#define DEFAULT_LISTEN_ADDRSTR "0.0.0.0"
#endif
+#ifdef HAVE_LIBSSL
+#define DEFAULT_CIPHERS "HIGH:!aNULL:@STRENGTH"
+#endif
+#ifdef HAVE_LIBGNUTLS
+#define DEFAULT_CIPHERS "SECURE128"
+#endif
#ifdef SSL_SUPPORT
array_free_wipe(&Conf_SSLOptions.KeyFilePassword);
array_free(&Conf_SSLOptions.ListenPorts);
+
+ free(Conf_SSLOptions.CipherList);
+ Conf_SSLOptions.CipherList = NULL;
}
/**
* This function waits for a keypress of the user when stdin/stdout are valid
* tty's ("you can read our nice message and we can read in your keypress").
*
- * @return 0 on succes, 1 on failure(s); therefore the result code can
+ * @return 0 on success, 1 on failure(s); therefore the result code can
* directly be used by exit() when running "ngircd --configtest".
*/
GLOBAL int
printf(" ConnectIPv4 = %s\n", yesno_to_str(Conf_ConnectIPv6));
printf(" ConnectIPv6 = %s\n", yesno_to_str(Conf_ConnectIPv4));
#endif
+ printf(" DefaultUserModes = %s\n", Conf_DefaultUserModes);
printf(" DNS = %s\n", yesno_to_str(Conf_DNS));
#ifdef IDENT
printf(" Ident = %s\n", yesno_to_str(Conf_Ident));
puts("[SSL]");
printf(" CertFile = %s\n", Conf_SSLOptions.CertFile
? Conf_SSLOptions.CertFile : "");
+ printf(" CipherList = %s\n", Conf_SSLOptions.CipherList ?
+ Conf_SSLOptions.CipherList : DEFAULT_CIPHERS);
printf(" DHFile = %s\n", Conf_SSLOptions.DHFile
? Conf_SSLOptions.DHFile : "");
printf(" KeyFile = %s\n", Conf_SSLOptions.KeyFile
/* "Short" connection, enforce "ConnectRetry"
* but randomize it a little bit: 15 seconds. */
Conf_Server[i].lasttry =
+#ifdef HAVE_ARC4RANDOM
+ t + (arc4random() % 15);
+#else
t + rand() / (RAND_MAX / 15);
+#endif
}
}
}
#else
Conf_ConnectIPv6 = false;
#endif
+ strcpy(Conf_DefaultUserModes, "");
Conf_DNS = true;
#ifdef IDENTAUTH
Conf_Ident = true;
CheckFileReadable("CertFile", Conf_SSLOptions.CertFile);
CheckFileReadable("DHFile", Conf_SSLOptions.DHFile);
CheckFileReadable("KeyFile", Conf_SSLOptions.KeyFile);
+
+ /* Set the default ciphers if none were configured */
+ if (!Conf_SSLOptions.CipherList)
+ Conf_SSLOptions.CipherList = strdup_warn(DEFAULT_CIPHERS);
#endif
return true;
Conf_ConnectIPv4 = Check_ArgIsTrue(Arg);
return;
}
+ if (strcasecmp(Var, "DefaultUserModes") == 0) {
+ p = Arg;
+ Conf_DefaultUserModes[0] = '\0';
+ while (*p) {
+ if (strchr(Conf_DefaultUserModes, *p)) {
+ /* Mode is already included; ignore it */
+ p++;
+ continue;
+ }
+
+ if (strchr(USERMODES, *p)) {
+ len = strlen(Conf_DefaultUserModes) + 1;
+ assert(len < sizeof(Conf_DefaultUserModes));
+ Conf_DefaultUserModes[len - 1] = *p;
+ Conf_DefaultUserModes[len] = '\0';
+ } else {
+ Config_Error(LOG_WARNING,
+ "%s, line %d: Unknown user mode \"%c\" in \"DefaultUserModes\"!",
+ File, Line, *p);
+ }
+ p++;
+ }
+ return;
+ }
if (strcasecmp(Var, "DNS") == 0) {
Conf_DNS = Check_ArgIsTrue(Arg);
return;
ports_parse(&Conf_SSLOptions.ListenPorts, Line, Arg);
return;
}
+ if (strcasecmp(Var, "CipherList") == 0) {
+ assert(Conf_SSLOptions.CipherList == NULL);
+ Conf_SSLOptions.CipherList = strdup_warn(Arg);
+ return;
+ }
Config_Error_Section(File, Line, Var, "SSL");
}
#endif
/**
- * Initialize server configuration structur to default values.
+ * Initialize server configuration structure to default values.
*
* @param Server Pointer to server structure to initialize.
*/