summary refs log tree commit diff
path: root/irc.c
AgeCommit message (Collapse)Author
2021-08-15Handle tags without values 1.9aC. McEnroe
Otherwise a tag with no value would cause a segfault trying to unescape the NULL tag pointer. This shouldn't happen for the server tags we parse, but clients could send @+draft/reply with no value.
2021-08-09Silence maybe uninitialized warningC. McEnroe
Wouldn't happen anyway since configPath will always return at least one path.
2021-07-13Perform TLS handshake after final pledgeKlemens Nanni
ircConnect() yields a connected TCP socket after which "inet dns" is no longer needed. Possibly having loaded private key material, it seems a tad more comforting to speak TLS *after* dropping any network capabilities (except for socket read/write to the IRC host, of course). Instead of moving the final pledge into irc.c:ircConnect() and thus complicating the code around pledge across two C modules, simply stub out an mnemonic ircHandshake() and call that explicitly. This restores behaviour gained with 981ebc4 "Remove explicit tls_handshake(3) from ircConnect" which was reverted for other reasons.
2021-07-13Explicitly clear TLS secrets afer handshakeKlemens Nanni
No need to keep them at runtime; do so unconditionally for the sake of simplicity. Declare TLS config globally so ircConnect() can clear it and declare both client and config statically as they are not used outside the irc.c module.
2021-07-13Revert "Remove explicit tls_handshake(3) from ircConnect"Klemens Nanni
This reverts commit 981ebc4f12b88fbf52ed0352428a0612dd2c2568. This broke `-o' to print the server certificate; without explicit handshake there will be no tls_read(3) in this short code path.
2021-06-25Remove explicit tls_handshake(3) from ircConnectC. McEnroe
The first call to ircFormat, which calls tls_write(3) in turn, will perform the handshake anyway. This way the handshake happens after the final pledge(2) call.
2021-06-25Move setting CLOEXEC on socket to ircConnectC. McEnroe
2021-06-21Handle EINTR from connect(2) gracefullyKlemens Nanni
Resizing the window early on may return early due to SIGWINCH. Continue asynchronously in that case instead of exiting.
2021-06-20Use "secure" libtls ciphersKlemens Nanni
d3e90b6 'Use libtls "compat" ciphers' from 2018 fell back to "compat" ciphers to support irc.mozilla.org which now yields NXDOMAIN. All modern networks (should) support secure ciphers, so drop the hopefully unneeded list of less secure ciphers by avoiding tls_config_set_ciphers(3) and therefore sticking to the "secure" aka. "default" set of ciphers in libtls. A quick check shows that almost all of the big/known IRC networks support TLS1.3 already; those who do not at least comply with SSL_CTX_set_cipher_list(3)'s "HIGH" set as can be tested like this: echo \ irc.hackint.org \ irc.tilde.chat \ irc.libera.chat \ irc.efnet.nl \ irc.oftc.net | xargs -tn1 \ openssl s_client -quiet -cipher HIGH -no_ign_eof -port 6697 -host
2021-06-20Handle TLS_WANNT_POLL{IN,OUT} from tls_handshake(3)C. McEnroe
For blocking sockets it should be retried immediately.
2021-06-10Only explicitly load the default CA file on OpenBSDC. McEnroe
2021-06-10Hoist loading default root certificates into ircConfig()Klemens Nanni
tls_connect_socket(3) in ircConnect() does that by default already unless tls_config_set_ca_file(3) was used. Loading CA certificates before connecting makes no practical difference except on OpenBSD where this allows for tighter unveil und pledge setups now that all required (TLS related) file I/O is finished by the time ircConnect() gets to do network I/O. In case of the hidden `-!' insecure flag which is implied by `-o' to print server certificates and exit, loading root certificates is not required at all; likewise, using explicit self signed server certificates will not involve certificate authorities either, hence load them only if needed.
2021-01-10Print chain to stdout with -oC. McEnroe
2021-01-09Add -o and -t options to trust self-signed certificatesC. McEnroe
2020-08-21Use a static buffer for base directory pathsC. McEnroe
2020-08-20Use configPath to load TLS cert/privC. McEnroe
2020-08-04Say "OpenSSL" in additional permission noticesC. McEnroe
LibreSSL is "a modified version of that library".
2020-07-23Remove tls_close error handlingC. McEnroe
It seems that sometimes tls_close returns non-zero but tls_error returns a null string... We're exiting anyway, so just ignore it.
2020-06-24Bump ParamCap to 254C. McEnroe
Apparently IRCds have decided that the 15-parameter limit doesn't matter anymore. 254 is the maximum number of single-byte parameters (following a single-byte command) which fit in a 512-byte CR-LF-terminated line. When everyone decides that the 512-byte line length limit doesn't matter either, I will delete my software and people can use some JavaScript garbage instead. This makes struct Message 2080 bytes, but there's only ever one or two of them around at once. Avoid passing it by value to handle.
2020-06-08Add additional permission for linking with LibreSSLC. McEnroe
https://www.gnu.org/licenses/gpl-faq.en.html#GPLIncompatibleLibs
2020-02-17Use the correct hostname in error messagemultiplexd
Previously, the remote host to which catgirl(1) is connecting was used in error reporting instead of the local bind address if the latter could not be resolved.
2020-02-16Various small cleanupsC. McEnroe
Haven't really gone through ui.c yet.
2020-02-15Replace small integers in size_t with uintC. McEnroe
2020-02-13Explicitly close the TLS connectionC. McEnroe
Just to be nice.
2020-02-13Implement source address selectionmultiplexd
This commit adds a '-S' command line option and a "bind" configuration file option to specify the source address to bind to when connecting to the IRC server.
2020-02-06Search for cert and priv in config dirsC. McEnroe
2020-02-04Align word wrapping with tab characterC. McEnroe
Also fixes handling whitespace directly after control codes.
2020-02-02Remove style string macrosC. McEnroe
2020-02-01Implement the beginnings of UIC. McEnroe
It takes so much code to do anything in curses...
2020-02-01Add -v flagC. McEnroe
2020-02-01Blindly implement login flowC. McEnroe