DuckCorp Projects: Issueshttps://projects.duckcorp.org/https://projects.duckcorp.org/favicon.ico?16699090422024-02-04T14:36:07ZDuckCorp Projects
Redmine Bip - Enhancement #807 (New): Add IRCv3 capabilitieshttps://projects.duckcorp.org/issues/8072024-02-04T14:36:07ZLoïc Gomez
<p><a class="external" href="https://ircv3.net/specs/extensions/capability-negotiation.html">https://ircv3.net/specs/extensions/capability-negotiation.html</a></p> Bip - Enhancement #800 (In Progress): Update copyright datahttps://projects.duckcorp.org/issues/8002024-02-04T07:30:49ZLoïc Gomez
<p>We need to update copyright details</p> Bip - Bug #792 (New): Handle CAP request/reply on client connectionshttps://projects.duckcorp.org/issues/7922024-02-02T16:43:52ZLoïc Gomez
<p>Some clients will expect BIP to send a CAP reply on client connect.<br />For example, Goguma on Android will send something like this:<br /><pre>
02-02-2024 17:45:21 DEBUG: "CAP LS 302"
02-02-2024 17:45:21 DEBUG: "NICK kyoshiro"
02-02-2024 17:45:21 DEBUG: "USER kyoshiro 0 * kyoshiro"
02-02-2024 17:45:21 DEBUG: "CAP REQ sasl"
02-02-2024 17:45:21 DEBUG: "AUTHENTICATE PLAIN"
02-02-2024 17:45:21 DEBUG: "AUTHENTICATE REDACTED_B64"
02-02-2024 17:45:21 DEBUG: "CAP END"
</pre></p> Bip - Anonymous #780 (In Progress): Openssl 3.0https://projects.duckcorp.org/issues/7802022-09-16T10:33:33ZAnonymous
<p>Trying to build with OpenSSL 3, it fails with:<br /><pre><code class="c syntaxhl" data-language="c"><span class="n">gcc</span> <span class="o">-</span><span class="n">DHAVE_CONFIG_H</span> <span class="o">-</span><span class="n">I</span><span class="p">.</span> <span class="o">-</span><span class="n">Wall</span> <span class="o">-</span><span class="n">Wextra</span> <span class="o">-</span><span class="n">Werror</span> <span class="o">-</span><span class="n">O2</span> <span class="o">-</span><span class="n">D_FORTIFY_SOURCE</span><span class="o">=</span><span class="mi">2</span> <span class="o">-</span><span class="n">fstack</span><span class="o">-</span><span class="n">protector</span><span class="o">-</span><span class="n">strong</span> <span class="o">-</span><span class="n">fstack</span><span class="o">-</span><span class="n">clash</span><span class="o">-</span><span class="n">protection</span> <span class="o">-</span><span class="n">Wl</span><span class="p">,</span><span class="o">-</span><span class="n">z</span><span class="p">,</span><span class="n">relro</span> <span class="o">-</span><span class="n">Wl</span><span class="p">,</span><span class="o">-</span><span class="n">z</span><span class="p">,</span><span class="n">now</span> <span class="o">-</span><span class="n">Wl</span><span class="p">,</span><span class="o">-</span><span class="n">z</span><span class="p">,</span><span class="n">noexecstack</span> <span class="o">-</span><span class="n">Wl</span><span class="p">,</span><span class="o">-</span><span class="n">z</span><span class="p">,</span><span class="n">separate</span><span class="o">-</span><span class="n">code</span> <span class="o">-</span><span class="n">Wpedantic</span> <span class="o">-</span><span class="n">Wformat</span><span class="o">=</span><span class="mi">2</span> <span class="o">-</span><span class="n">Wformat</span><span class="o">-</span><span class="n">overflow</span><span class="o">=</span><span class="mi">2</span> <span class="o">-</span><span class="n">Wformat</span><span class="o">-</span><span class="n">truncation</span><span class="o">=</span><span class="mi">2</span> <span class="o">-</span><span class="n">Wformat</span><span class="o">-</span><span class="n">security</span> <span class="o">-</span><span class="n">Wnull</span><span