From 8fb0d2311fc249b6b4f6beae7ccd135f913f0e47 Mon Sep 17 00:00:00 2001 From: Sadie Powell Date: Sat, 24 Sep 2022 15:33:20 +0100 Subject: Default /SERVER and friends to use SSL when built with OpenSSL. Since commit 747a52aae8806a9072a23ea68212767f352ac431 users have to opt-out of using SSL when creating a new server. This commit makes it so /SERVER also uses SSL by default. In order to connect insecurely users must now use one of these methods: /SERVER -insecure irc.example.com /SERVER irc.example.com -6667 The `-ssl` flag and the `+port` syntax have been retained for compat reasons. --- src/common/outbound.c | 29 ++++++++++++++++++++++++----- 1 file changed, 24 insertions(+), 5 deletions(-) diff --git a/src/common/outbound.c b/src/common/outbound.c index 6f0241be..5c4e01b0 100644 --- a/src/common/outbound.c +++ b/src/common/outbound.c @@ -3249,7 +3249,7 @@ cmd_reconnect (struct session *sess, char *tbuf, char *word[], char *word_eol[]) int offset = 0; #ifdef USE_OPENSSL - int use_ssl = FALSE; + int use_ssl = TRUE; int use_ssl_noverify = FALSE; if (g_strcmp0 (word[2], "-ssl") == 0) { @@ -3261,6 +3261,11 @@ cmd_reconnect (struct session *sess, char *tbuf, char *word[], char *word_eol[]) use_ssl = TRUE; use_ssl_noverify = TRUE; offset++; /* args move up by 1 word */ + } else if (g_strcmp0 (word[2], "-insecure") == 0) + { + use_ssl = FALSE; + use_ssl_noverify = FALSE; + offset++; /* args move up by 1 word */ } serv->use_ssl = use_ssl; serv->accept_invalid_cert = use_ssl_noverify; @@ -3450,8 +3455,10 @@ cmd_server (struct session *sess, char *tbuf, char *word[], char *word_eol[]) char *pass = NULL; char *channel = NULL; char *key = NULL; - int use_ssl = FALSE; +#ifdef USE_OPENSSL + int use_ssl = TRUE; int use_ssl_noverify = FALSE; +#endif int is_url = TRUE; server *serv = sess->server; ircnet *net = NULL; @@ -3469,6 +3476,11 @@ cmd_server (struct session *sess, char *tbuf, char *word[], char *word_eol[]) use_ssl_noverify = TRUE; offset++; /* args move up by 1 word */ } + else if (g_strcmp0 (word[2], "-insecure") == 0) + { + use_ssl = FALSE; + offset++; /* args move up by 1 word */ + } #endif if (!parse_irc_url (word[2 + offset], &server_name, &port, &channel, &key, &use_ssl)) @@ -3509,6 +3521,13 @@ cmd_server (struct session *sess, char *tbuf, char *word[], char *word_eol[]) use_ssl = TRUE; #endif } + else if (port[0] == '-') + { + port++; +#ifdef USE_OPENSSL + use_ssl = FALSE; +#endif + } if (*pass) { @@ -3564,7 +3583,7 @@ cmd_servchan (struct session *sess, char *tbuf, char *word[], int offset = 0; #ifdef USE_OPENSSL - if (g_strcmp0 (word[2], "-ssl") == 0 || g_strcmp0 (word[2], "-ssl-noverify") == 0) + if (g_strcmp0 (word[2], "-ssl") == 0 || g_strcmp0 (word[2], "-ssl-noverify") == 0 || g_strcmp0 (word[2], "-insecure") == 0) offset++; #endif @@ -4098,14 +4117,14 @@ const struct commands xc_cmds[] = { {"SEND", cmd_send, 0, 0, 1, N_("SEND []")}, #ifdef USE_OPENSSL {"SERVCHAN", cmd_servchan, 0, 0, 1, - N_("SERVCHAN [-ssl|-ssl-noverify] , connects and joins a channel")}, + N_("SERVCHAN [-insecure|-ssl|-ssl-noverify] , connects and joins a channel")}, #else {"SERVCHAN", cmd_servchan, 0, 0, 1, N_("SERVCHAN , connects and joins a channel")}, #endif #ifdef USE_OPENSSL {"SERVER", cmd_server, 0, 0, 1, - N_("SERVER [-ssl|-ssl-noverify] [] [], connects to a server, the default port is 6667 for normal connections, and 6697 for ssl connections")}, + N_("SERVER [-insecure|-ssl|-ssl-noverify] [] [], connects to a server, the default port is 6667 for insecure connections, and 6697 for ssl connections")}, #else {"SERVER", cmd_server, 0, 0, 1, N_("SERVER [] [], connects to a server, the default port is 6667")}, -- cgit 1.4.1