bip/bip
bip
/
bip
3
0
Fork 1
Code Issues Pull Requests 2 Releases Activity
539 Commits 9 Branches 7 Tags 1.4 MiB
Commit Graph

87 Commits

Author SHA1 Message Date
Pierre-Louis Bonicoli e8b5d02f13 Add missing call to SSL_CTX_free 2016-11-07 11:25:47 +01:00
Pierre-Louis Bonicoli 406ebacfe5 check value returned by SSL_CTX_new 2016-11-07 11:25:44 +01:00
Pierre-Louis Bonicoli ab8e5eece1 Add cipher specifications setting 
Allow to configure cipher specifications for the listening bip
connection and for each outgoing IRC connection.

Closes #301
 2016-11-07 11:25:37 +01:00
Pierre-Louis Bonicoli 39414f8ff9 Handle OpenSSL version 1.1 
adding forward-compatible code to older versions
 2016-06-29 19:40:32 +02:00
Pierre-Louis Bonicoli bdec94020e Use monotonic time 2015-09-11 11:22:21 +02:00
Pierre-Louis Bonicoli 34baf6e841 Always call bip_tick when select timeout 2015-09-11 11:21:52 +02:00
Adam Williamson 88242715f4 allow for certificate store to be unspecified in CA mode 
In many cases, using OpenSSL's default certificate store is fine
and even preferred. If your OpenSSL provider (e.g. your
distribution) is competent, they will manage this database
better than you likely will. With this change, bip will
attempt to use the default certificate store if you set
CA mode but do not specify a certificate store location.

This could be refined to test after enabling the default paths
whether the certificate store is empty, and error/warn if
so.
 2014-12-11 14:50:02 +01:00
Adam Williamson 89295ca4b2 check whether trust store is a file or directory in CHECK_CA 
The existing code only allows you to provide a set of trusted
CA certificates as an openssl 'CApath'-type directory. Fedora,
RHEL (and derived distros) and probably other distros provide
a system-wide database of trusted CA certs in various bundle
formats, but not as a CApath-type directory. This checks whether
check_store is a file or directory and loads it appropriately,
when initializing an SSL connection.

Note that there is code elsewhere which assumes the trust store
will be a file, but that code is hit only in CHECK_BASIC mode.
This change applies only to CHECK_CA mode.
 2014-12-11 14:49:53 +01:00
Pierre-Louis Bonicoli 8d3539a7d0 Fix --without-openssl build 
Reported & fixed by Whoopie, thanks to him !
Closes #313
 2013-11-04 08:49:06 +01:00
Nathan Phillip Brink 71801fb3d2 Throttle almost everything (except PING, PONG, and certain QUIT messages) sent to the IRCd. 
Fixes being killed for Excess Flooding on freenode by using the
existing fakelag mechanism. The existing fakelag works great but
was just not hooked into earlier.