class="o">-</span><span class="n">dereference</span> <span class="o">-</span><span class="n">Wstack</span><span class="o">-</span><span class="n">protector</span> <span class="o">-</span><span class="n">Wtrampolines</span> <span class="o">-</span><span class="n">Walloca</span> <span class="o">-</span><span class="n">Wvla</span> <span class="o">-</span><span class="n">Warray</span><span class="o">-</span><span class="n">bounds</span><span class="o">=</span><span class="mi">2</span> <span class="o">-</span><span class="n">Wimplicit</span><span class="o">-</span><span class="n">fallthrough</span><span class="o">=</span><span class="mi">3</span> <span class="o">-</span><span class="n">Wtraditional</span><span class="o">-</span><span class="n">conversion</span> <span class="o">-</span><span class="n">Wshift</span><span class="o">-</span><span class="n">overflow</span><span class="o">=</span><span class="mi">2</span> <span class="o">-</span><span class="n">Wcast</span><span class="o">-</span><span class="n">qual</span> <span class="o">-</span><span class="n">Wstringop</span><span class="o">-</span><span class="n">overflow</span><span class="o">=</span><span class="mi">4</span> <span class="o">-</span><span class="n">Wconversion</span> <span class="o">-</span><span class="n">Warith</span><span class="o">-</span><span class="n">conversion</span> <span class="o">-</span><span class="n">Wlogical</span><span class="o">-</span><span class="n">op</span> <span class="o">-</span><span class="n">Wduplicated</span><span class="o">-</span><span class="n">cond</span> <span class="o">-</span><span class="n">Wduplicated</span><span class="o">-</span><span class="n">branches</span> <span class="o">-</span><span class="n">Wformat</span><span class="o">-</span><span class="n">signedness</span> <span class="o">-</span><span class="n">Wshadow</span> <span class="o">-</span><span class="n">Wstrict</span><span class="o">-</span><span class="n">overflow</span><span class="o">=</span><span class="mi">4</span> <span class="o">-</span><span class="n">Wundef</span> <span class="o">-</span><span class="n">Wstrict</span><span class="o">-</span><span class="n">prototypes</span> <span class="o">-</span><span class="n">Wswitch</span><span class="o">-</span><span class="k">default</span> <span class="o">-</span><span class="n">Wswitch</span><span class="o">-</span><span class="k">enum</span> <span class="o">-</span><span class="n">Wstack</span><span class="o">-</span><span class="n">usage</span><span class="o">=</span><span class="mi">1000000</span> <span class="o">-</span><span class="n">Wcast</span><span class="o">-</span><span class="n">align</span><span class="o">=</span><span class="n">strict</span> <span class="o">-</span><span class="n">O2</span> <span class="o">-</span><span class="n">g</span> <span class="o">-</span><span class="n">pipe</span> <span class="o">-</span><span class="n">Wformat</span> <span class="o">-</span><span class="n">Werror</span><span class="o">=</span><span class="n">format</span><span class="o">-</span><span class="n">security</span> <span class="o">-</span><span class="n">Wp</span><span class="p">,</span><span class="o">-</span><span class="n">D_FORTIFY_SOURCE</span><span class="o">=</span><span class="mi">2</span> <span class="o">-</span><span class="n">fstack</span><span class="o">-</span><span class="n">protector</span> <span class="o">--</span><span class="n">param</span><span class="o">=</span><span class="n">ssp</span><span class="o">-</span><span class="n">buffer</span><span class="o">-</span><span class="n">size</span><span class="o">=</span><span class="mi">4</span> <span class="o">-</span><span class="n">fasynchronous</span><span class="o">-</span><span class="n">unwind</span><span class="o">-</span><span class="n">tables</span> <span class="o">-</span><span class="n">DPIC</span> <span class="o">-</span><span class="n">fPIC</span> <span class="o">-</span><span class="n">c</span> <span class="o">-</span><span class="n">o</span> <span class="n">libbip_a</span><span class="o">-</span><span class="n">connection</span><span class="p">.