From ae332f6e8d26487ba4556283dcde2bf96da76467 Mon Sep 17 00:00:00 2001 From: Klemens Nanni Date: Tue, 29 Jun 2021 15:34:03 +0200 Subject: Perform TLS handshake after final pledge ircConnect() yields a connected TCP socket after which "inet dns" is no longer needed. Possibly having loaded private key material, it seems a tad more comforting to speak TLS *after* dropping any network capabilities (except for socket read/write to the IRC host, of course). Instead of moving the final pledge into irc.c:ircConnect() and thus complicating the code around pledge across two C modules, simply stub out an mnemonic ircHandshake() and call that explicitly. This restores behaviour gained with 981ebc4 "Remove explicit tls_handshake(3) from ircConnect" which was reverted for other reasons. --- chat.h | 1 + 1 file changed, 1 insertion(+) (limited to 'chat.h') diff --git a/chat.h b/chat.h index 9ad298f..c247dd7 100644 --- a/chat.h +++ b/chat.h @@ -235,6 +235,7 @@ void ircConfig( bool insecure, const char *trust, const char *cert, const char *priv ); int ircConnect(const char *bind, const char *host, const char *port); +void ircHandshake(void); void ircPrintCert(void); void ircRecv(void); void ircSend(const char *ptr, size_t len); -- cgit 1.4.1-2-gfad0