[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

SSL patch for 2.11 ircd



Hello people!

I'd like to announce the first public release of the SSL patch
for the 2.11.1p1 IRCnet ircd. Please test it and report errors.

It's based on sd's great work (+sd patch for 2.10 ircd).
>From that time there were (at least AFAIK) some different people
playing with it and porting just the core SSL functionality to 2.11 ircd,
but they all seemed to have abandoned their work soon.
(+sd is a good thing, but it was never meant for a network like IRCnet)
I got the 2.11.0b12 version of such a patch.

Beside porting it to 2.11.1p1 and fixing some bugs
(a well hidden memleak, some nonblocking I/O stuff causing
constant disconnects of people and similar things),
I also introduced new stuff like '!' I-line and O-line flags
making the password field contain a wildcarded subject (DN)
of the X509 certificate and thus allowing opering with X509
authentication (OPER nick) for instance, CRL support via R-line,
CCL_CONNINFO_SSL for information about client X509 certificates on 
&CLIENTS, configure searching for OpenSSL (thanks to anfl
for help with that) and probably even some more.

The files available are the ssl version and the
ssl+patricia version. Patricia is from anfl and offers
CIDR limits to the ircd. Actually I did all the work on the
patricia+ssl version (that version was also tested
on my home IRC server and later on ircs.ircnet.ee with real users).
All the changes were then "backported" to the plain ssl version
so I apologize if I forgot or messed up anything.

http://www.execve.org/2.11.1p1-ssl.diff
http://www.execve.org/2.11.1p1-ssl-patricia.diff

Thanks for all the support and motivation to DES and jyrka.

Greetings,
Grega "fiction" Pogacnik