</span><span class="n">o</span> <span class="err">`</span><span class="n">test</span> <span class="o">-</span><span class="n">f</span> <span class="err">'</span><span class="n">connection</span><span class="p">.</span><span class="n">c</span><span class="err">'</span> <span class="o">||</span> <span class="n">echo</span> <span class="err">'</span><span class="p">.</span><span class="o">/</span><span class="err">'`</span><span class="n">connection</span><span class="p">.</span><span class="n">c</span>
<span class="n">connection</span><span class="p">.</span><span class="n">c</span><span class="o">:</span> <span class="n">In</span> <span class="n">function</span> <span class="err">'</span><span class="n">ctx_set_dh</span><span class="err">'</span><span class="o">:</span>
<span class="n">connection</span><span class="p">.</span><span class="n">c</span><span class="o">:</span><span class="mi">1184</span><span class="o">:</span><span class="mi">9</span><span class="o">:</span> <span class="n">error</span><span class="o">:</span> <span class="err">'</span><span class="n">PEM_read_DHparams</span><span class="err">'</span> <span class="n">is</span> <span class="n">deprecated</span><span class="o">:</span> <span class="n">Since</span> <span class="n">OpenSSL</span> <span class="mi">3</span><span class="p">.</span><span class="mi">0</span> <span class="p">[</span><span class="o">-</span><span class="n">Werror</span><span class="o">=</span><span class="n">deprecated</span><span class="o">-</span><span class="n">declarations</span><span class="p">]</span>
<span class="mi">1184</span> <span class="o">|</span> <span class="n">dh</span> <span class="o">=</span> <span class="n">PEM_read_DHparams</span><span class="p">(</span><span class="n">f</span><span class="p">,</span> <span class="nb">NULL</span><span class="p">,</span> <span class="nb">NULL</span><span class="p">,</span> <span class="nb">NULL</span><span class="p">);</span>
<span class="o">|</span> <span class="o">^~</span>
<span class="n">In</span> <span class="n">file</span> <span class="n">included</span> <span class="n">from</span> <span class="n">connection</span><span class="p">.</span><span class="n">h</span><span class="o">:</span><span class="mi">37</span><span class="p">,</span>
<span class="n">from</span> <span class="n">connection</span><span class="p">.</span><span class="n">c</span><span class="o">:</span><span class="mi">18</span><span class="o">:</span>
<span class="o">/</span><span class="n">usr</span><span class="o">/</span><span class="n">include</span><span class="o">/</span><span class="n">openssl</span><span class="o">/</span><span class="n">pem</span><span class="p">.</span><span class="n">h</span><span class="o">:</span><span class="mi">469</span><span class="o">:</span><span class="mi">1</span><span class="o">:</span> <span class="n">note</span><span class="o">:</span> <span class="n">declared</span> <span class="n">here</span>
<span class="mi">469</span> <span class="o">|</span> <span class="n">DECLARE_PEM_rw_attr</span><span class="p">(</span><span class="n">OSSL_DEPRECATEDIN_3_0</span><span class="p">,</span> <span class="n">DHparams</span><span class="p">,</span> <span class="n">DH</span><span class="p">)</span>
