bip/bip
bip/bip
3
0
Fork 1
Code Issues Pull Requests 2 Releases Activity
686 Commits 9 Branches 7 Tags 1.4 MiB
c6a872ed61
Commit Graph

101 Commits

Author SHA1 Message Date
Pierre-Louis Bonicoli
f2fd1824ca
Format the whole code using clang-format 2022-03-10 14:21:01 +01:00
Loïc Gomez
f54775fe92
sanitize: ignore warnings related to external libs 2022-03-10 14:20:32 +01:00
Loïc Gomez
ce4cf8b6a0
sanitize: add bip_clock_gettime util function 2022-03-10 14:20:26 +01:00
Loïc Gomez
368149575d
sanitize: null writes, write errors, oversized int, 
and set incoming_end to size_t
 2022-03-10 14:20:23 +01:00
Loïc Gomez
dd5343b710
use proper types, safe casts (mostly size_t) 2022-03-10 14:20:12 +01:00
Loïc Gomez
94fe272018
handle more config errors, use char not int:1 2022-03-10 14:20:06 +01:00
Loïc Gomez
2a5e7b6f7b
sanitize: add trivial casts to types 
and add missing default cases
 2022-03-10 14:19:57 +01:00
Pierre-Louis Bonicoli
462c1036fc
Fix spelling errors found by Lintian 2021-10-17 12:19:39 +02:00
Pierre-Louis Bonicoli
02c55a37b2
add debug log & differentiate error messages 2018-12-10 00:18:54 +01:00
Arnaud Cornet
caf979a4c5
Close descriptor when SSL reports a system error. 
Avoids leaking fd when connections are closed abruptly.
 2018-12-10 00:14:57 +01:00
Pierre-Louis Bonicoli
13b2e37635
DH parameters are not always required 
for example ECDHE ciphers doesn't require DH parameters.

Closes #499
 2018-03-22 02:33:19 +01:00
Pierre-Louis Bonicoli
2e81cca480 Check value returned by X509_OBJECT_new() 
Reported by Alexander Couzens, thanks to him !
 2016-11-12 01:09:40 +01:00
Pierre-Louis Bonicoli
e452c023ad X509_OBJECT_new: call X509err 
mimic behavior of X509_OBJECT_new provided by OpenSSL >= 1.1
 2016-11-12 01:09:40 +01:00
Pierre-Louis Bonicoli
6b38449875 Allow to set DH parameters 2016-11-07 17:50:20 +01:00
Pierre-Louis Bonicoli
e8b5d02f13 Add missing call to SSL_CTX_free 2016-11-07 11:25:47 +01:00
Pierre-Louis Bonicoli
406ebacfe5 check value returned by SSL_CTX_new 2016-11-07 11:25:44 +01:00
Pierre-Louis Bonicoli
ab8e5eece1 Add cipher specifications setting 
Allow to configure cipher specifications for the listening bip
connection and for each outgoing IRC connection.

Closes #301
 2016-11-07 11:25:37 +01:00
Pierre-Louis Bonicoli
39414f8ff9 Handle OpenSSL version 1.1 
adding forward-compatible code to older versions
 2016-06-29 19:40:32 +02:00
Pierre-Louis Bonicoli
bdec94020e Use monotonic time 2015-09-11 11:22:21 +02:00
Pierre-Louis Bonicoli
34baf6e841 Always call bip_tick when select timeout 2015-09-11 11:21:52 +02:00
Adam Williamson
88242715f4 allow for certificate store to be unspecified in CA mode 
In many cases, using OpenSSL's default certificate store is fine
and even preferred. If your OpenSSL provider (e.g. your
distribution) is competent, they will manage this database
better than you likely will. With this change, bip will
attempt to use the default certificate store if you set
CA mode but do not specify a certificate store location.

This could be refined to test after enabling the default paths
whether the certificate store is empty, and error/warn if
so.
 2014-12-11 14:50:02 +01:00
Adam Williamson
89295ca4b2 check whether trust store is a file or directory in CHECK_CA 
The existing code only allows you to provide a set of trusted
CA certificates as an openssl 'CApath'-type directory. Fedora,
RHEL (and derived distros) and probably other distros provide
a system-wide database of trusted CA certs in various bundle
formats, but not as a CApath-type directory. This checks whether
check_store is a file or directory and loads it appropriately,
when initializing an SSL connection.

