On 09/07/2013 05:00 AM, ngircd-ml-request@arthur.barton.de wrote:
Hi,
I attached a fix for the last patch.
- important: verifying CipherLists are applied successfully
- if SSL initialization failes, daemon should exit and not run without SSL
Q: Is it welcome to provide patches on the ML?
I certainly appreciate you taking the time to write the patch, correct it, and share it again. This is a feature that I am very happy to see implemented and I thank you for taking the time to do this and share with the community.
It seems I still have the same issue with the latest patch on ngircd-20.3 --
# patch -p0 < ../ngircd_ssl_cipherlist.patch patching file ./doc/sample-ngircd.conf.tmpl Hunk #1 succeeded at 237 (offset -23 lines). patching file ./src/ngircd/conf.c Hunk #1 succeeded at 106 (offset -11 lines). Hunk #2 succeeded at 431 (offset -15 lines). Hunk #3 succeeded at 1842 with fuzz 2 (offset -32 lines). patching file ./src/ngircd/conf.h patching file ./src/ngircd/conn-ssl.c Hunk #1 succeeded at 275 with fuzz 1 (offset -28 lines). patching file ./src/ngircd/ngircd.c Hunk #1 succeeded at 671 (offset -2 lines).
# Log Sep 7 11:15:47 localhost ngircd[27467]: /usr/local/etc/ngircd.conf, line 166 (section "SSL"): Unknown variable "CipherList"! Sep 7 11:15:47 localhost ngircd[27467]: ngIRCd 20.3-IPv6+IRCPLUS+SSL+SYSLOG+ZLIB-i686/pc/linux-gnu started. Sep 7 11:15:47 localhost ngircd[27467]: Using configuration file "/usr/local/etc/ngircd.conf" ... Sep 7 11:15:47 localhost ngircd[27467]: Configuration option "DHFile" not set! Sep 7 11:15:47 localhost ngircd[27467]: SSL using default CipherList Sep 7 11:15:47 localhost ngircd[27467]: OpenSSL 1.0.1 14 Mar 2012 initialized.
# grep -B 10 "CipherList" /usr/local/etc/ngircd.conf
# password to decrypt SSLKeyFile (OpenSSL only) ;KeyFilePassword = secret
# SSL Server Key Certificate CertFile = /etc/apache2/ssl/ssl.crt
# Diffie-Hellman parameters ;DHFile = /usr/local/etc/ngircd/ssl/dhparams.pem
# SSL_CipherList.patch, Sep 06 2013 CipherList = ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM
Thanks, Nathan Fowler