summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--.gitattributes1
-rwxr-xr-xdebian/changelog18
-rwxr-xr-xdebian/rules4
-rwxr-xr-xvchat-client.c19
-rwxr-xr-xvchat-client.sgml6
-rwxr-xr-xvchat-commands.c4
-rwxr-xr-xvchat-config.h7
-rwxr-xr-xvchat-howto14
-rwxr-xr-xvchat-protocol.c2
-rwxr-xr-xvchat-ssl.c108
-rwxr-xr-xvchat-ssl.h1
-rwxr-xr-xvchat-ui.c12
-rwxr-xr-xvchat-user.c2
-rwxr-xr-xvchat.h19
-rwxr-xr-xvchatrc.ex10
15 files changed, 174 insertions, 53 deletions
diff --git a/.gitattributes b/.gitattributes
new file mode 100644
index 0000000..9433213
--- /dev/null
+++ b/.gitattributes
@@ -0,0 +1 @@
*.c ident
diff --git a/debian/changelog b/debian/changelog
index 17e8bf7..eb2b185 100755
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,21 @@
1vchat-client (0.19-1) unstable; urgency=high
2
3 * fixed version string display
4 * failing on SSL verify failures
5 * removed ignssl option
6 * reenabled ciphers options
7 * added verifyssl option (cert verify depth)
8
9 -- Andreas Kotes <count@flatline.de> Wed, 16 Apr 2014 15:12:23 +0200
10
11vchat-client (0.18-1) unstable; urgency=high
12
13 * updated to use TLSv1 or later
14 * improved SSL error reporting
15 * report SSL cipher used
16
17 -- Andreas Kotes <count@flatline.de> Tue, 15 Apr 2014 13:09:23 +0200
18
1vchat-client (0.15-2) unstable; urgency=low 19vchat-client (0.15-2) unstable; urgency=low
2 20
3 * changed debian/rules using "make install" 21 * changed debian/rules using "make install"
diff --git a/debian/rules b/debian/rules
index 389c597..778533f 100755
--- a/debian/rules
+++ b/debian/rules
@@ -5,7 +5,7 @@
5#export DH_VERBOSE=1 5#export DH_VERBOSE=1
6 6
7# This is the debhelper compatability version to use. 7# This is the debhelper compatability version to use.
8export DH_COMPAT=3 8export DH_COMPAT=5
9 9
10configure: configure-stamp 10configure: configure-stamp
11configure-stamp: 11configure-stamp:
@@ -28,7 +28,7 @@ clean:
28install: build 28install: build
29 dh_testdir 29 dh_testdir
30 dh_testroot 30 dh_testroot
31 dh_clean -k 31 dh_prep
32 dh_installdirs 32 dh_installdirs
33 $(MAKE) install DESTDIR=$(CURDIR)/debian/vchat-client PREFIX=/usr 33 $(MAKE) install DESTDIR=$(CURDIR)/debian/vchat-client PREFIX=/usr
34 34
diff --git a/vchat-client.c b/vchat-client.c
index f5cd516..a2e298c 100755
--- a/vchat-client.c
+++ b/vchat-client.c
@@ -32,7 +32,7 @@
32#include "vchat-user.h" 32#include "vchat-user.h"
33 33
34/* version of this module */ 34/* version of this module */
35char *vchat_cl_version = "$Id$"; 35const char *vchat_cl_version = "vchat-client.c $Id$";
36 36
37/* externally used variables */ 37/* externally used variables */
38/* we're logged in */ 38/* we're logged in */
@@ -442,6 +442,17 @@ void usage( char *name) {
442 puts (" -n set nickname"); 442 puts (" -n set nickname");
443 printf (" -f set from (default \"%s\")\n",getstroption(CF_FROM)); 443 printf (" -f set from (default \"%s\")\n",getstroption(CF_FROM));
444 puts (" -h gives this help"); 444 puts (" -h gives this help");
445 puts (" -v show module versions");
446}
447
448void versions() {
449 puts (vchat_cl_version);
450 puts (vchat_ui_version);
451 puts (vchat_io_version);
452 puts (vchat_us_version);
453 puts (vchat_cm_version);
454 puts (vchat_ssl_version);
455 puts (vchat_ssl_version_external);
445} 456}
446 457
447/* main - d'oh */ 458/* main - d'oh */
@@ -456,9 +467,12 @@ main (int argc, char **argv)
456 loadconfig (GLOBAL_CONFIG_FILE); 467 loadconfig (GLOBAL_CONFIG_FILE);
457 loadconfig (getstroption (CF_CONFIGFILE)); 468 loadconfig (getstroption (CF_CONFIGFILE));
