Merge from github

author: erdgeist <de@gsmk.de> 2014-04-16 20:12:34 +0200
committer: erdgeist <de@gsmk.de> 2014-04-16 20:12:34 +0200
commit: b32861fa6ec00c655b7a43ab0d511c7048f1ee43 (patch)
tree: 50cd33c87b43ff5c9a7a029346386cef2bdff5c6
parent: 71fb4ac25542721f3a2d42ac4eef0d7296968f82 (diff)
parent: 3297473435ad53b6691d6c772f83457a72134c48 (diff)
15 files changed, 174 insertions, 53 deletions
diff --git a/.gitattributes b/.gitattributes
new file mode 100644
index 0000000..9433213
--- /dev/null
+++ b/.gitattributes
@@ -0,0 +1 @@
+*.c ident
diff --git a/debian/changelog b/debian/changelog
index 17e8bf7..eb2b185 100755
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,21 @@
+vchat-client (0.19-1) unstable; urgency=high
+  * fixed version string display
+  * failing on SSL verify failures
+  * removed ignssl option
+  * reenabled ciphers options
+  * added verifyssl option (cert verify depth)
+ -- Andreas Kotes <count@flatline.de>  Wed, 16 Apr 2014 15:12:23 +0200
+vchat-client (0.18-1) unstable; urgency=high
+  * updated to use TLSv1 or later
+  * improved SSL error reporting
+  * report SSL cipher used
+ -- Andreas Kotes <count@flatline.de>  Tue, 15 Apr 2014 13:09:23 +0200
 vchat-client (0.15-2) unstable; urgency=low
  * changed debian/rules using "make install"
diff --git a/debian/rules b/debian/rules
index 389c597..778533f 100755
--- a/debian/rules
+++ b/debian/rules
@@ -5,7 +5,7 @@
 #export DH_VERBOSE=1
 # This is the debhelper compatability version to use.
-export DH_COMPAT=3
+export DH_COMPAT=5
 configure: configure-stamp
 configure-stamp:
@@ -28,7 +28,7 @@ clean:
 install: build
        dh_testdir
        dh_testroot
-        dh_clean -k
+        dh_prep
        dh_installdirs
        $(MAKE) install DESTDIR=$(CURDIR)/debian/vchat-client PREFIX=/usr
diff --git a/vchat-client.c b/vchat-client.c
index f5cd516..a2e298c 100755
--- a/vchat-client.c
+++ b/vchat-client.c
@@ -32,7 +32,7 @@
 #include "vchat-user.h"
 /* version of this module */
-char *vchat_cl_version = "$Id$";
+const char *vchat_cl_version = "vchat-client.c   $Id$";
 /* externally used variables */
 /*   we're logged in */
@@ -442,6 +442,17 @@ void usage( char *name) {
       puts  ("   -n   set nickname");
    printf   ("   -f   set from (default \"%s\")\n",getstroption(CF_FROM));
    puts     ("   -h   gives this help");
+    puts     ("   -v   show module versions");
+}
+void versions() {
+  puts (vchat_cl_version);
+  puts (vchat_ui_version);
+  puts (vchat_io_version);
+  puts (vchat_us_version);
+  puts (vchat_cm_version);
+  puts (vchat_ssl_version);
+  puts (vchat_ssl_version_external);
 }
 /* main - d'oh */
@@ -456,9 +467,12 @@ main (int argc, char **argv)
  loadconfig (GLOBAL_CONFIG_FILE);
  loadconfig (getstroption (CF_CONFIGFILE));
+  /* make SSL version used visible */
+  vchat_ssl_get_version_external();
  /* parse commandline */
  while (cmdsunparsed) {
-      pchar = getopt(argc,argv,"C:F:lzs:p:c:n:f:kKL:h");
+      pchar = getopt(argc,argv,"C:F:lzs:p:c:n:f:kKL:hv");
 #ifdef DEBUG
      fprintf(stderr,"parse commandline: %d ('%c'): %s\n",pchar,pchar,optarg);
 #endif
@@ -475,6 +489,7 @@ main (int argc, char **argv)
          case 'n': own_nick_set(optarg);  break;
          case 'f': setstroption(CF_FROM,optarg); break;
          case 'h': usage(argv[0]); exit(0); break;
+          case 'v': versions(); exit(0); break;
          default : usage(argv[0]); exit(1);
      }
  }