<span class="o">|</span> <span class="o">^~~~~~~~~~~~~~~~~~~</span>
<span class="n">connection</span><span class="p">.</span><span class="n">c</span><span class="o">:</span><span class="mi">1199</span><span class="o">:</span><span class="mi">9</span><span class="o">:</span> <span class="n">error</span><span class="o">:</span> <span class="err">'</span><span class="n">DH_free</span><span class="err">'</span> <span class="n">is</span> <span class="n">deprecated</span><span class="o">:</span> <span class="n">Since</span> <span class="n">OpenSSL</span> <span class="mi">3</span><span class="p">.</span><span class="mi">0</span> <span class="p">[</span><span class="o">-</span><span class="n">Werror</span><span class="o">=</span><span class="n">deprecated</span><span class="o">-</span><span class="n">declarations</span><span class="p">]</span>
<span class="mi">1199</span> <span class="o">|</span> <span class="n">DH_free</span><span class="p">(</span><span class="n">dh</span><span class="p">);</span>
<span class="o">|</span> <span class="o">^~~~~~~</span>
<span class="n">In</span> <span class="n">file</span> <span class="n">included</span> <span class="n">from</span> <span class="o">/</span><span class="n">usr</span><span class="o">/</span><span class="n">include</span><span class="o">/</span><span class="n">openssl</span><span class="o">/</span><span class="n">dsa</span><span class="p">.</span><span class="n">h</span><span class="o">:</span><span class="mi">51</span><span class="p">,</span>
<span class="n">from</span> <span class="o">/</span><span class="n">usr</span><span class="o">/</span><span class="n">include</span><span class="o">/</span><span class="n">openssl</span><span class="o">/</span><span class="n">x509</span><span class="p">.</span><span class="n">h</span><span class="o">:</span><span class="mi">37</span><span class="p">,</span>
<span class="n">from</span> <span class="n">connection</span><span class="p">.</span><span class="n">h</span><span class="o">:</span><span class="mi">35</span><span class="o">:</span>
<span class="o">/</span><span class="n">usr</span><span class="o">/</span><span class="n">include</span><span class="o">/</span><span class="n">openssl</span><span class="o">/</span><span class="n">dh</span><span class="p">.</span><span class="n">h</span><span class="o">:</span><span class="mi">200</span><span class="o">:</span><span class="mi">28</span><span class="o">:</span> <span class="n">note</span><span class="o">:</span> <span class="n">declared</span> <span class="n">here</span>
<span class="mi">200</span> <span class="o">|</span> <span class="n">OSSL_DEPRECATEDIN_3_0</span> <span class="kt">void</span> <span class="nf">DH_free</span><span class="p">(</span><span class="n">DH</span> <span class="o">*</span><span class="n">dh</span><span class="p">);</span>
<span class="o">|</span> <span class="o">^~~~~~~</span>
</code></pre><br />With GCC12</p> Bip - Anonymous #777 (In Progress): Build fails on FreeBSD Clang https://projects.duckcorp.org/issues/7772022-08-25T13:15:31ZAnonymous
<pre>
./configure && make
checking for a BSD-compatible install... /usr/bin/install -c
checking whether build environment is sane... yes
checking for a race-free mkdir -p... ./install-sh -c -d
checking for gawk... no
checking for mawk... no
checking for nawk... nawk
checking whether make sets $(MAKE)... yes
checking whether make supports nested variables... yes
checking whether to enable maintainer-specific portions of Makefiles... no
checking for gcc... no
checking for cc... cc
checking whether the C compiler works... yes
checking for C compiler default output file name... a.out
checking for suffix of executables...
