On 09/06/2013 05:00 AM, ngircd-ml-request@arthur.barton.de wrote:

The patch attached is now in proper order.

Question -- I'm very happy to see this patch but it doesn't appear to work against ngircd 20.3 -- am I doing something incorrectly? Apologies if I'm doing something stupid/obvious, I've reviewed the patch/code and it looks sound, including conf.c but based on the log message it looks like it's an issue with conf.c # gpg --verify ngircd-20.3.tar.gz.sig ngircd-20.3.tar.gz gpg: Signature made Fri 23 Aug 2013 03:25:37 PM CDT using RSA key ID EAA15A24 gpg: Good signature from "Alexander Barton <alex@barton.de>" gpg: aka "Alexander Barton <alex@barton-it.de>" gpg: aka "Alexander Barton <alex@arthur.ath.cx>" gpg: aka "[jpeg image of size 1488]" gpg: aka "[jpeg image of size 1718]" gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. Primary key fingerprint: F5B9 F52E D909 20D2 5203 76A2 C24A 0F63 7E36 4856 Subkey fingerprint: 47EC B2F6 D427 3737 30E9 0113 8A45 9AD2 EAA1 5A24 # patch -p0 < SSL_Ciphers.patch patching file ./doc/sample-ngircd.conf.tmpl Hunk #1 succeeded at 237 (offset -23 lines). patching file ./src/ngircd/conf.c Hunk #1 succeeded at 106 (offset -11 lines). Hunk #2 succeeded at 431 (offset -15 lines). Hunk #3 succeeded at 1842 with fuzz 2 (offset -32 lines). patching file ./src/ngircd/conf.h patching file ./src/ngircd/conn-ssl.c Hunk #1 succeeded at 275 with fuzz 1 (offset -28 lines). # ./configure --enable-ipv6 --with-openssl CFLAGS='-Wall -D_FORTIFY_SOURCE=2 -O2 -fPIE -pie -fstack-protector' checking build system type... i686-pc-linux-gnu .... ngIRCd 20.3 has been configured with the following options: Host: i686-pc-linux-gnu Compiler: gcc -std=gnu99 Compiler flags: -Wall -D_FORTIFY_SOURCE=2 -O2 -fPIE -pie -fstack-protector -pipe -W -Wall -Wpointer-arith -Wstrict-prototypes -fstack-protector -DSYSCONFDIR='"$(sysconfdir)"' Libraries: -lssl -lcrypto -lz 'ngircd' binary: /usr/local/sbin Configuration file: /usr/local/etc Manual pages: /usr/local/share/man Documentation: /usr/local/share/doc/ngircd Syslog support: yes Enable debug code: no zlib compression: yes IRC sniffer: no Use TCP Wrappers: no Strict RFC mode: no IDENT support: no IRC+ protocol: yes IPv6 protocol: yes I/O backend: "epoll(), select()" PAM support: no SSL support: openssl libiconv support: no # grep CipherList /etc/ngircd.conf -B 12 # SSL Server Key KeyFile = /etc/apache2/ssl/ssl.key # password to decrypt SSLKeyFile (OpenSSL only) ;KeyFilePassword = secret # SSL Server Key Certificate CertFile = /etc/apache2/ssl/ssl.crt # Diffie-Hellman parameters ;DHFile = /usr/local/etc/ngircd/ssl/dhparams.pem # SSL_CipherList.patch, Sep 06 2013 CipherList = ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM # grep/tail log Sep 6 15:39:24 localhost ngircd[4153]: /usr/local/etc/ngircd.conf, line 166 (section "SSL"): Unknown variable "CipherList"! Sep 6 15:39:24 localhost ngircd[4153]: ngIRCd 20.3-IPv6+IRCPLUS+SSL+SYSLOG+ZLIB-i686/pc/linux-gnu started. Sep 6 15:39:24 localhost ngircd[4153]: Using configuration file "/usr/local/etc/ngircd.conf" ... Sep 6 15:39:24 localhost ngircd[4153]: Configuration option "DHFile" not set! Sep 6 15:39:24 localhost ngircd[4153]: SSL using default CipherList Sep 6 15:39:24 localhost ngircd[4153]: OpenSSL 1.0.1 14 Mar 2012 initialized. # diff -u conf.c conf.c.orig --- conf.c 2013-09-06 15:36:00.000000000 -0500 +++ conf.c.orig 2013-08-23 14:43:02.000000000 -0500 @@ -106,9 +106,6 @@ array_free_wipe(&Conf_SSLOptions.KeyFilePassword); array_free(&Conf_SSLOptions.ListenPorts); - - free(Conf_SSLOptions.CipherList); - Conf_SSLOptions.CipherList = NULL; } /** @@ -431,8 +428,6 @@ array_free_wipe(&Conf_SSLOptions.KeyFilePassword); printf(" Ports = "); ports_puts(&Conf_SSLOptions.ListenPorts); - printf(" CipherList = %s\n", Conf_SSLOptions.CipherList - ? Conf_SSLOptions.CipherList : ""); puts(""); #endif @@ -1842,11 +1837,6 @@ Config_Error_TooLong(Line, Var); return; } - if (strcasecmp(Var, "CipherList") == 0) { - assert(Conf_SSLOptions.CipherList == NULL); - Conf_SSLOptions.CipherList = strdup_warn(Arg); - return; - } Config_Error_Section(Line, Var, "Server"); } Thanks, Nathan Fowler