458 469
470 /* make SSL version used visible */
471 vchat_ssl_get_version_external();
472
459 /* parse commandline */ 473 /* parse commandline */
460 while (cmdsunparsed) { 474 while (cmdsunparsed) {
461 pchar = getopt(argc,argv,"C:F:lzs:p:c:n:f:kKL:h"); 475 pchar = getopt(argc,argv,"C:F:lzs:p:c:n:f:kKL:hv");
462#ifdef DEBUG 476#ifdef DEBUG
463 fprintf(stderr,"parse commandline: %d ('%c'): %s\n",pchar,pchar,optarg); 477 fprintf(stderr,"parse commandline: %d ('%c'): %s\n",pchar,pchar,optarg);
464#endif 478#endif
@@ -475,6 +489,7 @@ main (int argc, char **argv)
475 case 'n': own_nick_set(optarg); break; 489 case 'n': own_nick_set(optarg); break;
476 case 'f': setstroption(CF_FROM,optarg); break; 490 case 'f': setstroption(CF_FROM,optarg); break;
477 case 'h': usage(argv[0]); exit(0); break; 491 case 'h': usage(argv[0]); exit(0); break;
492 case 'v': versions(); exit(0); break;
478 default : usage(argv[0]); exit(1); 493 default : usage(argv[0]); exit(1);
479 } 494 }
480 } 495 }
diff --git a/vchat-client.sgml b/vchat-client.sgml
index 4b4f130..3d6fbc7 100755
--- a/vchat-client.sgml
+++ b/vchat-client.sgml
@@ -101,7 +101,7 @@ overridden in the configfile.</para></listitem>
101 101
102<varlistentry> 102<varlistentry>
103<term><option>-f</option> <replaceable>from</replaceable></term> 103<term><option>-f</option> <replaceable>from</replaceable></term>
104<listitem><para>set from (default "vc-alpha-0.15")</para></listitem> 104<listitem><para>set from (default "vc-alpha-0.19")</para></listitem>
105</varlistentry> 105</varlistentry>
106 106
107<varlistentry> 107<varlistentry>
@@ -144,7 +144,7 @@ configure the behavior of vchat-client</para>
144 144
145<varlistentry> 145<varlistentry>
146<term><option>from</option></term> 146<term><option>from</option></term>
147<listitem><para>Sets the from (default is "vc-alpha-0.15")</para></listitem> 147<listitem><para>Sets the from (default is "vc-alpha-0.19")</para></listitem>
148</varlistentry> 148</varlistentry>
149 149
150<varlistentry> 150<varlistentry>
@@ -159,7 +159,7 @@ configure the behavior of vchat-client</para>
159 159
160<varlistentry> 160<varlistentry>
161<term><option>ciphers</option></term> 161<term><option>ciphers</option></term>
162<listitem><para>Set ciphers ("HIGH:MEDIUM")</para></listitem> 162<listitem><para>Set ciphers (autodetected)</para></listitem>
163</varlistentry> 163</varlistentry>
164 164
165<varlistentry> 165<varlistentry>
diff --git a/vchat-commands.c b/vchat-commands.c
index 2c3d68b..06c9010 100755
--- a/vchat-commands.c
+++ b/vchat-commands.c
@@ -29,7 +29,7 @@
29#include "vchat-user.h" 29#include "vchat-user.h"
30 30
31/* version of this module */ 31/* version of this module */
32char *vchat_cm_version = "$Id$"; 32const char *vchat_cm_version = "vchat-commands.c $Id$";
33 33
34/* from vchat-client.c */ 34/* from vchat-client.c */
35extern int ownquit; 35extern int ownquit;
@@ -452,6 +452,8 @@ command_version(char *tail)
452 writeout (vchat_io_version); 452 writeout (vchat_io_version);
453 writeout (vchat_us_version); 453 writeout (vchat_us_version);
454 writeout (vchat_cm_version); 454 writeout (vchat_cm_version);
455 writeout (vchat_ssl_version);
456 writeout (vchat_ssl_version_external);
455 showout(); 457 showout();
456} 458}
457 459
diff --git a/vchat-config.h b/vchat-config.h
index 8392d18..0291100 100755
--- a/vchat-config.h
+++ b/vchat-config.h
@@ -29,18 +29,19 @@ extern unsigned int hscroll;
29static volatile configoption configoptions[] = { 29static volatile configoption configoptions[] = {
