Pierre-Louis Bonicoli
f2fd1824ca
Format the whole code using clang-format
2022-03-10 14:21:01 +01:00
f54775fe92
sanitize: ignore warnings related to external libs
2022-03-10 14:20:32 +01:00
ce4cf8b6a0
sanitize: add bip_clock_gettime util function
2022-03-10 14:20:26 +01:00
368149575d
sanitize: null writes, write errors, oversized int,
...
and set incoming_end to size_t
2022-03-10 14:20:23 +01:00
dd5343b710
use proper types, safe casts (mostly size_t)
2022-03-10 14:20:12 +01:00
94fe272018
handle more config errors, use char not int:1
2022-03-10 14:20:06 +01:00
2a5e7b6f7b
sanitize: add trivial casts to types
...
and add missing default cases
2022-03-10 14:19:57 +01:00
Pierre-Louis Bonicoli
462c1036fc
Fix spelling errors found by Lintian
2021-10-17 12:19:39 +02:00
Pierre-Louis Bonicoli
02c55a37b2
add debug log & differentiate error messages
2018-12-10 00:18:54 +01:00
caf979a4c5
Close descriptor when SSL reports a system error.
...
Avoids leaking fd when connections are closed abruptly.
2018-12-10 00:14:57 +01:00
Pierre-Louis Bonicoli
13b2e37635
DH parameters are not always required
...
for example ECDHE ciphers doesn't require DH parameters.
Closes #499
2018-03-22 02:33:19 +01:00
2e81cca480
Check value returned by X509_OBJECT_new()
...
Reported by Alexander Couzens, thanks to him !
2016-11-12 01:09:40 +01:00
e452c023ad
X509_OBJECT_new: call X509err
...
mimic behavior of X509_OBJECT_new provided by OpenSSL >= 1.1
2016-11-12 01:09:40 +01:00
6b38449875
Allow to set DH parameters
2016-11-07 17:50:20 +01:00
e8b5d02f13
Add missing call to SSL_CTX_free
2016-11-07 11:25:47 +01:00
406ebacfe5
check value returned by SSL_CTX_new
2016-11-07 11:25:44 +01:00
ab8e5eece1
Add cipher specifications setting
...
Allow to configure cipher specifications for the listening bip
connection and for each outgoing IRC connection.
Closes #301
2016-11-07 11:25:37 +01:00
39414f8ff9
Handle OpenSSL version 1.1
...
adding forward-compatible code to older versions
2016-06-29 19:40:32 +02:00
bdec94020e
Use monotonic time
2015-09-11 11:22:21 +02:00
34baf6e841
Always call bip_tick when select timeout
2015-09-11 11:21:52 +02:00
88242715f4
allow for certificate store to be unspecified in CA mode
...
In many cases, using OpenSSL's default certificate store is fine
and even preferred. If your OpenSSL provider (e.g. your
distribution) is competent, they will manage this database
better than you likely will. With this change, bip will
attempt to use the default certificate store if you set
CA mode but do not specify a certificate store location.
This could be refined to test after enabling the default paths
whether the certificate store is empty, and error/warn if
so.
2014-12-11 14:50:02 +01:00
89295ca4b2
check whether trust store is a file or directory in CHECK_CA
...
The existing code only allows you to provide a set of trusted
CA certificates as an openssl 'CApath'-type directory. Fedora,
RHEL (and derived distros) and probably other distros provide
a system-wide database of trusted CA certs in various bundle
formats, but not as a CApath-type directory. This checks whether
check_store is a file or directory and loads it appropriately,
when initializing an SSL connection.
Note that there is code elsewhere which assumes the trust store
will be a file, but that code is hit only in CHECK_BASIC mode.
This change applies only to CHECK_CA mode.
2014-12-11 14:49:53 +01:00
8d3539a7d0
Fix --without-openssl build
...
Reported & fixed by Whoopie, thanks to him !
Closes #313
2013-11-04 08:49:06 +01:00
71801fb3d2
Throttle almost everything (except PING, PONG, and certain QUIT messages) sent to the IRCd.
...
Fixes being killed for Excess Flooding on freenode by using the
existing fakelag mechanism. The existing fakelag works great but
was just not hooked into earlier.
Closes #191
2013-10-18 17:22:08 +02:00
df45c4c2d6
Closes #261 . Fix by Thijs Alkemade.
...
- use conf_global_log_file instead of stderr
- when a SSL handshake error occurs, close socket
2012-01-25 05:08:52 +01:00
222a33cb84
Buffer Overflow: check against the implicit size of select() arrays
...
Reported by Julien Tinnes (Fix #269 )
exit is called when the listening socket can not be created
2012-01-23 22:38:59 +01:00
a46b8bd2c2
Fix GCC warnings.
2011-10-24 23:44:43 +02:00
0da434d126
Fix GCC warnings.
2011-10-04 00:30:07 +02:00
7712ae3a92
Fix typo
2010-06-15 23:02:01 +01:00
92365874d4
Revert "Fix antiflood. Fixes freenode kicking us out."
...
This reverts commit 639e929021
2010-02-17 12:32:22 +00:00
5c3f22d8a8
Revert "Unbraindead"
...
This reverts commit b21c658b8c
2010-02-17 12:32:15 +00:00
b21c658b8c
Unbraindead
2010-02-17 12:00:55 +00:00
639e929021
Fix antiflood. Fixes freenode kicking us out.
2010-02-15 14:06:50 +00:00
c496bd7027
Update src/version.h and Changelog for release.
2009-08-24 19:05:45 +02:00
70fbf99c7f
Refactor _write_socket
...
Call real_write_all in write_lines and write_line.
This should fix debian bug #542291 .
BIG thanks to Zygo Blaxell.
2009-08-19 22:02:56 +02:00
7546daa276
[BUG] Handle badly lagging client conns decently.
2009-08-19 02:09:16 +02:00
32e08c94aa
SSL basic mode, support X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN
2009-07-02 18:05:51 +02:00
5628da3ee0
Add warning when using 512 bits long moduli for diffie hellman
2009-01-25 14:41:19 +01:00
b62c3e4697
[SSL] Support ephemeral diffie hellman kex
...
Pushing some non private data into openssl enables to use edh that
provides perfect forward secrecy.
2009-01-25 14:24:22 +01:00
9882a0cbdc
[CLEANUP] various cleanups
2009-01-17 15:03:06 +01:00
2ef3506a22
Remove useless null check. Cycle server on early connection problem.
2008-12-30 11:12:52 +01:00
4b723ca479
more cleanups, start of a log refactoring
...
That changes log format and might breack everything.
2008-12-18 14:27:16 +01:00
c150151066
BIG cleanup. check for memory allocation failure, add extra checks all arround.
2008-12-15 19:19:27 +01:00
e18d335578
calloc/realloc checks.
2008-12-11 11:00:05 +01:00
3ab2755767
Catch malloc returning NULL.
2008-12-10 23:26:37 +01:00
e863227099
Fix probable but rare memory leak
2008-06-01 11:05:22 +02:00
b024221cec
Use const varibable more consistently.
2008-02-02 12:46:20 +01:00
f1cc6451f5
Handle SSL-client auth. Fix crash on del_conn when the link never got connected at all.
2008-01-20 18:49:44 +01:00
671a455219
Fix UTF-8 in all files
2008-01-09 23:45:40 +01:00
e0170c8144
This makes no sense.
2007-12-21 12:54:06 +01:00
Pierre-Louis Bonicoli
Loïc Gomez