Note that there is code elsewhere which assumes the trust store
will be a file, but that code is hit only in CHECK_BASIC mode.
This change applies only to CHECK_CA mode.
 2014-12-11 14:49:53 +01:00
Pierre-Louis Bonicoli
8d3539a7d0 Fix --without-openssl build 
Reported & fixed by Whoopie, thanks to him !
Closes #313
 2013-11-04 08:49:06 +01:00
Nathan Phillip Brink
71801fb3d2 Throttle almost everything (except PING, PONG, and certain QUIT messages) sent to the IRCd. 
Fixes being killed for Excess Flooding on freenode by using the
existing fakelag mechanism. The existing fakelag works great but
was just not hooked into earlier.

Closes #191
 2013-10-18 17:22:08 +02:00
Pierre-Louis Bonicoli
df45c4c2d6 Closes #261. Fix by Thijs Alkemade. 
- use conf_global_log_file instead of stderr
- when a SSL handshake error occurs, close socket
 2012-01-25 05:08:52 +01:00
Pierre-Louis Bonicoli
222a33cb84 Buffer Overflow: check against the implicit size of select() arrays 
Reported by Julien Tinnes (Fix #269)
exit is called when the listening socket can not be created
 2012-01-23 22:38:59 +01:00
Arnaud Fontaine
a46b8bd2c2 Fix GCC warnings. 2011-10-24 23:44:43 +02:00
Arnaud Fontaine
0da434d126 Fix GCC warnings. 2011-10-04 00:30:07 +02:00
Trou
7712ae3a92 Fix typo 2010-06-15 23:02:01 +01:00
Arnaud Cornet
92365874d4 Revert "Fix antiflood. Fixes freenode kicking us out." 
This reverts commit 639e929021.
 2010-02-17 12:32:22 +00:00
Arnaud Cornet
5c3f22d8a8 Revert "Unbraindead" 
This reverts commit b21c658b8c.
 2010-02-17 12:32:15 +00:00
Arnaud Cornet
b21c658b8c Unbraindead 2010-02-17 12:00:55 +00:00
Arnaud Cornet
639e929021 Fix antiflood. Fixes freenode kicking us out. 2010-02-15 14:06:50 +00:00
Arnaud Cornet
c496bd7027 Update src/version.h and Changelog for release. 2009-08-24 19:05:45 +02:00
Arnaud Cornet
70fbf99c7f Refactor _write_socket 
Call real_write_all in write_lines and write_line.
This should fix debian bug #542291.
BIG thanks to Zygo Blaxell.
 2009-08-19 22:02:56 +02:00
Arnaud Cornet
7546daa276 [BUG] Handle badly lagging client conns decently. 2009-08-19 02:09:16 +02:00
Arnaud Cornet
32e08c94aa SSL basic mode, support X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN 2009-07-02 18:05:51 +02:00
Arnaud Cornet
5628da3ee0 Add warning when using 512 bits long moduli for diffie hellman 2009-01-25 14:41:19 +01:00
Arnaud Cornet
b62c3e4697 [SSL] Support ephemeral diffie hellman kex 
Pushing some non private data into openssl enables to use edh that
provides perfect forward secrecy.
 2009-01-25 14:24:22 +01:00
Arnaud Cornet
9882a0cbdc [CLEANUP] various cleanups 2009-01-17 15:03:06 +01:00
Arnaud Cornet
2ef3506a22 Remove useless null check. Cycle server on early connection problem. 2008-12-30 11:12:52 +01:00
Arnaud Cornet
4b723ca479 more cleanups, start of a log refactoring 
That changes log format and might breack everything.
 2008-12-18 14:27:16 +01:00
Arnaud Cornet
c150151066 BIG cleanup. check for memory allocation failure, add extra checks all arround. 2008-12-15 19:19:27 +01:00
Arnaud Cornet
e18d335578 calloc/realloc checks. 2008-12-11 11:00:05 +01:00
Arnaud Cornet
3ab2755767 Catch malloc returning NULL. 2008-12-10 23:26:37 +01:00
Arnaud Cornet
e863227099 Fix probable but rare memory leak 2008-06-01 11:05:22 +02:00
Arnaud Cornet
b024221cec Use const varibable more consistently. 2008-02-02 12:46:20 +01:00
Arnaud Cornet
f1cc6451f5 Handle SSL-client auth. Fix crash on del_conn when the link never got connected at all. 2008-01-20 18:49:44 +01:00
Loc Gomez
671a455219 Fix UTF-8 in all files 2008-01-09 23:45:40 +01:00
Arnaud Cornet
e0170c8144 This makes no sense. 2007-12-21 12:54:06 +01:00