30/* config-option type name in file default value value localvar */ 30/* config-option type name in file default value value localvar */
31 {CF_NICK, CO_STR, "nick", NULL, NULL, { NULL } }, 31 {CF_NICK, CO_STR, "nick", NULL, NULL, { NULL } },
32 {CF_FROM, CO_STR, "from", "vc-alpha-0.17", NULL, { NULL } }, 32 {CF_FROM, CO_STR, "from", "vc-alpha-0.19", NULL, { NULL } },
33 {CF_SERVERHOST, CO_STR, "host", "localhost", NULL, { NULL } }, 33 {CF_SERVERHOST, CO_STR, "host", "localhost", NULL, { NULL } },
34 {CF_SERVERPORT, CO_STR, "port", "2325", NULL, { NULL } }, 34 {CF_SERVERPORT, CO_STR, "port", "2325", NULL, { NULL } },
35 {CF_CIPHERSUITE, CO_STR, "ciphers", "HIGH:MEDIUM", NULL, { NULL } }, 35 {CF_CIPHERSUITE, CO_STR, "ciphers", NULL, NULL, { NULL } },
36 {CF_CONFIGFILE, CO_STR, "conffile", "~/.vchat/config", NULL, { NULL } }, 36 {CF_CONFIGFILE, CO_STR, "conffile", "~/.vchat/config", NULL, { NULL } },
37 {CF_CERTFILE, CO_STR, "certfile", "~/.vchat/cert", NULL, { NULL } }, 37 {CF_CERTFILE, CO_STR, "certfile", "~/.vchat/cert", NULL, { NULL } },
38 {CF_KEYFILE, CO_STR, "keyfile", "~/.vchat/key", NULL, { NULL } }, 38 {CF_KEYFILE, CO_STR, "keyfile", "~/.vchat/key", NULL, { NULL } },
39 {CF_FORMFILE, CO_STR, "formatfile", "~/.vchat/formats", NULL, { NULL } }, 39 {CF_FORMFILE, CO_STR, "formatfile", "~/.vchat/formats", NULL, { NULL } },
40 {CF_LOGINSCRIPT, CO_STR, "loginscript","~/.vchat/loginscript", NULL, { NULL } }, 40 {CF_LOGINSCRIPT, CO_STR, "loginscript","~/.vchat/loginscript", NULL, { NULL } },
41 {CF_FINGERPRINT, CO_STR, "fingerprint","~/.vchat/fingerprint", NULL, { NULL } },
41 {CF_ENCODING, CO_STR, "encoding", NULL, NULL, { .pstr = &encoding }}, 42 {CF_ENCODING, CO_STR, "encoding", NULL, NULL, { .pstr = &encoding }},
42 {CF_USESSL, CO_INT, "usessl", (char *) 1, (char *)-1, { NULL } }, 43 {CF_USESSL, CO_INT, "usessl", (char *) 1, (char *)-1, { NULL } },
43 {CF_IGNSSL, CO_INT, "ignssl", (char *) 0, (char *)-1, { NULL } }, 44 {CF_VERIFYSSL, CO_INT, "verifyssl", (char *) 2, (char *)-1, { NULL } },
44 {CF_USECERT, CO_INT, "usecert", (char *) 1, (char *)-1, { NULL } }, 45 {CF_USECERT, CO_INT, "usecert", (char *) 1, (char *)-1, { NULL } },
45 {CF_USETIME, CO_INT, "usetime", (char *) 1, (char *)-1, { .pint = &usetime } }, 46 {CF_USETIME, CO_INT, "usetime", (char *) 1, (char *)-1, { .pint = &usetime } },
46 {CF_USETOPIC, CO_INT, "usetopicbar",(char *) 1, (char *)-1, { NULL } }, 47 {CF_USETOPIC, CO_INT, "usetopicbar",(char *) 1, (char *)-1, { NULL } },
diff --git a/vchat-howto b/vchat-howto
index 0ace213..27f8e14 100755
--- a/vchat-howto
+++ b/vchat-howto
@@ -69,11 +69,7 @@ type:
69 69
70$ echo host=vchat.berlin.ccc.de >> ~/.vchat/config 70$ echo host=vchat.berlin.ccc.de >> ~/.vchat/config
71 71
72If you want to ignore SSL-warnings due to missing CA-files, type: 72You don't want to ignore SSL-warnings, get the root-certificates from:
73
74$ echo ignssl=1 >> ~/.vchat/config
75
76If you don't want to ignore SSL-warnings, get the root-certificates from:
77 73
78 http://www.cacert.org/certs/class3.txt 74 http://www.cacert.org/certs/class3.txt
79 and 75 and
@@ -87,10 +83,10 @@ and copy them into your openssl-certs directory. For example:
87 # ln -s root.txt `openssl x509 -in root.txt -hash | head -n 1`.0 83 # ln -s root.txt `openssl x509 -in root.txt -hash | head -n 1`.0
88 # ln -s class3.txt `openssl x509 -in class3.txt -hash | head -n 1`.0 84 # ln -s class3.txt `openssl x509 -in class3.txt -hash | head -n 1`.0
89 85
90Now you can type: 86NOTE: some openssl versions deliberately disable EC for unknown reasons, you