Closes #191
 2013-10-18 17:22:08 +02:00
Pierre-Louis Bonicoli df45c4c2d6 Closes #261. Fix by Thijs Alkemade. 
- use conf_global_log_file instead of stderr
- when a SSL handshake error occurs, close socket
 2012-01-25 05:08:52 +01:00
Pierre-Louis Bonicoli 222a33cb84 Buffer Overflow: check against the implicit size of select() arrays 
Reported by Julien Tinnes (Fix #269)
exit is called when the listening socket can not be created
 2012-01-23 22:38:59 +01:00
Arnaud Fontaine a46b8bd2c2 Fix GCC warnings. 2011-10-24 23:44:43 +02:00
Arnaud Fontaine 0da434d126 Fix GCC warnings. 2011-10-04 00:30:07 +02:00
Trou 7712ae3a92 Fix typo 2010-06-15 23:02:01 +01:00
Arnaud Cornet 92365874d4 Revert "Fix antiflood. Fixes freenode kicking us out." 
This reverts commit 639e929021.
 2010-02-17 12:32:22 +00:00
Arnaud Cornet 5c3f22d8a8 Revert "Unbraindead" 
This reverts commit b21c658b8c.
 2010-02-17 12:32:15 +00:00
Arnaud Cornet b21c658b8c Unbraindead 2010-02-17 12:00:55 +00:00
Arnaud Cornet 639e929021 Fix antiflood. Fixes freenode kicking us out. 2010-02-15 14:06:50 +00:00
Arnaud Cornet c496bd7027 Update src/version.h and Changelog for release. 2009-08-24 19:05:45 +02:00
Arnaud Cornet 70fbf99c7f Refactor _write_socket 
Call real_write_all in write_lines and write_line.
This should fix debian bug #542291.
BIG thanks to Zygo Blaxell.
 2009-08-19 22:02:56 +02:00
Arnaud Cornet 7546daa276 [BUG] Handle badly lagging client conns decently. 2009-08-19 02:09:16 +02:00
Arnaud Cornet 32e08c94aa SSL basic mode, support X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN 2009-07-02 18:05:51 +02:00
Arnaud Cornet 5628da3ee0 Add warning when using 512 bits long moduli for diffie hellman 2009-01-25 14:41:19 +01:00
Arnaud Cornet b62c3e4697 [SSL] Support ephemeral diffie hellman kex 
Pushing some non private data into openssl enables to use edh that
provides perfect forward secrecy.
 2009-01-25 14:24:22 +01:00
Arnaud Cornet 9882a0cbdc [CLEANUP] various cleanups 2009-01-17 15:03:06 +01:00
Arnaud Cornet 2ef3506a22 Remove useless null check. Cycle server on early connection problem. 2008-12-30 11:12:52 +01:00
Arnaud Cornet 4b723ca479 more cleanups, start of a log refactoring 
That changes log format and might breack everything.
 2008-12-18 14:27:16 +01:00
Arnaud Cornet c150151066 BIG cleanup. check for memory allocation failure, add extra checks all arround. 2008-12-15 19:19:27 +01:00
Arnaud Cornet e18d335578 calloc/realloc checks. 2008-12-11 11:00:05 +01:00
Arnaud Cornet 3ab2755767 Catch malloc returning NULL. 2008-12-10 23:26:37 +01:00
Arnaud Cornet e863227099 Fix probable but rare memory leak 2008-06-01 11:05:22 +02:00
Arnaud Cornet b024221cec Use const varibable more consistently. 2008-02-02 12:46:20 +01:00
Arnaud Cornet f1cc6451f5 Handle SSL-client auth. Fix crash on del_conn when the link never got connected at all. 2008-01-20 18:49:44 +01:00
Loïc Gomez 671a455219 Fix UTF-8 in all files 2008-01-09 23:45:40 +01:00
Arnaud Cornet e0170c8144 This makes no sense. 2007-12-21 12:54:06 +01:00
Arnaud Cornet 64b3468393 Fix misplaced free. 2007-12-21 12:45:49 +01:00
Arnaud Cornet 8d25dfea51 Clear newly allocated connection structs. 2007-12-21 12:27:44 +01:00
Arnaud Cornet e6efc4b1c5 Fix just introduced leak. 2007-12-21 12:21:23 +01:00
Arnaud Cornet 27b16a86b8 Avoid unncessary calls to getaddrinfo. 
Refactor calls to getaddrinfo only on socket establishement, cache in
connection structure.
 2007-12-21 12:20:21 +01:00
Arnaud Cornet cbcd4c18a3 Fix fatal() on /bip jump. 2007-12-14 22:06:20 +01:00
Arnaud Cornet 1e449da922 Make SSL "basic" certificate check more loose (more SSH-like). 
In "basic" mode, normally un trusted certificates get to be trusted if they are
manually trusted by user. This provides an SSH like private key auth mechanism.
Expired certificates were considered invalid in this mode which does not make
much sense.
 2007-10-29 00:38:42 +01:00
Arnaud Cornet 32e47b900c Fixes to get the /BIP RELOAD command to at least work in a quick test. 
- reuse existing channel infos
- dont clear conn_list on end of irc_main and don't add the listener if
conn_list is not empty at start of irc_main
 2007-10-20 23:12:22 +02:00
Arnaud Cornet b026214142 Various fixes 
- Fix log redirrect to stderr when not going into background.
- Fix connection_close to handle connections on error.
- Handle servers you can't connect to the same way as servers that get disconnected. (wrt to reconnection timers)
- Fix some log message
 2007-10-20 21:26:21 +02:00
Loïc Gomez 12ea45b132 cleanup 
change some log levels
remove ssl_check_store from connection
indent fixes
check_rlimits: change explain text
Git-explicit version
 2007-09-27 14:12:27 +02:00
Loïc Gomez 5aec7804af src/log: fix backlogging again, memlog was distrubing the process 
src/connection: change some log levels, errors are errors, not debug info...
 2007-09-26 21:22:44 +02:00
Arnaud Cornet d7e870fe67 Lot of cleanups wrt init and killing links 
Cleanup sample config (make cert).
Implement some free functions (log_free and link_kill).
Move utility macros in src/util.h
Reorganiize initialisation functions.
 2007-09-04 00:24:50 +02:00
nohar aa40fef29a Close cleanly. Bug repported by netnut. 2007-07-20 14:45:33 +00:00
nohar 0546c4baa2 Set socket flags setting. 2007-06-14 08:48:04 +00:00
nohar 56fd224916 Lot's of cleanups. 2007-05-26 10:31:44 +00:00