checking whether we are cross compiling... no
checking for suffix of object files... o
checking whether the compiler supports GNU C... yes
checking whether cc accepts -g... yes
checking for cc option to enable C11 features... unsupported
checking for cc option to enable C99 features... unsupported
checking for cc option to enable C89 features... unsupported
checking whether cc understands -c and -o together... yes
checking whether make supports the include directive... yes (GNU style)
checking dependency style of cc... gcc3
checking for ar... ar
checking the archiver (ar) interface... ar
checking for ranlib... ranlib
checking for flex... flex
checking for lex output file root... lex.yy
checking for lex library... none needed
checking for library containing yywrap... -lfl
checking whether yytext is a pointer... yes
checking for bison... bison -y
checking for pkg-config... /usr/local/bin/pkg-config
checking pkg-config is at least version 0.9.0... yes
checking for libssl >= 0.9.8 libcrypto >= 0.9.8... no
checking whether cc accepts PIE flags... yes
checking for check >= 0.9.6... yes
checking for backtrace_symbols_fd... no
checking that generated files are newer than configure... done
configure: creating ./config.status
config.status: creating Makefile
config.status: creating src/Makefile
config.status: creating tests/Makefile
config.status: creating src/config.h
config.status: src/config.h is unchanged
config.status: executing depfiles commands
OPENSSL: no
PIE: yes
TESTS: yes
Making all in src
make all-am
cc -DHAVE_CONFIG_H -I. -Wall -Wextra -Werror -O2 -D_FORTIFY_SOURCE=2 -fstack-protector-strong -fstack-clash-protection -Wl,-z,relro -Wl,-z,now -Wl,-z,noexecstack -Wl,-z,separate-code -Wpedantic -Wformat=2 -Wformat-overflow=2 -Wformat-truncation=2 -Wformat-security -Wnull-dereference -Wstack-protector -Wtrampolines -Walloca -Wvla -Warray-bounds=2 -Wimplicit-fallthrough=3 -Wtraditional-conversion -Wshift-overflow=2 -Wcast-qual -Wstringop-overflow=4 -Wconversion -Warith-conversion -Wlogical-op -Wduplicated-cond -Wduplicated-branches -Wformat-signedness -Wshadow -Wstrict-overflow=4 -Wundef -Wstrict-prototypes -Wswitch-default -Wswitch-enum -Wstack-usage=1000000 -Wcast-align=strict -g -O2 -fPIE -MT bip-bip_main.o -MD -MP -MF .deps/bip-bip_main.Tpo -c -o bip-bip_main.o `test -f 'bip_main.c' || echo './'`bip_main.c
cc: error: -Wl,-z,relro: 'linker' input unused [-Werror,-Wunused-command-line-argument]
cc: error: -Wl,-z,now: 'linker' input unused [-Werror,-Wunused-command-line-argument]
cc: error: -Wl,-z,noexecstack: 'linker' input unused [-Werror,-Wunused-command-line-argument]
cc: error: -Wl,-z,separate-code: 'linker' input unused [-Werror,-Wunused-command-line-argument]
*** Error code 1
Stop.
make[2]: stopped in /usr/home/SCRUBBED_USERNAME/bip/bip-0.9.3/src
*** Error code 1
Stop.
make[1]: stopped in /usr/home/SCRUBBED_USERNAME/bip/bip-0.9.3/src
*** Error code 1
Stop.
make: stopped in /usr/home/SCRUBBED_USERNAME/bip/bip-0.9.3
</pre>
<p>Using -Wno-unused-command-line-argument results in:<br /><pre>
error: unknown warning option '-Wformat-overflow=2'; did you mean '-Wshift-overflow'? [-Werror,-Wunknown-warning-option]
error: unknown warning option '-Wformat-truncation=2' [-Werror,-Wunknown-warning-option]
error: unknown warning option '-Wtrampolines' [-Werror,-Wunknown-warning-option]
error: unknown warning option '-Warray-bounds=2'; did you mean '-Warray-bounds'? [-Werror,-Wunknown-warning-option]
error: unknown warning option '-Wimplicit-fallthrough=3'; did you mean '-Wimplicit-fallthrough'? [-Werror,-Wunknown-warning-option]
