ngircd with make http://git.nakidai.ru/ngircd/atom?h=master 2026-01-15T11:45:26+00:00 2026-01-15T11:45:26+00:00 Nakidai nakidai@disroot.org 2026-01-15T11:45:26+00:00 urn:sha1:9a2b8cb4fde1adea8027387f277510cfa4406a20 2025-12-19T16:23:16+00:00 anzz1 anzz1@live.com 2025-12-19T16:23:16+00:00 urn:sha1:f11b01ccc2c9aa8b20c607da10d7e60dab36efaf The new configuration option "DefaultChannelModes" lists channel modes that become automatically set on new channels on creation. Default: set no modes. Closes #333. 2025-09-12T18:54:56+00:00 anzz1 anzz1@live.com 2025-09-12T18:54:56+00:00 urn:sha1:3e4ca16dc245727c64f23494636601c29fd07643 Closes #334. 2024-08-18T09:57:34+00:00 Alexander Barton alex@barton.de 2024-05-06T18:09:49+00:00 urn:sha1:7012d41b077222b8dd47a5ecd9634477cf805e3c 2024-04-19T21:49:59+00:00 Alexander Barton alex@barton.de 2024-04-19T21:49:59+00:00 urn:sha1:3e3f6cbeceefd9357b53b27c2386bb39306ab353 2024-03-31T09:19:48+00:00 Alexander Barton alex@barton.de 2024-03-25T22:38:08+00:00 urn:sha1:24e822cff2d0a33c9bfa26fe31d52939bdd3fac7 2024-03-23T19:19:01+00:00 Alexander Barton alex@barton.de 2024-01-03T14:40:58+00:00 urn:sha1:58ee4df2ae2e4e59ae8909b69670825229158da8 2024-03-23T19:19:01+00:00 Christoph Biedl ngircd.anoy@manchmal.in-ulm.de 2014-11-02T13:48:34+00:00 urn:sha1:817937b218c4b57515f54216ebc936cd69df0aae This patch provides code to validate the server certificate in server links, defeating nasty man-in-the-middle attacks on server links. Features: - Check whether the certificate is signed by a trusted certificate authority (CA). - Check the host name, including wildcard certificates and Subject Alternative Names. - Optionally check against a certificate revocation list (CRL). - Implementation for both OpenSSL and GnuTLS linkage. Left for another day: - Parameterize the TLS parameter of an outbound connection. Currently, it's hardcoded to disable all versions before TLSv1.1. - Using certificate as CA-certificate. They work for GnuTLS only but perhaps this should rather raise an error there, too. - Optional OCSP checking. - Checking client certificates. Code is there but this first needs some consideration about the use cases. This could replace all other authentication methods, for both client-server and server-server connections. This patch is based on a patch by Florian Westphal from 2009, which implemented this for OpenSSL only: From: Florian Westphal <fw@strlen.de> Date: Mon, 18 May 2009 00:29:02 +0200 Subject: SSL/TLS: Add initial certificate support to OpenSSL backend Commit message modified by Alex Barton. Closes #120, "Server links using TLS/SSL need certificate validation". Supersedes PR #8, "Options for verifying and requiring SSL client certificates", which had (incomplete?) code for OpenSSL, no GnuTLS. 2024-03-23T18:58:23+00:00 Alexander Barton alex@barton.de 2024-03-23T18:58:23+00:00 urn:sha1:c8798fcec04f110fb050cc3948d11051917e3696 2024-01-21T19:15:47+00:00 Alexander Barton alex@barton.de 2024-01-21T18:41:39+00:00 urn:sha1:b4c8e74ccb2cb95e492323b8b39950b203e0262f No longer use a default built-in value for the "IncludeDir" directive when a configuration file was explicitly specified on the command line using "--config"/"-f": This way no default include directory is scanned when a possibly non-default configuration file is used which (intentionally) did not specify an "IncludeDir" directive. With this patch you now can use "-f /dev/null" for checking all built-in defaults, regardless of any local configuration files in the default drop-in directory (which would have been read in until this change).