diff --git a/vchat-client.sgml b/vchat-client.sgml
index 4b4f130..3d6fbc7 100755
--- a/vchat-client.sgml
+++ b/vchat-client.sgml
@@ -101,7 +101,7 @@ overridden in the configfile.</para></listitem>
 <varlistentry>
 <term><option>-f</option> <replaceable>from</replaceable></term>
-<listitem><para>set from (default "vc-alpha-0.15")</para></listitem>
+<listitem><para>set from (default "vc-alpha-0.19")</para></listitem>
 </varlistentry>
 <varlistentry>
@@ -144,7 +144,7 @@ configure the behavior of vchat-client</para>
 <varlistentry>
 <term><option>from</option></term>
-<listitem><para>Sets the from (default is "vc-alpha-0.15")</para></listitem>
+<listitem><para>Sets the from (default is "vc-alpha-0.19")</para></listitem>
 </varlistentry>
 <varlistentry>
@@ -159,7 +159,7 @@ configure the behavior of vchat-client</para>
 <varlistentry>
 <term><option>ciphers</option></term>
-<listitem><para>Set ciphers ("HIGH:MEDIUM")</para></listitem>
+<listitem><para>Set ciphers (autodetected)</para></listitem>
 </varlistentry>
 <varlistentry>
diff --git a/vchat-commands.c b/vchat-commands.c
index 2c3d68b..06c9010 100755
--- a/vchat-commands.c
+++ b/vchat-commands.c
@@ -29,7 +29,7 @@
 #include "vchat-user.h"
 /* version of this module */
-char *vchat_cm_version = "$Id$";
+const char *vchat_cm_version = "vchat-commands.c $Id$";
 /* from vchat-client.c */
 extern int ownquit;
@@ -452,6 +452,8 @@ command_version(char *tail)
  writeout (vchat_io_version);
  writeout (vchat_us_version);
  writeout (vchat_cm_version);
+  writeout (vchat_ssl_version);
+  writeout (vchat_ssl_version_external);
  showout();
 }
diff --git a/vchat-config.h b/vchat-config.h
index 8392d18..0291100 100755
--- a/vchat-config.h
+++ b/vchat-config.h
@@ -29,18 +29,19 @@ extern unsigned int hscroll;
 static volatile configoption configoptions[] = {
 /* config-option   type    name in file  default value           value       localvar  */
  {CF_NICK,        CO_STR, "nick",       NULL,                   NULL,       { NULL }  },
-  {CF_FROM,        CO_STR, "from",       "vc-alpha-0.17",        NULL,       { NULL }  },
+  {CF_FROM,        CO_STR, "from",       "vc-alpha-0.19",        NULL,       { NULL }  },
  {CF_SERVERHOST,  CO_STR, "host",       "localhost",            NULL,       { NULL }  },
  {CF_SERVERPORT,  CO_STR, "port",       "2325",                 NULL,       { NULL }  },
-  {CF_CIPHERSUITE, CO_STR, "ciphers",    "HIGH:MEDIUM",          NULL,       { NULL }  },
+  {CF_CIPHERSUITE, CO_STR, "ciphers",    NULL,                   NULL,       { NULL }  },
  {CF_CONFIGFILE,  CO_STR, "conffile",   "~/.vchat/config",      NULL,       { NULL }  },
  {CF_CERTFILE,    CO_STR, "certfile",   "~/.vchat/cert",        NULL,       { NULL }  },
  {CF_KEYFILE,     CO_STR, "keyfile",    "~/.vchat/key",         NULL,       { NULL }  },
  {CF_FORMFILE,    CO_STR, "formatfile", "~/.vchat/formats",     NULL,       { NULL }  },
  {CF_LOGINSCRIPT, CO_STR, "loginscript","~/.vchat/loginscript", NULL,       { NULL }  },
+  {CF_FINGERPRINT, CO_STR, "fingerprint","~/.vchat/fingerprint", NULL,       { NULL }  },
  {CF_ENCODING,    CO_STR, "encoding",   NULL,                   NULL,       { .pstr = &encoding }},
  {CF_USESSL,      CO_INT, "usessl",     (char *) 1,             (char *)-1, { NULL }  },
-  {CF_IGNSSL,      CO_INT, "ignssl",     (char *) 0,             (char *)-1, { NULL }  },
+  {CF_VERIFYSSL,   CO_INT, "verifyssl",  (char *) 2,             (char *)-1, { NULL }  },