91 87need to manually (re)set the cipher string to a lower security variant there:
92 $ echo ignssl=0 >> ~/.vchat/config 88
93 89$ echo ciphers=DHE-RSA-AES256-SHA >> ~/.vchat/config
94 90
95If you want a seperate private message window, type: 91If you want a seperate private message window, type:
96 92
diff --git a/vchat-protocol.c b/vchat-protocol.c
index e676b28..b077411 100755
--- a/vchat-protocol.c
+++ b/vchat-protocol.c
@@ -35,7 +35,7 @@
35#include "vchat-ssl.h" 35#include "vchat-ssl.h"
36 36
37/* version of this module */ 37/* version of this module */
38char *vchat_io_version = "$Id$"; 38const char *vchat_io_version = "vchat-protocol.c $Id$";
39 39
40/* externally used variables */ 40/* externally used variables */
41int serverfd = -1; 41int serverfd = -1;
diff --git a/vchat-ssl.c b/vchat-ssl.c
index 7060e29..79092a6 100755
--- a/vchat-ssl.c
+++ b/vchat-ssl.c
@@ -32,7 +32,7 @@
32#include "vchat.h" 32#include "vchat.h"
33#include "vchat-ssl.h" 33#include "vchat-ssl.h"
34 34
35char *vchat_ssl_version = "$Id$"; 35const char *vchat_ssl_version = "vchat-ssl.c $Id$";
36 36
37#define VC_CTX_ERR_EXIT(se, cx) do { \ 37#define VC_CTX_ERR_EXIT(se, cx) do { \
38 snprintf(tmpstr, TMPSTRSIZE, "CREATE CTX: %s", \ 38 snprintf(tmpstr, TMPSTRSIZE, "CREATE CTX: %s", \
@@ -61,6 +61,7 @@ SSL_CTX * vc_create_sslctx( vc_x509store_t *vc_store )
61 X509_STORE *store = NULL; 61 X509_STORE *store = NULL;
62 vc_x509verify_cb_t verify_callback = NULL; 62 vc_x509verify_cb_t verify_callback = NULL;
63 63
64 /* Explicitly use TLSv1 (or maybe later) */
64 if( !(ctx = SSL_CTX_new(SSLv23_client_method())) ) 65 if( !(ctx = SSL_CTX_new(SSLv23_client_method())) )
65 VC_CTX_ERR_EXIT(store, ctx); 66 VC_CTX_ERR_EXIT(store, ctx);
66 67
@@ -69,13 +70,16 @@ SSL_CTX * vc_create_sslctx( vc_x509store_t *vc_store )
69 70
70 SSL_CTX_set_cert_store(ctx, store); 71 SSL_CTX_set_cert_store(ctx, store);
71 store = NULL; 72 store = NULL;
73 /* Disable some insecure protocols explicitly */
72 SSL_CTX_set_options(ctx, SSL_OP_ALL | SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3); 74 SSL_CTX_set_options(ctx, SSL_OP_ALL | SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3);
73 if( OPENSSL_VERSION_NUMBER < 0x10000000L ) 75 if (getstroption(CF_CIPHERSUITE))
76 SSL_CTX_set_cipher_list(ctx, getstroption(CF_CIPHERSUITE));
77 else if( OPENSSL_VERSION_NUMBER < 0x10000000L )
74 SSL_CTX_set_cipher_list(ctx, "DHE-RSA-AES256-SHA"); 78 SSL_CTX_set_cipher_list(ctx, "DHE-RSA-AES256-SHA");
75 else 79 else
76 SSL_CTX_set_cipher_list(ctx, "ECDHE-RSA-AES256-GCM-SHA384"); 80 SSL_CTX_set_cipher_list(ctx, "ECDHE-RSA-AES256-GCM-SHA384");
77 81
78 SSL_CTX_set_verify_depth (ctx, 2); 82 SSL_CTX_set_verify_depth (ctx, getintoption(CF_VERIFYSSL));
79 83
80 if( !(verify_callback = vc_store->callback) ) 84 if( !(verify_callback = vc_store->callback) )
81 verify_callback = vc_verify_callback; 85 verify_callback = vc_verify_callback;
@@ -137,6 +141,7 @@ int vc_connect_ssl( BIO **conn, vc_x509store_t *vc_store )
137 BIO_push( ssl_conn, *conn ); 141 BIO_push( ssl_conn, *conn );
138 *conn = ssl_conn; 142 *conn = ssl_conn;
139 fflush(stdout); 143 fflush(stdout);
144
140 if( BIO_do_handshake( *conn ) > 0 ) { 145 if( BIO_do_handshake( *conn ) > 0 ) {
141 /* Show information about cipher used */ 146 /* Show information about cipher used */
142 const SSL *sslp = NULL; 147 const SSL *sslp = NULL;
@@ -144,20 +149,89 @@ int vc_connect_ssl( BIO **conn, vc_x509store_t *vc_store )
144 149
145 /* Get cipher object */ 150 /* Get cipher object */
