ircConnect() yields a connected TCP socket after which "inet dns" is
no longer needed.
Possibly having loaded private key material, it seems a tad more
comforting to speak TLS *after* dropping any network capabilities
(except for socket read/write to the IRC host, of course).
Instead of moving the final pledge into irc.c:ircConnect() and thus
complicating the code around pledge across two C modules, simply
stub out an mnemonic ircHandshake() and call that explicitly.
This restores behaviour gained with
981ebc4 "Remove explicit tls_handshake(3) from ircConnect" which
was reverted for other reasons.
No need to keep them at runtime; do so unconditionally for the sake of
simplicity.
Declare TLS config globally so ircConnect() can clear it and declare
both client and config statically as they are not used outside the irc.c
module.
This reverts commit 981ebc4f12.
This broke `-o' to print the server certificate; without explicit
handshake there will be no tls_read(3) in this short code path.
The first call to ircFormat, which calls tls_write(3) in turn, will
perform the handshake anyway. This way the handshake happens after
the final pledge(2) call.
d3e90b6 'Use libtls "compat" ciphers' from 2018 fell back to "compat"
ciphers to support irc.mozilla.org which now yields NXDOMAIN.
All modern networks (should) support secure ciphers, so drop the
hopefully unneeded list of less secure ciphers by avoiding
tls_config_set_ciphers(3) and therefore sticking to the "secure" aka.
"default" set of ciphers in libtls.
A quick check shows that almost all of the big/known IRC networks
support TLS1.3 already; those who do not at least comply with
SSL_CTX_set_cipher_list(3)'s "HIGH" set as can be tested like this:
echo \
irc.hackint.org \
irc.tilde.chat \
irc.libera.chat \
irc.efnet.nl \
irc.oftc.net |
xargs -tn1 \
openssl s_client -quiet -cipher HIGH -no_ign_eof -port 6697 -host
tls_connect_socket(3) in ircConnect() does that by default already
unless tls_config_set_ca_file(3) was used.
Loading CA certificates before connecting makes no practical difference
except on OpenBSD where this allows for tighter unveil und pledge setups
now that all required (TLS related) file I/O is finished by the time
ircConnect() gets to do network I/O.
In case of the hidden `-!' insecure flag which is implied by `-o' to
print server certificates and exit, loading root certificates is not
required at all; likewise, using explicit self signed server
certificates will not involve certificate authorities either, hence load
them only if needed.
Apparently IRCds have decided that the 15-parameter limit doesn't matter
anymore. 254 is the maximum number of single-byte parameters (following
a single-byte command) which fit in a 512-byte CR-LF-terminated line.
When everyone decides that the 512-byte line length limit doesn't matter
either, I will delete my software and people can use some JavaScript
garbage instead.
This makes struct Message 2080 bytes, but there's only ever one or two
of them around at once. Avoid passing it by value to handle.
Previously, the remote host to which catgirl(1) is connecting was used
in error reporting instead of the local bind address if the latter could
not be resolved.
This commit adds a '-S' command line option and a "bind"
configuration file option to specify the source address to bind to when
connecting to the IRC server.