| Commit message (Collapse) | Author | Age |
|
|
|
| |
Ported from catgirl.
|
|
|
|
|
| |
Always use insecure, and trust, clientCert, clientPriv are irrelevant
for printing the remote certificate.
|
|
|
|
|
|
|
|
|
| |
getentropy(3) is kind of an awkward function. May as well be generic
as possible and read some random bytes from /dev/urandom, since for
-x we don't really need to worry about being in some execution
environment where that's unavailable. I'm also happy to remove that
special-case include for macOS since its crypt(3) isn't even usable
anyway.
|
| |
|
|
|
|
|
| |
It seems some IRCds don't even parse this correctly. It also should
never have been done this way since it breaks sending channel keys.
|
| |
|
| |
|
| |
|
|
|
|
|
|
| |
I don't think this is worth adding a configuration option for since real
clients will definitely accomplish registration faster than 10s and it's
long enough to even type out manually for testing.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Except for during writes. This prevents pounce getting blocked on a
client sending only a partial TLS record, for example.
Writes still need to block because pounce doesn't have a way to resume
them. (And it would do so by having a buffer, but sockets already have a
send buffer, so what would be the point of that?) I don't think it
should be a problem since outside of stateSync, writes only happen when
poll returns POLLOUT. I feel like ideally SO_SNDLOWAT would be set to
guarantee a full IRC message can always be written on POLLOUT, but since
it's actually TLS records being sent, it's not obvious what the size
would be.
I'm also making an assumption here that tls_read returning
TLS_WANT_POLLOUT is unlikely to happen, since I don't actually set
pollfd.events based on that. I'm not sure how wanting to resume a
tls_read after a POLLOUT could be cleanly handled. I'm just going to
hope that if it does happen, the regular poll loop will eventually sort
it out...
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Otherwise a client could cause pounce to hang (since the sockets are
left blocking) by opening a connection without handshaking! Oops,
that's pretty bad. Since the sockets are still blocking, a hang can
still be caused by a client sending a partial handshake then waiting.
More fixes to follow.
pounce is slightly protected from this when used with calico, as it
applies a timeout to waiting for the ClientHello.
|
| |
|
|
|
|
| |
This is a long-standing issue I ignored.
|
|
|
|
| |
It won't be, but gcc thinks it might.
|
| |
|
| |
|
| |
|
|
|
|
|
| |
unveil(2) is a bit complicated to apply to this, I'll have to think
about it more.
|
| |
|
|
|
|
| |
The next release will be 2.0 so these can be removed now.
|
| |
|
| |
|
|
|
|
|
|
| |
This removes the dependency on libcrypto.
Signed-off-by: Issam E. Maghni <issam.e.maghni@mailbox.org>
|
|
|
|
|
|
| |
This needs to be documented! But the documentation won't make any sense
until there's something that can implement the actual functionality of
the capability.
|
| |
|
|
|
|
| |
LibreSSL is "a modified version of that library".
|
|
|
|
|
| |
Always generate a certificate request and pipe it to be signed, either
by the CA or by itself.
|
| |
|
| |
|
| |
|
|
|
|
|
| |
This adds an actual dependency on libcrypto, but removes a dependency on
BSD (or LibreSSL libcrypto specifically).
|
|
|
|
|
| |
Allows requesting userhost-in-names on freenode, which is available but
hidden.
|
|
|
|
| |
https://www.gnu.org/licenses/gpl-faq.en.html#GPLIncompatibleLibs
|
|
|
|
|
|
|
|
|
| |
This addresses pounce getting killed with "Excess flood" when it sends
NAMES commands for too many channels when a client connects. These
commands, as well as automatic AWAY commands, are by default throttled
to 5 per second.
Tested on freenode with 36 channels and 200ms interval.
|
|
|
|
|
|
| |
There seems to be no guidance on how an application should set this
parameter. However, every system I've looked at will limit the value to
some default maximum, usually 128.
|
|
|
|
|
|
|
| |
In the case where a signal arrives while handling a ready socket, it
should be handled as soon as possible, rather than waiting for poll to
return again. Signals will still be handled immediately if poll returns
-1 due to EINTR.
|
| |
|
| |
|
|
|
|
| |
Copied and expanded from catgirl.
|
|
|
|
|
| |
Duration is set to INT_MAX since pounce will never accept cleartext
connections.
|
|
|
|
|
|
| |
This commit introduces a '-S' command line option and a "bind" configuration
file option for selecting the source address when making outbound TCP
connections (similar to the corresponding option in catgirl(1)).
|
|
|
|
|
| |
I'm pretty sure any kind of "renewing" of these is going to suck, so
just set it long enough that the world will probably be ash by then.
|
| |
|
|
|
|
|
|
|
| |
This disambiguates client-ca and client-pass from client-cert and
client-key, which apply to opposite sides of the program.
The old option names will continue to work.
|
|
|
|
| |
Required for the rewind call when loading the CA.
|
|
|
|
|
|
|
|
|
| |
This is a little bit messy. Allows setting either -A or -W or both.
Implements SASL EXTERNAL for clients that expect that when connecting
with a client certificate.
Need to test that reloading still works inside capsicum, since I suspect
that rewind call may be blocked.
|
|
|
|
|
|
|
|
|
|
|
| |
The other upper-case options are related to the listening side of
things, not the server side, so this is more consistent.
This is incompatible, but will fail loudly, and I expect these options
are more likely set in a configuration file, if they are set at all. I
also want to free up -A for setting a client CA, but assuming your away
message is not also an existing file path, that will continue to fail
loudly.
|