146 BIO_get_ssl(ssl_conn, &sslp); 151 BIO_get_ssl(ssl_conn, &sslp);
152 if (sslp)
147 cipher = SSL_get_current_cipher(sslp); 153 cipher = SSL_get_current_cipher(sslp);
148 if (cipher) { 154 if (cipher) {
149 char cipher_desc[TMPSTRSIZE]; 155 char cipher_desc[TMPSTRSIZE];
150 snprintf(tmpstr, TMPSTRSIZE, "[SSL CIPHER] %s", SSL_CIPHER_description(cipher, cipher_desc, TMPSTRSIZE)); 156 snprintf(tmpstr, TMPSTRSIZE, "[SSL CIPHER ] %s", SSL_CIPHER_description(cipher, cipher_desc, TMPSTRSIZE));
151 writecf(FS_SERV, tmpstr); 157 writecf(FS_SERV, tmpstr);
152 } else { 158 } else {
153 snprintf(tmpstr, TMPSTRSIZE, "[SSL ERROR] Cipher not known / SSL object can't be queried!"); 159 snprintf(tmpstr, TMPSTRSIZE, "[SSL ERROR ] Cipher not known / SSL object can't be queried!");
154 writecf(FS_ERR, tmpstr); 160 writecf(FS_ERR, tmpstr);
155 } 161 }
156 return 0; 162
163 /* Accept being connected, _if_ verification passed */
164 if (sslp) {
165 long result = SSL_get_verify_result(sslp);
166
167 /* show & verify fingerprint */
168 if (result == X509_V_OK) {
169 X509 *peercert = SSL_get_peer_certificate(sslp);
170
171 /* FIXME: this IS bad code */
172 char new_fingerprint[TMPSTRSIZE] = "";
173 char old_fingerprint[TMPSTRSIZE] = "";
174 FILE *fingerprint_file = NULL;
175
176 unsigned int fingerprint_len;
177 unsigned char fingerprint_bin[EVP_MAX_MD_SIZE];
178
179 /* show basic information about peer cert */
180 snprintf(tmpstr, TMPSTRSIZE, "[SSL SUBJECT ] %s", X509_NAME_oneline(X509_get_subject_name(peercert),0,0));
181 writecf(FS_SERV, tmpstr);
182 snprintf(tmpstr, TMPSTRSIZE, "[SSL ISSUER ] %s", X509_NAME_oneline(X509_get_issuer_name(peercert),0,0));
183 writecf(FS_SERV, tmpstr);
184
185 /* calculate fingerprint */
186 if (X509_digest(peercert,EVP_sha1(),fingerprint_bin,&fingerprint_len)) {
187 char shorttmpstr[3] = "XX";
188 int j;
189 for (j=0; j<(int)fingerprint_len; j++) {
190 if (j)
191 strncat(new_fingerprint, ":", TMPSTRSIZE);
192 snprintf(shorttmpstr, 3, "%02X", fingerprint_bin[j]);
193 strncat(new_fingerprint, shorttmpstr, TMPSTRSIZE);
194 }
195 snprintf(tmpstr, TMPSTRSIZE, "[SSL FINGERPRINT ] from server: %s", new_fingerprint);
196 writecf(FS_SERV, tmpstr);
197 }
198
199 // we don't need the peercert anymore
200 X509_free(peercert);
201
202 fingerprint_file = fopen(tilde_expand(getstroption(CF_FINGERPRINT)), "r");
203 if (fingerprint_file) {
204 fgets(old_fingerprint, TMPSTRSIZE, fingerprint_file);
205 fclose(fingerprint_file);
206
207 /* verify fingerprint matches stored version */
208 if (!strncmp(new_fingerprint, old_fingerprint, TMPSTRSIZE))
209 return 0;
210 else {
211 snprintf(tmpstr, TMPSTRSIZE, "[SSL FINGERPRINT ] from %s: %s", getstroption(CF_FINGERPRINT), old_fingerprint);
212 writecf(FS_ERR, tmpstr);
213 writecf(FS_ERR, "[SSL CONNECT ERROR] Fingerprint mismatch! Server cert updated?");
214 return 1;
215 }
216 } else {
217 /* FIXME: there might be other errors than missing file */
218 fingerprint_file = fopen(tilde_expand(getstroption(CF_FINGERPRINT)), "w");
219 if (!fingerprint_file) {
220 snprintf (tmpstr, TMPSTRSIZE, "Can't write fingerprint file, %s.", strerror(errno));
221 writecf(FS_ERR, tmpstr);
222 } else {
223 fputs(new_fingerprint, fingerprint_file);
224 fclose(fingerprint_file);
225 writecf(FS_SERV, "Stored fingerprint.");
226 return 0;
227 }
228 }
229 }
230 }
157 } 231 }
158 } 232 }
159 233
160 snprintf(tmpstr, TMPSTRSIZE, "[SSL ERROR] %s", ERR_error_string (ERR_get_error (), NULL)); 234 snprintf(tmpstr, TMPSTRSIZE, "[SSL CONNECT ERROR] %s", ERR_error_string (ERR_get_error (), NULL));