error: unknown warning option '-Wtraditional-conversion'; did you mean '-Wliteral-conversion'? [-Werror,-Wunknown-warning-option]
error: unknown warning option '-Wshift-overflow=2'; did you mean '-Wshift-overflow'? [-Werror,-Wunknown-warning-option]
error: unknown warning option '-Wstringop-overflow=4'; did you mean '-Wshift-overflow'? [-Werror,-Wunknown-warning-option]
error: unknown warning option '-Warith-conversion' [-Werror,-Wunknown-warning-option]
error: unknown warning option '-Wlogical-op'; did you mean '-Wlong-long'? [-Werror,-Wunknown-warning-option]
error: unknown warning option '-Wduplicated-cond' [-Werror,-Wunknown-warning-option]
error: unknown warning option '-Wduplicated-branches' [-Werror,-Wunknown-warning-option]
error: unknown warning option '-Wformat-signedness' [-Werror,-Wunknown-warning-option]
error: unknown warning option '-Wstack-usage=1000000' [-Werror,-Wunknown-warning-option]
error: unknown warning option '-Wcast-align=strict'; did you mean '-Wcast-align'? [-Werror,-Wunknown-warning-option]
</pre></p> Bip - Bug #763 (New): Backlog is being lost on unstable connectionshttps://projects.duckcorp.org/issues/7632022-03-16T19:03:53ZLoïc Gomez
<p><a class="external" href="https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=595408">https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=595408</a></p>
<p>Per Arnaud's comment there:</p>
<blockquote>
<p>Tcp will detect such connection breakage only when bip sends data to<br />your ADSL ip and times out waiting for ACKs. So bip indeed<br />approximates when the connection is lost. The blreset_on_talk should<br />be useful to you as bip will replay logs as long as you did not reply<br />anything.</p>
<p>I don't see any trivial way to implement a better connection loss<br />detection for backlog reset. It should be feasible to delay backlog<br />resetting to only when we receive any data from client, which would<br />prevent some errors of the type you described (but not all).<br />Another way would be to poll the tcp buffer size and to reset logs<br />only when it's down to 0. It's probably the best solution.</p>
</blockquote> Bip - Bug #762 (New): Systemctl integration does not actually stop biphttps://projects.duckcorp.org/issues/7622022-03-16T18:55:17ZLoïc Gomez
<p><a class="external" href="https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=963907">https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=963907</a></p>
<p>Checked up on this but could not reproduce on Ubuntu/hirsute with a fresh start. Although, on Debian stable, it indeed shows up as dead even though restart had occurred less than 2d ago, and I remember having such issue stopping bip:<br /><pre><code>
● bip.service - Bip IRC Proxy
Loaded: loaded (/lib/systemd/system/bip.service; enabled; vendor preset: enabled)
Drop-In: /etc/systemd/system/bip.service.d
└─custom.conf, override.conf
Active: inactive (dead) since Thu 2022-03-10 21:29:43 CET; 5 days ago
Main PID: 5508 (code=exited, status=0/SUCCESS)
Tasks: 1 (limit: 4668)
Memory: 11.4M
CPU: 1d 4h 57min 33.009s
CGroup: /system.slice/bip.service
└─5509 /usr/bin/bip -f /etc/bip/bip.conf -s /var/lib/bip
Warning: journal has been rotated since unit was started, output may be incomplete.
</code></pre></p>
<p>Couldn't find any difference in systemctl unit</p> Bip - Enhancement #758 (In Progress): Load new certificates on /BIP RELOAD / SIGHUPhttps://projects.duckcorp.org/issues/7582022-03-15T19:51:15ZLoïc Gomez
<p>We need to find a way to re-read SSL cert/key for use with new client connections.<br />Most people probably use Let's Encrypt, which means they need to restart BIP every 3 months.</p> Bip - Bug #749 (New): bip doesn't create ~/.bip/ directory when using default PID filehttps://projects.duckcorp.org/issues/7492022-01-03T11:29:06ZLoïc Gomez
