This commit introduces a '-S' command line option and a "bind" configuration
file option for selecting the source address when making outbound TCP
connections (similar to the corresponding option in catgirl(1)).
|
| |
|
|
|
| |
I'm pretty sure any kind of "renewing" of these is going to suck, so
just set it long enough that the world will probably be ash by then.
|
| | |
|
| |
|
|
|
|
|
| |
This disambiguates client-ca and client-pass from client-cert and
client-key, which apply to opposite sides of the program.
The old option names will continue to work.
|
| |
|
|
| |
Required for the rewind call when loading the CA.
|
| |
|
|
|
|
|
|
|
| |
This is a little bit messy. Allows setting either -A or -W or both.
Implements SASL EXTERNAL for clients that expect that when connecting
with a client certificate.
Need to test that reloading still works inside capsicum, since I suspect
that rewind call may be blocked.
|
| |
|
|
|
|
|
|
|
|
|
| |
The other upper-case options are related to the listening side of
things, not the server side, so this is more consistent.
This is incompatible, but will fail loudly, and I expect these options
are more likely set in a configuration file, if they are set at all. I
also want to free up -A for setting a client CA, but assuming your away
message is not also an existing file path, that will continue to fail
loudly.
|
| |
|
|
|
|
|
| |
Turns out the more likely thing is that the fd will just continue to be
POLLIN and produce zero-length reads.
This reverts commit 5707b15920a1ce57f01db0d592487d833218be9d.
|
| |
|
|
|
|
| |
This should maybe gracefully inform clients of what happened, but for
now this is much better than the infinite poll loop that happened
previously.
|
| |
|
|
|
| |
This still allows using openssl(1) from PATH, but defaults to using
${LIBRESSL_PREFIX}/bin/openssl.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Otherwise, each source file that includes the header gets its own
definition, and according to the C standard (C99 6.9p5):
> If an identifier declared with external linkage is used in an
> expression (other than as part of the operand of a sizeof operator
> whose result is an integer constant), somewhere in the entire
> program there shall be exactly one external definition for the
> identifier
Most compilers use the .bss section for zero data, but if it uses
.data instead, or if -Wl,--warn-common is used, this will cause a
linking error.
|
| |
|
|
| |
This inverts the meaning of -N!
|
| | |
|
| | |
|
| |
|
|
|
|
| |
Turns out I did eventually fix this, because I may want to implement
"passive clients" for logging or notification stuff, which wouldn't
affect AWAY status either.
|
| | |
|
| |
|
|
|
| |
This might reduce the frequency of a client getting its own message back
because it was behind in the ring when it sent it.
|
| | |
|