161 writecf(FS_ERR, tmpstr); 235 writecf(FS_ERR, tmpstr);
162 236
163 return 1; 237 return 1;
@@ -227,17 +301,11 @@ X509_STORE *vc_x509store_create(vc_x509store_t *vc_store)
227int vc_verify_callback(int ok, X509_STORE_CTX *store) 301int vc_verify_callback(int ok, X509_STORE_CTX *store)
228{ 302{
229 if(!ok) { 303 if(!ok) {
230 /* XXX handle action/abort */ 304 snprintf(tmpstr, TMPSTRSIZE, "[SSL VERIFY ERROR ] %s",
231 if(!(ok=getintoption(CF_IGNSSL)))
232 snprintf(tmpstr, TMPSTRSIZE, "[SSL ERROR] %s",
233 X509_verify_cert_error_string(store->error));
234 else
235 snprintf(tmpstr, TMPSTRSIZE, "[SSL ERROR] %s (ignored)",
236 X509_verify_cert_error_string(store->error)); 305 X509_verify_cert_error_string(store->error));
237
238 writecf(FS_ERR, tmpstr); 306 writecf(FS_ERR, tmpstr);
239 } 307 }
240 return(ok); 308 return ok;
241} 309}
242 310
243void vc_x509store_setflags(vc_x509store_t *store, int flags) 311void vc_x509store_setflags(vc_x509store_t *store, int flags)
@@ -323,6 +391,14 @@ void vc_cleanup_x509store(vc_x509store_t *s)
323 free(s->use_keyfile); 391 free(s->use_keyfile);
324 free(s->use_key); 392 free(s->use_key);
325 sk_X509_free(s->certs); 393 sk_X509_free(s->certs);
326 sk_X509_free(s->crls); 394 sk_X509_CRL_free(s->crls);
327 sk_X509_free(s->use_certs); 395 sk_X509_free(s->use_certs);
328} 396}
397
398const char *vchat_ssl_version_external = "OpenSSL implementation; version unknown";
399void vchat_ssl_get_version_external()
400{
401 char tmpstr[TMPSTRSIZE];
402 snprintf(tmpstr, TMPSTRSIZE, "%s with %s", SSLeay_version(SSLEAY_VERSION), SSLeay_version(SSLEAY_CFLAGS));
403 vchat_ssl_version_external = strdup(tmpstr);
404}
diff --git a/vchat-ssl.h b/vchat-ssl.h
index baaa3c4..12d5fdb 100755
--- a/vchat-ssl.h
+++ b/vchat-ssl.h
@@ -36,6 +36,7 @@ void vc_x509store_setflags(vc_x509store_t *, int);
36void vc_x509store_clearflags(vc_x509store_t *, int); 36void vc_x509store_clearflags(vc_x509store_t *, int);
37int vc_verify_callback(int, X509_STORE_CTX *); 37int vc_verify_callback(int, X509_STORE_CTX *);
38X509_STORE * vc_x509store_create(vc_x509store_t *); 38X509_STORE * vc_x509store_create(vc_x509store_t *);
39char *vc_ssl_version(char *, int);
39 40
40#define VC_X509S_NODEF_CAFILE 0x01 41#define VC_X509S_NODEF_CAFILE 0x01
41#define VC_X509S_NODEF_CAPATH 0x02 42#define VC_X509S_NODEF_CAPATH 0x02
diff --git a/vchat-ui.c b/vchat-ui.c
index f3e5af5..ba162a5 100755
--- a/vchat-ui.c
+++ b/vchat-ui.c
@@ -36,11 +36,11 @@
36#include "vchat-user.h" 36#include "vchat-user.h"
37 37
38/* version of this module */ 38/* version of this module */
39char *vchat_ui_version = "$Id$"; 39const char *vchat_ui_version = "vchat-ui.c $Id$";
40 40
41/* externally used variables */ 41/* externally used variables */
42/* current string in topic window */ 42/* current string in topic window */
43char topicstr[TOPICSTRSIZE] = "[] VChat 0.17"; 43char topicstr[TOPICSTRSIZE] = "[] VChat 0.19";
44/* current string in console window */ 44/* current string in console window */
45char consolestr[CONSOLESTRSIZE] = "[ Get help: .h for server /h for client commands"; 45char consolestr[CONSOLESTRSIZE] = "[ Get help: .h for server /h for client commands";
46 46
@@ -117,7 +117,7 @@ static void forceredraw_wrapper (int a) {forceredraw();}
117static void drawwin (WINDOW *win, struct sb_data *sb); 117static void drawwin (WINDOW *win, struct sb_data *sb);
118static int writescr (WINDOW *win, struct sb_entry *entry); 118static int writescr (WINDOW *win, struct sb_entry *entry);