  {CF_USECERT,     CO_INT, "usecert",    (char *) 1,             (char *)-1, { NULL }  },
  {CF_USETIME,     CO_INT, "usetime",    (char *) 1,             (char *)-1, { .pint = &usetime } },
  {CF_USETOPIC,    CO_INT, "usetopicbar",(char *) 1,             (char *)-1, { NULL }  },
diff --git a/vchat-howto b/vchat-howto
index 0ace213..27f8e14 100755
--- a/vchat-howto
+++ b/vchat-howto
@@ -69,11 +69,7 @@ type:
 $ echo host=vchat.berlin.ccc.de >> ~/.vchat/config
-If you want to ignore SSL-warnings due to missing CA-files, type:
+You don't want to ignore SSL-warnings, get the root-certificates from:
-$ echo ignssl=1 >> ~/.vchat/config
-If you don't want to ignore SSL-warnings, get the root-certificates from:
   http://www.cacert.org/certs/class3.txt
   and
@@ -87,10 +83,10 @@ and copy them into your openssl-certs directory. For example:
   # ln -s root.txt `openssl x509 -in root.txt -hash | head -n 1`.0
   # ln -s class3.txt `openssl x509 -in class3.txt -hash | head -n 1`.0
-Now you can type:
+NOTE: some openssl versions deliberately disable EC for unknown reasons, you
-   
+need to manually (re)set the cipher string to a lower security variant there:
-   $ echo ignssl=0 >> ~/.vchat/config
-   
+$ echo ciphers=DHE-RSA-AES256-SHA >> ~/.vchat/config
 If you want a seperate private message window, type:
diff --git a/vchat-protocol.c b/vchat-protocol.c
index e676b28..b077411 100755
--- a/vchat-protocol.c
+++ b/vchat-protocol.c
@@ -35,7 +35,7 @@
 #include "vchat-ssl.h"
 /* version of this module */
-char *vchat_io_version = "$Id$";
+const char *vchat_io_version = "vchat-protocol.c $Id$";
 /* externally used variables */
 int serverfd = -1;
diff --git a/vchat-ssl.c b/vchat-ssl.c
index 7060e29..79092a6 100755
--- a/vchat-ssl.c
+++ b/vchat-ssl.c
@@ -32,7 +32,7 @@
 #include "vchat.h"
 #include "vchat-ssl.h"
-char *vchat_ssl_version = "$Id$";
+const char *vchat_ssl_version = "vchat-ssl.c      $Id$";
 #define VC_CTX_ERR_EXIT(se, cx) do { \
      snprintf(tmpstr, TMPSTRSIZE, "CREATE CTX: %s", \
@@ -61,6 +61,7 @@ SSL_CTX * vc_create_sslctx( vc_x509store_t *vc_store )
   X509_STORE           *store            = NULL;
   vc_x509verify_cb_t   verify_callback   = NULL;
+   /* Explicitly use TLSv1 (or maybe later) */
   if( !(ctx = SSL_CTX_new(SSLv23_client_method())) )
      VC_CTX_ERR_EXIT(store, ctx);
@@ -69,13 +70,16 @@ SSL_CTX * vc_create_sslctx( vc_x509store_t *vc_store )
   SSL_CTX_set_cert_store(ctx, store);
   store = NULL;
+   /* Disable some insecure protocols explicitly */
   SSL_CTX_set_options(ctx, SSL_OP_ALL | SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3);
-   if( OPENSSL_VERSION_NUMBER < 0x10000000L )
+   if (getstroption(CF_CIPHERSUITE))
+     SSL_CTX_set_cipher_list(ctx, getstroption(CF_CIPHERSUITE));
+   else if( OPENSSL_VERSION_NUMBER < 0x10000000L )
     SSL_CTX_set_cipher_list(ctx, "DHE-RSA-AES256-SHA");
   else
     SSL_CTX_set_cipher_list(ctx, "ECDHE-RSA-AES256-GCM-SHA384");
-   SSL_CTX_set_verify_depth (ctx, 2);
+   SSL_CTX_set_verify_depth (ctx, getintoption(CF_VERIFYSSL));
   if( !(verify_callback = vc_store->callback) )
      verify_callback = vc_verify_callback;
@@ -137,6 +141,7 @@ int vc_connect_ssl( BIO **conn, vc_x509store_t *vc_store )
    BIO_push( ssl_conn, *conn );
    *conn = ssl_conn;
    fflush(stdout);
    if( BIO_do_handshake( *conn ) > 0 ) {
      /* Show information about cipher used */
      const SSL *sslp = NULL;