<p>30-12-2021 14:34:11 Default pid file: /home/kyoshiro/.bip/bip.pid<br />30-12-2021 14:34:11 FATAL: Cannot write to PID file (/home/kyoshiro/.bip/bip.pid.redacted.3764810) No such file or directory</p> Bip - Enhancement #733 (New): Error message is unclear when SSL server is unresponsivehttps://projects.duckcorp.org/issues/7332021-09-16T13:55:42ZLoïc Gomez
<p>It seems we get these when bip is unable to connect at all to a server using SSL:</p>
<blockquote>
<p>WARNING: mySSL_get_cert() SSL server supplied no certificate !<br />ERROR: No certificate in SSL write_socket</p>
</blockquote>
<p>We need to find a way to make it clear there is a connect() issue and not an SSL related problem.</p> Bip - Enhancement #730 (New): Update /bip backlog [n] to make it backlog private messages toohttps://projects.duckcorp.org/issues/7302021-09-03T12:36:27ZLoïc Gomez
<p>Current /bip backlog command does not backlog private messages.<br />I think it is related to bip not being aware of which private messages to look for, as they're scattered in multiple files.</p>
<p>Maybe it does work with an in-memory backlog setup though (to be tested).</p>
<p>We could probably list changed files in the logdir and backlog the ones matching the [n] parameter.</p> Bip - Bug #500 (New): bip 0.8.9 and 0.9.0 often fail on SSL/TLS connection to Freenodehttps://projects.duckcorp.org/issues/5002016-11-24T20:22:11ZAdam Williamsonadamw@happyassassin.net
<p>After rebooting my Bip server today, I noticed it frequently fails on attempts to connect to Freenode via SSL/TLS, like this:</p>
<pre><code>Nov 24 12:14:20 ircproxy.happyassassin.net bip[1342]: 24-11-2016 12:14:20 [freenode] Connecting user 'adamw' using server chat.freenode.net:7000<br /> Nov 24 12:14:20 ircproxy.happyassassin.net bip[1342]: 24-11-2016 12:14:20 No SSL certificate check store configured. Default store will be used.<br /> Nov 24 12:14:20 ircproxy.happyassassin.net bip[1342]: 24-11-2016 12:14:20 WARNING: mySSL_get_cert() SSL server supplied no certificate !<br /> Nov 24 12:14:20 ircproxy.happyassassin.net bip[1342]: 24-11-2016 12:14:20 ERROR: No certificate in SSL write_socket<br /> Nov 24 12:14:20 ircproxy.happyassassin.net bip[1342]: 24-11-2016 12:14:20 WARNING: mySSL_get_cert() SSL server supplied no certificate !<br /> Nov 24 12:14:20 ircproxy.happyassassin.net bip[1342]: 24-11-2016 12:14:20 ERROR: No certificate in SSL write_socket<br /> Nov 24 12:14:20 ircproxy.happyassassin.net bip[1342]: 24-11-2016 12:14:20 WARNING: mySSL_get_cert() SSL server supplied no certificate !<br /> Nov 24 12:14:20 ircproxy.happyassassin.net bip[1342]: 24-11-2016 12:14:20 ERROR: No certificate in SSL write_socket</code></pre>
<p>It's rather strange, because it suggests that `SSL_get_peer_certificate()` is failing, and I don't know why it would do that (and it doesn't seem very easy to debug. Man I hate openssl.) I can only think there must, somehow, be something wrong with the SSL context.</p>
<p>I don't think there is a server issue here, as HexChat seems to always work when I try it (with SSL). I do note that Hexchat seems to wait for `SSL_is_init_finished` to be true before doing `SSL_get_cert_info`...</p> Bip - Bug #431 (New): bip is leaking file descriptorshttps://projects.duckcorp.org/issues/4312015-01-15T02:01:19ZPierre-Louis Bonicolipierre-louis.bonicoli@ir5.eu
<p>fran wrote:</p>
<blockquote>