119static int testfilter ( struct sb_entry *entry); 119static int testfilter ( struct sb_entry *entry);
120static int gettextwidth (char *textbuffer); 120static int gettextwidth (const char *textbuffer);
121static void resize_output (void); 121static void resize_output (void);
122static int getsbeheight (struct sb_entry *entry, const int xwidth, int needstime ); 122static int getsbeheight (struct sb_entry *entry, const int xwidth, int needstime );
123static int getsbdataheight (struct sb_data *data, const int xwidth, int needstime ); 123static int getsbdataheight (struct sb_data *data, const int xwidth, int needstime );
@@ -308,7 +308,7 @@ sb_clear ( struct sb_data **sb ) {
308}*/ 308}*/
309 309
310static struct sb_entry* 310static struct sb_entry*
311sb_add (struct sb_data *sb, char *line, time_t when) { 311sb_add (struct sb_data *sb, const char *line, time_t when) {
312 struct sb_entry *newone = malloc (sizeof(struct sb_entry)); 312 struct sb_entry *newone = malloc (sizeof(struct sb_entry));
313 if( newone ) { 313 if( newone ) {
314 if( sb->count == sb->scroll ) sb->scroll++; 314 if( sb->count == sb->scroll ) sb->scroll++;
@@ -350,7 +350,7 @@ void showout (void)
350 resize(0); 350 resize(0);
351} 351}
352 352
353void writeout (char *str) 353void writeout (const char *str)
354{ 354{
355 int i; 355 int i;
356 sb_add(sb_out,str,time(NULL)); 356 sb_add(sb_out,str,time(NULL));
@@ -865,7 +865,7 @@ resize (int signal)
865} 865}
866 866
867static int 867static int
868gettextwidth (char *textbuffer) 868gettextwidth (const char *textbuffer)
869{ 869{
870 int width = 0; 870 int width = 0;
871 871
diff --git a/vchat-user.c b/vchat-user.c
index d7261d6..7280672 100755
--- a/vchat-user.c
+++ b/vchat-user.c
@@ -15,7 +15,7 @@
15#include "vchat-user.h" 15#include "vchat-user.h"
16 16
17/* version of this module */ 17/* version of this module */
18char *vchat_us_version = "$Id$"; 18char *vchat_us_version = "vchat-user.c $Id$";
19 19
20typedef struct 20typedef struct
21{ 21{
diff --git a/vchat.h b/vchat.h
index 1a24973..16ee181 100755
--- a/vchat.h
+++ b/vchat.h
@@ -30,8 +30,8 @@ typedef struct servermessage servermessage;
30/* configuration types and variable numbers */ 30/* configuration types and variable numbers */
31typedef enum { CO_NIL, CO_STR, CO_INT } conftype; 31typedef enum { CO_NIL, CO_STR, CO_INT } conftype;
32typedef enum { CF_NIL, CF_NICK, CF_FROM, CF_SERVERHOST, CF_SERVERPORT, 32typedef enum { CF_NIL, CF_NICK, CF_FROM, CF_SERVERHOST, CF_SERVERPORT,
33CF_CIPHERSUITE, CF_CONFIGFILE, CF_CERTFILE, CF_KEYFILE, CF_FORMFILE, CF_LOGINSCRIPT, 33CF_CIPHERSUITE, CF_CONFIGFILE, CF_CERTFILE, CF_KEYFILE, CF_FORMFILE, CF_LOGINSCRIPT, CF_FINGERPRINT,
34CF_USESSL, CF_IGNSSL, CF_USECERT, CF_PRIVHEIGHT, CF_PRIVCOLLAPS, CF_HSCROLL, CF_CHANNEL, CF_USETIME, 34CF_USESSL, CF_VERIFYSSL, CF_USECERT, CF_PRIVHEIGHT, CF_PRIVCOLLAPS, CF_HSCROLL, CF_CHANNEL, CF_USETIME,
35CF_USETOPIC, CF_SCROLLBPRIV, CF_SCROLLBACK, CF_SCROLLBPRIVT, CF_SCROLLBACKT, 35CF_USETOPIC, CF_SCROLLBPRIV, CF_SCROLLBACK, CF_SCROLLBPRIVT, CF_SCROLLBACKT,
36CF_ENCODING, CF_BELLPRIV, CF_CASEFIRST, CF_AUTORECONN, CF_KEEPALIVE } confopt; 36CF_ENCODING, CF_BELLPRIV, CF_CASEFIRST, CF_AUTORECONN, CF_KEEPALIVE } confopt;
37 37
@@ -80,7 +80,7 @@ extern unsigned int want_tcp_keepalive;
80/* vchat-client.c */ 80/* vchat-client.c */
81#define ERRSTRSIZE 1024 81#define ERRSTRSIZE 1024
82extern char errstr[]; 82extern char errstr[];
83extern char *vchat_cl_version; 83extern const char *vchat_cl_version;
