ngircd/doc, branch master ngircd with make http://git.nakidai.ru/ngircd/atom?h=master 2025-12-19T16:23:16+00:00 Implement new configuration option "DefaultChannelModes" 2025-12-19T16:23:16+00:00 anzz1 anzz1@live.com 2025-12-19T16:23:16+00:00 urn:sha1:f11b01ccc2c9aa8b20c607da10d7e60dab36efaf The new configuration option "DefaultChannelModes" lists channel modes that become automatically set on new channels on creation. Default: set no modes. Closes #333. Improve "CloakHostModeX" documentation 2025-09-12T18:54:56+00:00 anzz1 anzz1@live.com 2025-09-12T18:54:56+00:00 urn:sha1:3e4ca16dc245727c64f23494636601c29fd07643 Closes #334. Update documentation on CAFile 2024-08-04T16:05:10+00:00 osmarks me@osmarks.net 2024-08-04T16:05:10+00:00 urn:sha1:37c31eeae0bdaad6ea6b6038459b0553115f7e2e ngIRCd 27 now checks server certificates, and without `CAFile` set will reject all server/server connections with a confusing error. Update documentation to say that `CAFile` is needed to accept incoming server connections. Closes #320. Update doc/Platforms.txt 2024-04-26T12:18:32+00:00 Alexander Barton alex@barton.de 2024-04-19T21:41:21+00:00 urn:sha1:7ccf98edfaad0c8af4a3984f3177071b1f2b4a19 Clarify that "CAFile" is not set by default 2024-04-19T21:49:59+00:00 Alexander Barton alex@barton.de 2024-04-19T21:49:59+00:00 urn:sha1:3e3f6cbeceefd9357b53b27c2386bb39306ab353 Update doc/Platforms.txt 2024-04-11T20:11:38+00:00 Alexander Barton alex@barton.de 2024-04-02T20:33:50+00:00 urn:sha1:0d42ea7709c786cd9c405cf04395afd0091e580e Fix quoting in code examples in doc/Container.md 2024-03-31T09:19:48+00:00 Alexander Barton alex@barton.de 2024-03-29T11:34:50+00:00 urn:sha1:ddba1263073e27059ba5346d6665612524454531 S2S-TLS: Convert SSL.txt to Markdown and update information given 2024-03-23T19:19:01+00:00 Alexander Barton alex@barton.de 2024-01-08T17:31:30+00:00 urn:sha1:b826fad15871f73435328b1d77fd364838389adb No longer describe creating self-signed certificates or using "stunnel", as both is not recommended. Support for server certificate validation on server links [S2S-TLS] 2024-03-23T19:19:01+00:00 Christoph Biedl ngircd.anoy@manchmal.in-ulm.de 2014-11-02T13:48:34+00:00 urn:sha1:817937b218c4b57515f54216ebc936cd69df0aae This patch provides code to validate the server certificate in server links, defeating nasty man-in-the-middle attacks on server links. Features: - Check whether the certificate is signed by a trusted certificate authority (CA). - Check the host name, including wildcard certificates and Subject Alternative Names. - Optionally check against a certificate revocation list (CRL). - Implementation for both OpenSSL and GnuTLS linkage. Left for another day: - Parameterize the TLS parameter of an outbound connection. Currently, it's hardcoded to disable all versions before TLSv1.1. - Using certificate as CA-certificate. They work for GnuTLS only but perhaps this should rather raise an error there, too. - Optional OCSP checking. - Checking client certificates. Code is there but this first needs some consideration about the use cases. This could replace all other authentication methods, for both client-server and server-server connections. This patch is based on a patch by Florian Westphal from 2009, which implemented this for OpenSSL only: From: Florian Westphal <fw@strlen.de> Date: Mon, 18 May 2009 00:29:02 +0200 Subject: SSL/TLS: Add initial certificate support to OpenSSL backend Commit message modified by Alex Barton. Closes #120, "Server links using TLS/SSL need certificate validation". Supersedes PR #8, "Options for verifying and requiring SSL client certificates", which had (incomplete?) code for OpenSSL, no GnuTLS. QuickStart.md: Tweak the text a bit ... 2024-03-17T21:42:19+00:00 Alexander Barton alex@barton.de 2024-03-17T19:36:20+00:00 urn:sha1:c1c0bca0e2fa7b678a18155abaf364fcb9dab427