@@ -144,20 +149,89 @@ int vc_connect_ssl( BIO **conn, vc_x509store_t *vc_store )
      /* Get cipher object */
      BIO_get_ssl(ssl_conn, &sslp);
+      if (sslp)
        cipher = SSL_get_current_cipher(sslp);
      if (cipher) {
        char cipher_desc[TMPSTRSIZE];
-        snprintf(tmpstr, TMPSTRSIZE, "[SSL CIPHER] %s", SSL_CIPHER_description(cipher, cipher_desc, TMPSTRSIZE));
+        snprintf(tmpstr, TMPSTRSIZE, "[SSL CIPHER       ] %s", SSL_CIPHER_description(cipher, cipher_desc, TMPSTRSIZE));
        writecf(FS_SERV, tmpstr);
      } else {
-        snprintf(tmpstr, TMPSTRSIZE, "[SSL ERROR] Cipher not known / SSL object can't be queried!");
+        snprintf(tmpstr, TMPSTRSIZE, "[SSL ERROR        ] Cipher not known / SSL object can't be queried!");
        writecf(FS_ERR, tmpstr);
      }
-      return 0;
+      /* Accept being connected, _if_ verification passed */
+      if (sslp) {
+        long result = SSL_get_verify_result(sslp);
+        /* show & verify fingerprint */
+        if (result == X509_V_OK) {
+          X509 *peercert = SSL_get_peer_certificate(sslp);
+          /* FIXME: this IS bad code */
+          char new_fingerprint[TMPSTRSIZE] = "";
+          char old_fingerprint[TMPSTRSIZE] = "";
+          FILE *fingerprint_file = NULL;
+          unsigned int fingerprint_len;
+          unsigned char fingerprint_bin[EVP_MAX_MD_SIZE];
+          /* show basic information about peer cert */
+          snprintf(tmpstr, TMPSTRSIZE, "[SSL SUBJECT      ] %s", X509_NAME_oneline(X509_get_subject_name(peercert),0,0));
+          writecf(FS_SERV, tmpstr);
+          snprintf(tmpstr, TMPSTRSIZE, "[SSL ISSUER       ] %s", X509_NAME_oneline(X509_get_issuer_name(peercert),0,0));
+          writecf(FS_SERV, tmpstr);
+          /* calculate fingerprint */
+          if (X509_digest(peercert,EVP_sha1(),fingerprint_bin,&fingerprint_len)) {
+            char shorttmpstr[3] = "XX";
+            int j;
+            for (j=0; j<(int)fingerprint_len; j++) {
+              if (j)
+                strncat(new_fingerprint, ":", TMPSTRSIZE);
+              snprintf(shorttmpstr, 3, "%02X", fingerprint_bin[j]);
+              strncat(new_fingerprint, shorttmpstr, TMPSTRSIZE);
+            }
+            snprintf(tmpstr, TMPSTRSIZE, "[SSL FINGERPRINT  ] from server: %s", new_fingerprint);
+            writecf(FS_SERV, tmpstr);
+          }
+          // we don't need the peercert anymore
+          X509_free(peercert);
+          fingerprint_file = fopen(tilde_expand(getstroption(CF_FINGERPRINT)), "r");
+          if (fingerprint_file) {
+            fgets(old_fingerprint, TMPSTRSIZE, fingerprint_file);
+            fclose(fingerprint_file);
+            /* verify fingerprint matches stored version */
+            if (!strncmp(new_fingerprint, old_fingerprint, TMPSTRSIZE))
+              return 0;
+            else {
+              snprintf(tmpstr, TMPSTRSIZE, "[SSL FINGERPRINT  ] from %s: %s", getstroption(CF_FINGERPRINT), old_fingerprint);
+              writecf(FS_ERR, tmpstr);
+              writecf(FS_ERR, "[SSL CONNECT ERROR] Fingerprint mismatch! Server cert updated?");
+              return 1;
+            }
+          } else {
+            /* FIXME: there might be other errors than missing file */
+            fingerprint_file = fopen(tilde_expand(getstroption(CF_FINGERPRINT)), "w");
+            if (!fingerprint_file) {
+              snprintf (tmpstr, TMPSTRSIZE, "Can't write fingerprint file, %s.", strerror(errno));