84void loadcfg (char *file,int complain,void (*lineparser) (char *)); 84void loadcfg (char *file,int complain,void (*lineparser) (char *));
85void loadformats (char *file); 85void loadformats (char *file);
86void cleanup(int signal); 86void cleanup(int signal);
@@ -93,7 +93,7 @@ int getintoption (confopt option);
93void setintoption (confopt option, int value); 93void setintoption (confopt option, int value);
94 94
95/* vchat-ui.c */ 95/* vchat-ui.c */
96extern char *vchat_ui_version; 96extern const char *vchat_ui_version;
97 97
98/* topic and console strings */ 98/* topic and console strings */
99#define TOPICSTRSIZE 1024 99#define TOPICSTRSIZE 1024
@@ -112,7 +112,7 @@ void userinput (void);
112/* display various messages */ 112/* display various messages */
113int writechan (char *str); 113int writechan (char *str);
114int writepriv (char *str, int maybeep ); 114int writepriv (char *str, int maybeep );
115void writeout (char *str); 115void writeout (const char *str);
116void showout (void); 116void showout (void);
117void flushout (void); 117void flushout (void);
118#define msgout(STR) {flushout();writeout(STR);showout();} 118#define msgout(STR) {flushout();writeout(STR);showout();}
@@ -140,7 +140,7 @@ void clearfilters ( char colour );
140void handlequery ( char *line ); 140void handlequery ( char *line );
141 141
142/* vchat-protocol.c */ 142/* vchat-protocol.c */
143extern char *vchat_io_version; 143extern const char *vchat_io_version;
144 144
145/* connect/disconnect */ 145/* connect/disconnect */
146int vcconnect (char *server, char *port); 146int vcconnect (char *server, char *port);
@@ -156,7 +156,7 @@ void ownleave (int channel);
156void ownnickchange (char *newnick); 156void ownnickchange (char *newnick);
157 157
158/* vchat-commands.c */ 158/* vchat-commands.c */
159extern char *vchat_cm_version; 159extern const char *vchat_cm_version;
160void command_version ( char *tail); 160void command_version ( char *tail);
161 161
162/* user input */ 162/* user input */
@@ -171,3 +171,8 @@ typedef struct {
171 char *short_help; 171 char *short_help;
172 char *help; 172 char *help;
173} commandentry; 173} commandentry;
174
175/* vchat-ssl.c */
176extern const char *vchat_ssl_version;
177extern const char *vchat_ssl_version_external;
178void vchat_ssl_get_version_external();
diff --git a/vchatrc.ex b/vchatrc.ex
index cb399a3..c66d1f9 100755
--- a/vchatrc.ex
+++ b/vchatrc.ex
@@ -4,7 +4,7 @@
4#nick = noname 4#nick = noname
5 5
6# Auto-set from-tag during login 6# Auto-set from-tag during login
7#from = vc-alpha-0.15 7#from = vc-alpha-0.19
8 8
9# Server-host to connect to 9# Server-host to connect to
10#host = pulse.flatline.de 10#host = pulse.flatline.de
@@ -15,7 +15,10 @@
15# Type of ciphers at the SSL-handshake; 15# Type of ciphers at the SSL-handshake;
16# further information in the 16# further information in the
17# OpenSSL/mod_ssl/Apache-documentation 17# OpenSSL/mod_ssl/Apache-documentation
18#ciphers = HIGH:MEDIUM 18# default used before OpenSSL 1.0.0:
19#ciphers = DHE-RSA-AES256-SHA
20# default used after OpenSSL 1.0.0:
21#ciphers = ECDHE-RSA-AES256-GCM-SHA384
19 22
20# Location of the config-file 23# Location of the config-file
21#conffile = ~/.vchat/config 24#conffile = ~/.vchat/config
@@ -36,6 +39,9 @@
36# Use the certificate for connecting [0|1] 39# Use the certificate for connecting [0|1]
37#usecert = 1 40#usecert = 1
38 41
42# Verify depth for peer certificate
43#verifyssl = 2
44
39# Show the time of the message at start of line [0|1] 45# Show the time of the message at start of line [0|1]
40#usetime = 1 46#usetime = 1
41 47