<p>bip is leaking file descriptors on my server, and the fix is pretty easy: on connection.c, on read_socket, whenever read returns <1 and errno is different to EAGAIN and EINTR, the socket MUST be closed <br />because read will not return 0 on the following iterations of select (cause it's not added to the read fd_set after that), plus after read failing with fatal error it keeps returning -1</p>
</blockquote> Bip - Bug #186 (New): Bip crash after using "/QUOTE BIP TRUST OK" on a new connectionhttps://projects.duckcorp.org/issues/1862011-01-18T02:29:38ZPierre-Louis Bonicolipierre-louis.bonicoli@ir5.eu
<a name="How-to-reproduce"></a>
<h1 >How to reproduce:<a href="#How-to-reproduce" class="wiki-anchor">¶</a></h1>
<ol>
<li>/etc/bip.conf: add a new ssl connection </li>
<li>restart bip (Debian: <em>/etc/init.d/bip restart</em>)</li>
<li>use <em>/QUOTE BIP TRUST OK</em><br /> # all client connections are disconnected</li>
</ol>
<a name="Logs"></a>
<h1 >Logs<a href="#Logs" class="wiki-anchor">¶</a></h1>
<a name="Client-logs"></a>
<h2 >Client logs:<a href="#Client-logs" class="wiki-anchor">¶</a></h2>
<blockquote>
<p>03:12:08 oftc | irc: connecting to server irc-bouncer/7778...<br />03:12:08 oftc | irc: connected to irc-bouncer<br />03:12:08 oftc -- | b.i.p (b.i.p): This server SSL certificate was not accepted because it is not in your store of trusted certificates:<br />03:12:08 oftc -- | b.i.p (b.i.p): Subject: /C=US/ST=Indiana/L=Indianapolis/O=Software in the Public Interest/OU=hostmaster/CN=Certificate Authority/emailAddress=<a class="email" href="mailto:hostmaster@spi-inc.org">hostmaster@spi-inc.org</a><br />03:12:08 oftc -- | b.i.p (b.i.p): Issuer: /C=US/ST=Indiana/L=Indianapolis/O=Software in the Public Interest/OU=hostmaster/CN=Certificate Authority/emailAddress=<a class="email" href="mailto:hostmaster@spi-inc.org">hostmaster@spi-inc.org</a><br />03:12:08 oftc -- | b.i.p (b.i.p): MD5 fingerprint: 2A:47:9F:60:BB:83:74:6F:01:03:D7:0B:0D:F6:0D:78<br />03:12:08 oftc -- | b.i.p (b.i.p): WARNING: if you've already trusted a certificate for this server before, that probably means it has changed.<br />03:12:08 oftc -- | b.i.p (b.i.p): If so, YOU MAY BE SUBJECT OF A MAN-IN-THE-MIDDLE ATTACK! PLEASE DON'T TRUST THIS CERTIFICATE IF YOU'RE NOT SURE THIS IS NOT THE CASE.<br />03:12:08 oftc -- | b.i.p (b.i.p): Type /QUOTE BIP TRUST OK to trust this certificate, /QUOTE BIP TRUST NO to discard it.<br />03:12:20 oftc -- | irc.bip.net (irc.bip.net): ==== Certificate now trusted.<br />03:12:20 oftc -- | irc.bip.net (irc.bip.net): No more certificates waiting awaiting user trust, thanks!<br />03:12:20 oftc -- | irc.bip.net (irc.bip.net): If the certificate is trusted, bip should be able to connect to the server on the next retry. Please wait a while and try connecting your client again.</p>
</blockquote>
<a name="Bip-logs"></a>
<h2 >Bip logs:<a href="#Bip-logs" class="wiki-anchor">¶</a></h2>
<blockquote>
<p>18-01-2011 03:12:12 ERROR: No certificate in SSL write_socket<br />18-01-2011 03:12:12 ERROR: SSL cert check failed at depth=3: certificate rejected (28)<br />18-01-2011 03:12:12 ERROR: Certificate check failed: certificate rejected (28)!<br />18-01-2011 03:12:12 ERROR: Error on fd 31 (state 9)<br />18-01-2011 03:12:12 ERROR: [oftc] read_lines error, closing...<br />18-01-2011 03:12:12 ERROR: [oftc] reconnecting in 240 seconds<br />18-01-2011 03:12:54 ERROR: No certificate in SSL write_socket</p>
</blockquote> LdapShadows - Enhancement #33 (New): Design and Rework the external APIhttps://projects.duckcorp.org/issues/332010-04-05T18:16:15ZMarc Dequènesduck@duckcorp.org
<p>Work with the CyborgHood project to design an usuable and well-abstracted API for their use, ti should be a good start.</p>