about summary refs log tree commit diff
path: root/server.c (follow)
Commit message (Collapse)AuthorAge
* Explicitly clear TLS secrets after handshakeJune McEnroe2021-08-20
| | | | Ported from catgirl ae64d277b8204c156a30d2e8b6a958e5a31f2a7f.
* Handle TLS_WANT_POLL{IN,OUT} from tls_handshake(3) with serverJune McEnroe2021-08-20
|
* Use "secure" libtls ciphersJune McEnroe2021-08-20
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Ported from catgirl: commit 585039fb6e5097cfd16bc083c6d1c9356b237882 Author: Klemens Nanni <klemens@posteo.de> Date: Sun Jun 20 14:42:10 2021 +0000 Use "secure" libtls ciphers d3e90b6 'Use libtls "compat" ciphers' from 2018 fell back to "compat" ciphers to support irc.mozilla.org which now yields NXDOMAIN. All modern networks (should) support secure ciphers, so drop the hopefully unneeded list of less secure ciphers by avoiding tls_config_set_ciphers(3) and therefore sticking to the "secure" aka. "default" set of ciphers in libtls. A quick check shows that almost all of the big/known IRC networks support TLS1.3 already; those who do not at least comply with SSL_CTX_set_cipher_list(3)'s "HIGH" set as can be tested like this: echo \ irc.hackint.org \ irc.tilde.chat \ irc.libera.chat \ irc.efnet.nl \ irc.oftc.net | xargs -tn1 \ openssl s_client -quiet -cipher HIGH -no_ign_eof -port 6697 -host
* Add -o and -t options to trust self-signed certificates 2.2June McEnroe2021-01-11
|
* Use configPath to load client cert/privJune McEnroe2020-08-24
|
* Say "OpenSSL" in additional permission noticesJune McEnroe2020-08-06
| | | | LibreSSL is "a modified version of that library".
* Add additional permission for linking with LibreSSLJune McEnroe2020-06-08
| | | | https://www.gnu.org/licenses/gpl-faq.en.html#GPLIncompatibleLibs
* Don't bother setting SO_NOSIGPIPEJune McEnroe2020-05-18
| | | | We need to ignore SIGPIPE anyway for other platforms.
* Add server send queueing with time intervalJune McEnroe2020-05-11
| | | | | | | | | This addresses pounce getting killed with "Excess flood" when it sends NAMES commands for too many channels when a client connects. These commands, as well as automatic AWAY commands, are by default throttled to 5 per second. Tested on freenode with 36 channels and 200ms interval.
* Tweak buffer sizesJune McEnroe2020-02-26
| | | | | | Filter functions are dealing with lines not including CRLF, so they already have extra space. serverFormat is using snprintf which wants to always write a NUL at the end of the string.
* Support message-tagsJune McEnroe2020-02-25
|
* Respond to tagged PINGs correctlyJune McEnroe2020-02-25
| | | | Yikes.
* Bump buffer sizes to allow for tagsJune McEnroe2020-02-25
| | | | | I still think this limit is unreasonably large in comparison to 512 for the actual message.
* Implement source address selectionmultiplexd2020-02-18
| | | | | | This commit introduces a '-S' command line option and a "bind" configuration file option for selecting the source address when making outbound TCP connections (similar to the corresponding option in catgirl(1)).
* Exit on zero-length server readJune McEnroe2019-12-22
|
* Change license to GPLv3June McEnroe2019-11-06
| | | | | | | | | | | | | | > Notwithstanding any other provision of this License, if you modify the > Program, your modified version must prominently offer all users > interacting with it remotely through a computer network (if your version > supports such interaction) an opportunity to receive the Corresponding > Source of your version by providing access to the Corresponding Source > from a network server at no charge, through some standard or customary > means of facilitating copying of software. This potentially means that every freenode user, for example, is interacting with this software, and offering the corresponding source to each of them is an unreasonable burden.
* Use explicit_bzero from LibreSSLJune McEnroe2019-11-06
|
* Use one call to set client cert and keyJune McEnroe2019-11-05
|
* Add options for TLS client certificateJune McEnroe2019-11-04
|
* Use capsicumJune McEnroe2019-11-01
|
* Use explicit_bzero to clear passwordsJune McEnroe2019-10-31
| | | | | GNU doesn't implement memset_s, but both FreeBSD and GNU implement explicit_bzero. Darwin doesn't, so #define it in terms of memset_s.
* Move entire login flow to state and reorganize itJune McEnroe2019-10-28
|
* Wait for SASL success before sending CAP ENDJune McEnroe2019-10-27
| | | | | | | Also refuse to continue logging in if SASL authentication fails. I should really just move all of log in and authentication from server.c to state.c...
* Improve client/server error messagesJune McEnroe2019-10-27
|
* Wait for AUTHENTICATE + from serverJune McEnroe2019-10-26
|
* Respond to PING with same parameterJune McEnroe2019-10-26
|
* Add undocumented flag to disable verificationJune McEnroe2019-10-26
|
* Clean up server codeJune McEnroe2019-10-25
|
* Use produce/consume words for ring bufferJune McEnroe2019-10-25
| | | | To disambiguate clientRecv and clientRead, say clientConsume.
* Implement ringWriteJune McEnroe2019-10-24
|
* Make serverFormat publicJune McEnroe2019-10-24
|
* Respond to pingsJune McEnroe2019-10-23
|
* Add verbose flagJune McEnroe2019-10-23
|
* Set NOSIGPIPE on server connectionJune McEnroe2019-10-23
|
* Actually send the buffer...June McEnroe2019-10-23
|
* Add stateJune McEnroe2019-10-23
|
* Implement serverLoginJune McEnroe2019-10-22
|
* Implement serverConnectJune McEnroe2019-10-22