ngircd/man, branch rel-27

Clarify that "CAFile" is not set by default

2024-04-19T21:49:59+00:00

ngircd.8: Update for the now always available debug-mode

2024-03-31T09:19:48+00:00

S2S-TLS: Fix formatting and sort new SSL options in ngircd.conf manual page

2024-03-23T19:19:01+00:00

Support for server certificate validation on server links [S2S-TLS]

2024-03-23T19:19:01+00:00

This patch provides code to validate the server certificate in server links, defeating nasty man-in-the-middle attacks on server links. Features: - Check whether the certificate is signed by a trusted certificate authority (CA). - Check the host name, including wildcard certificates and Subject Alternative Names. - Optionally check against a certificate revocation list (CRL). - Implementation for both OpenSSL and GnuTLS linkage. Left for another day: - Parameterize the TLS parameter of an outbound connection. Currently, it's hardcoded to disable all versions before TLSv1.1. - Using certificate as CA-certificate. They work for GnuTLS only but perhaps this should rather raise an error there, too. - Optional OCSP checking. - Checking client certificates. Code is there but this first needs some consideration about the use cases. This could replace all other authentication methods, for both client-server and server-server connections. This patch is based on a patch by Florian Westphal from 2009, which implemented this for OpenSSL only: From: Florian Westphal Date: Mon, 18 May 2009 00:29:02 +0200 Subject: SSL/TLS: Add initial certificate support to OpenSSL backend Commit message modified by Alex Barton. Closes #120, "Server links using TLS/SSL need certificate validation". Supersedes PR #8, "Options for verifying and requiring SSL client certificates", which had (incomplete?) code for OpenSSL, no GnuTLS.

Bring manual page more in line with README.md and homepage

2024-03-23T18:58:23+00:00

Use a default "IncludeDir" only when no config file was specified

2024-01-21T19:15:47+00:00

No longer use a default built-in value for the "IncludeDir" directive when a configuration file was explicitly specified on the command line using "--config"/"-f": This way no default include directory is scanned when a possibly non-default configuration file is used which (intentionally) did not specify an "IncludeDir" directive. With this patch you now can use "-f /dev/null" for checking all built-in defaults, regardless of any local configuration files in the default drop-in directory (which would have been read in until this change).

Make the description of the "Info" option more precise

2024-01-21T00:20:46+00:00

The "Info" option in the "[Global]" section is optional (so comment it out in the sample configuration file) and set to the server software name and its version when not set (so add this information to the sample configuration file and the ngircd.conf(5) manual page).

Deduce a server name when not set in the configuration

2024-01-21T00:20:46+00:00

The server "Name" in the "[Global]" section of the configuration file is optional now: When not set (or empty), ngIRCd now tries to deduce a valid IRC server name from the local host name ("node name"), possibly adding a ".host" extension when the host name does not contain a dot (".") which is required in an IRC server name ("ID"). This new behaviour, with all configuration parameters now being optional, allows running ngIRCd without any configuration file at all.

Update and enhance the manual pages a bit

2023-09-17T20:03:12+00:00

Merge branch 'katp32/master'

2023-09-17T19:37:45+00:00

Thanks Katherine Peeters for the patch and pull request! Closes #294. * katp32/master: Improve documentation for --syslog Added command line flag to enable syslog Split NoSyslog from behaviour of NoDaemon