View Issue Details

IDProjectCategoryView StatusLast Update
0003428unrealircdpublic2015-07-09 18:54
ReporterStealth Assigned Tosyzop  
PrioritynormalSeverityfeatureReproducibilityalways
Status resolvedResolutionno change required 
Platform*OS* 
Product Version4.0-devel 
Fixed in Version3.4-alpha4 
Summary0003428: Cert auth
Description4 things:

- Allow a cert file to be specified, as fingerprints can be weak (especially MD5 ones)

- When using fingerprint or cert, have option to assume no actual password is required (so it behaves like Unreal3.x, currently still requires a password)

- Make m_ssl_oper_cert.so into m_ssl_cert_auth.so, and allow fingerprints or certs to be used as an auth anywhere a password can be used.

- A module to provide oper ability to have the IRCd save a cert. Something like "SAVECERT <nick> <filename>". Module configuration should have a directory where certs should be stored, and remove directory info from the command parameters (to prevent saving to other directories), and warn the oper if a file with that name already exists (perhaps allow an option to overwrite it). This would make it easier for netadmins to obtain someones cert when promoting them.
TagsNo tags attached.
3rd party modules

Relationships

child of 0003417 closed TODO list for Unreal4.0 

Activities

aquanight

2007-07-08 15:50

reporter   ~0014456

[quote]- When using fingerprint or cert, have option to assume no actual password is required (so it behaves like Unreal3.x, currently still requires a password)[/quote]

Exactly how is this different from unreal3? With unreal you still have to give a password (or else /oper|vhost will give 'not enough params', etc). It just doesn't matter what that password is.

Stealth

2007-07-08 16:29

reporter   ~0014457

> Exactly how is this different from unreal3?
U4 requires the actual password specified in the oper configuration, so you can't just send it any random crap as password

aquanight

2007-11-24 23:24

reporter   ~0014828

The "requiring a correct password" issue is fixed now it seems. It also looks like we have use of ssl cert fingerprints everywhere now too. All that's still needed is to be using actual certs rather than the fingerprints (this may have to be left to someone who actually knows something about SSL stuff).

syzop

2015-07-09 18:54

administrator   ~0018438

I think the necessary functionality (or at least, similar stuff) is in current UnrealIRCd now.

Issue History

Date Modified Username Field Change
2007-07-07 10:26 Stealth New Issue
2007-07-08 15:50 aquanight Note Added: 0014456
2007-07-08 16:29 Stealth Note Added: 0014457
2007-07-09 15:57 stskeeps Status new => acknowledged
2007-07-09 15:57 stskeeps Relationship added child of 0003417
2007-07-23 09:24 stskeeps QA => Not touched yet by developer
2007-07-23 09:24 stskeeps U4: Need for upstream patch => No need for upstream InspIRCd patch
2007-07-23 09:24 stskeeps U4: Upstream notification of bug => Not decided
2007-07-23 09:24 stskeeps U4: Contributor working on this => None
2007-07-23 09:24 stskeeps Severity minor => feature
2007-07-23 09:31 stskeeps Status acknowledged => confirmed
2007-11-24 23:24 aquanight Note Added: 0014828
2015-07-09 18:54 syzop Note Added: 0018438
2015-07-09 18:54 syzop Status confirmed => resolved
2015-07-09 18:54 syzop Fixed in Version => 3.4-alpha4
2015-07-09 18:54 syzop Resolution open => no change required
2015-07-09 18:54 syzop Assigned To => syzop