Age | Commit message (Collapse) | Author | |
---|---|---|---|
2014-12-07 | Fix warnings in m_ssl_openssl about the use of `long long` on C++03. | Peter Powell | |
2014-10-27 | Merge insp20 | Attila Molnar | |
2014-10-27 | m_ssl_openssl Store a pointer to the OpenSSLIOHook object in SSL objects | Attila Molnar | |
2014-10-26 | Remove some dead code found by Coverity | Attila Molnar | |
2014-10-25 | Use gnutls_rnd instead of gcry_randomize on newer GnuTLS versions. | Peter Powell | |
This is a modified version of 690c372. Fixes #905. | |||
2014-10-20 | m_ssl_openssl Add compile time option that allows disabling renegotiations | Attila Molnar | |
2014-10-20 | m_ssl_openssl Add compile time option to enable ECDH | Attila Molnar | |
2014-10-20 | m_ssl_gnutls Add compile time option for allowing sha256 certificate ↵ | Attila Molnar | |
fingerprints | |||
2014-10-16 | Initialize all fields of issl_session on module load in SSL modules | Attila Molnar | |
2014-10-16 | Add interface to SSL modules that allows other modules to obtain the raw SSL ↵ | Attila Molnar | |
session of a socket | |||
2014-10-16 | m_ssl_gnutls Refcount GnuTLS objects, free them when they are no longer in ↵ | Attila Molnar | |
use instead of at /rehash ssl time | |||
2014-10-15 | m_ssl_openssl Fix debug message | Attila Molnar | |
2014-10-15 | m_ssl_openssl Reset data_to_write for new sessions | Attila Molnar | |
2014-10-15 | m_ssl_openssl Free the ssl_cert object as soon as the session is closed ↵ | Attila Molnar | |
instead of waiting for the next VerifyCertificate() or new connection | |||
2014-10-15 | m_ssl_openssl Remove bogus errno assignment from CloseSession() | Attila Molnar | |
2014-10-14 | m_ssl_openssl Return an error from the IOHook read and write functions if ↵ | Attila Molnar | |
the handshake returns 0 The meaning of a 0 return value quoted from the manual: The TLS/SSL handshake was not successful but was shut down controlled and by the specifications of the TLS/SSL protocol. | |||
2014-10-14 | m_ssl_openssl Add user-friendly config options for setting a few OpenSSL ↵ | Attila Molnar | |
context options | |||
2014-10-10 | m_ssl_openssl Allow configuring raw OpenSSL context options | Attila Molnar | |
2014-10-10 | m_ssl_openssl Disable session caching and session tickets | Attila Molnar | |
2014-10-10 | m_ssl_openssl Enable single (EC)DH use and disable SSL v2 | Attila Molnar | |
Options enabled: - SSL_OP_NO_SSLv2 - SSL_OP_SINGLE_DH_USE - SSL_OP_SINGLE_ECDH_USE (if it exists) Partial backport of #856 by @jvehent | |||
2014-10-08 | m_ssl_openssl Clear the error queue before every SSL_* call | Attila Molnar | |
2014-10-03 | m_ssl_gnutls Re-set DH params when the gnutls_certificate_credentials_t ↵ | Attila Molnar | |
struct is reallocated | |||
2014-09-02 | m_sqlite3 Fix cleanup of unsuccessful database connections | Attila Molnar | |
2014-07-25 | m_ssl_openssl Read the DH params file using the BIO API on all OSes | Attila Molnar | |
2014-07-25 | Merge insp20 | Attila Molnar | |
2014-07-24 | Make sure the DN strings obtained from the SSL mods are always valid | Attila Molnar | |
2014-07-19 | Say "SSL certificate fingerprint" instead of "SSL fingerprint" everywhere | Attila Molnar | |
2014-07-19 | Access local user list via new UserManager::GetLocalUsers() and make ↵ | Attila Molnar | |
local_users private | |||
2014-07-19 | Move and rename typedef LocalUserList to UserManager::LocalList | Attila Molnar | |
2014-07-10 | Remove current time parameter of the Timer constructor | Attila Molnar | |
2014-06-30 | Set SSL options to sane default and enfore server cipher preferences | Julien Vehent | |
Original PR #856 | |||
2014-06-28 | Ignore safe compiler warnings in a more reliable way. | Peter Powell | |
2014-06-14 | Kill needless #includes in source files | Attila Molnar | |
2014-06-13 | Change allocation of InspIRCd::Threads to be physically part of the object ↵ | Attila Molnar | |
containing it | |||
2014-06-07 | m_ssl_openssl Remove unused MAX_DESCRIPTORS define | Attila Molnar | |
2014-05-26 | m_ssl_gnutls Don't include cap.h | Attila Molnar | |
The tls cap is handled by m_starttls | |||
2014-05-10 | m_ldap: time out LDAP queries | Adam | |
Set LDAP_OPT_NETWORK_TIMEOUT to 0 in m_ldap to prevent the asynchronous library calls from blocking Fix memory leak of pending queries when m_ldap is unloaded | |||
2014-04-13 | Change Windows libraries to be dynamically linked | Adam | |
2014-04-13 | m_ssl_openssl Avoid Applink on Windows by calling PEM_read_bio_DHparams() ↵ | Attila Molnar | |
instead of PEM_read_DHparams() | |||
2014-04-07 | Merge insp20 | Attila Molnar | |
2014-03-15 | Change allocation of InspIRCd::Timers to be physically part of the object ↵ | Attila Molnar | |
containing it | |||
2014-02-13 | Remove support for advertising the SSL ports in RPL_ISUPPORT. | Peter Powell | |
- No other IRC servers implement this. - No IRC clients I can find support this. | |||
2014-02-08 | Change all socketengine methods to be static | Attila Molnar | |
2014-01-31 | Remove some dead code | Attila Molnar | |
2014-01-30 | Allow Timers to delete themselves in Tick() | Attila Molnar | |
2014-01-26 | m_ssl_openssl Fix memory leaks on /rehash ssl, unload and in VerifyCertificate() | Attila Molnar | |
2014-01-25 | Omit the server name internally when building a /STATS reply and prepend it ↵ | Attila Molnar | |
later | |||
2014-01-24 | Set a session id on our server ssl context in m_ssl_openssl. It is required ↵ | Adam | |
for some clients which try to restore SSL sessions. | |||
2014-01-22 | Split IOHook into IOHook and IOHookProvider | Attila Molnar | |
Create one IOHook instance for each hooked socket which contains all the hook specific data and read/write/close functions, removing the need for the "issl_session" array in SSL modules. Register instances of the IOHookProvider class in the core and use them to create specialized IOHook instances (OnConnect/OnAccept). Remove the OnHookIO hook, add a dynamic reference to ListenSocket that points to the hook provider (if any) to use for incoming connections on that socket. For outgoing connections modules still have to find the IOHookProvider they want to use themselves but instead of calling AddIOHook(hookprov), now they have to call IOHookProvider::OnConnect() after the connection has been established. | |||
2014-01-22 | Add the ability to have multiple SSL profiles | Attila Molnar | |
SSL profiles are now used instead of fixed SSL settings for everything SSL, making it possible to use completely different settings for each listener and outgoing connection. Outgoing connections are broken until the next commit. |