+              writecf(FS_ERR, tmpstr);
+            } else {
+              fputs(new_fingerprint, fingerprint_file);
+              fclose(fingerprint_file);
+              writecf(FS_SERV, "Stored fingerprint.");
+              return 0;
+            }
+          }
+        }
+      }
    }
  }
-  snprintf(tmpstr, TMPSTRSIZE, "[SSL ERROR] %s", ERR_error_string (ERR_get_error (), NULL));
+  snprintf(tmpstr, TMPSTRSIZE, "[SSL CONNECT ERROR] %s", ERR_error_string (ERR_get_error (), NULL));
  writecf(FS_ERR, tmpstr);
  return 1;
@@ -227,17 +301,11 @@ X509_STORE *vc_x509store_create(vc_x509store_t *vc_store)
 int vc_verify_callback(int ok, X509_STORE_CTX *store)
 {
   if(!ok) {
-      /* XXX handle action/abort */
+      snprintf(tmpstr, TMPSTRSIZE, "[SSL VERIFY ERROR ] %s", 
-      if(!(ok=getintoption(CF_IGNSSL)))
-         snprintf(tmpstr, TMPSTRSIZE, "[SSL ERROR] %s", 
-               X509_verify_cert_error_string(store->error));
-      else
-         snprintf(tmpstr, TMPSTRSIZE, "[SSL ERROR] %s (ignored)", 
               X509_verify_cert_error_string(store->error));
      writecf(FS_ERR, tmpstr);
   }
-   return(ok);
+   return ok;
 }
 void vc_x509store_setflags(vc_x509store_t *store, int flags)
@@ -323,6 +391,14 @@ void vc_cleanup_x509store(vc_x509store_t *s)
   free(s->use_keyfile);
   free(s->use_key);
   sk_X509_free(s->certs);
-   sk_X509_free(s->crls);
+   sk_X509_CRL_free(s->crls);
   sk_X509_free(s->use_certs);
 }
+const char *vchat_ssl_version_external = "OpenSSL implementation; version unknown";
+void vchat_ssl_get_version_external()
+{
+   char tmpstr[TMPSTRSIZE];
+   snprintf(tmpstr, TMPSTRSIZE, "%s with %s", SSLeay_version(SSLEAY_VERSION), SSLeay_version(SSLEAY_CFLAGS));
+   vchat_ssl_version_external = strdup(tmpstr);
+}
diff --git a/vchat-ssl.h b/vchat-ssl.h
index baaa3c4..12d5fdb 100755
--- a/vchat-ssl.h
+++ b/vchat-ssl.h
@@ -36,6 +36,7 @@ void vc_x509store_setflags(vc_x509store_t *, int);
 void vc_x509store_clearflags(vc_x509store_t *, int);
 int vc_verify_callback(int, X509_STORE_CTX *);
 X509_STORE * vc_x509store_create(vc_x509store_t *);
+char *vc_ssl_version(char *, int);
 #define VC_X509S_NODEF_CAFILE                      0x01
 #define VC_X509S_NODEF_CAPATH                      0x02
diff --git a/vchat-ui.c b/vchat-ui.c
index f3e5af5..ba162a5 100755
--- a/vchat-ui.c
+++ b/vchat-ui.c
@@ -36,11 +36,11 @@
 #include "vchat-user.h"
 /* version of this module */
-char *vchat_ui_version = "$Id$";
+const char *vchat_ui_version = "vchat-ui.c       $Id$";
 /* externally used variables */
 /*   current string in topic window */
-char topicstr[TOPICSTRSIZE] = "[] VChat 0.17";
+char topicstr[TOPICSTRSIZE] = "[] VChat 0.19";
 /*   current string in console window */
 char consolestr[CONSOLESTRSIZE] = "[ Get help: .h for server /h for client commands";
@@ -117,7 +117,7 @@ static void forceredraw_wrapper (int a) {forceredraw();}
 static void drawwin          (WINDOW *win, struct sb_data  *sb);
 static int  writescr         (WINDOW *win, struct sb_entry *entry);
 static int  testfilter       (             struct sb_entry *entry);
-static int  gettextwidth     (char *textbuffer);
+static int  gettextwidth     (const char *textbuffer);
 static void resize_output    (void);
 static int  getsbeheight     (struct sb_entry *entry, const int xwidth, int needstime );
 static int  getsbdataheight  (struct sb_data *data, const int xwidth, int needstime );
@@ -308,7 +308,7 @@ sb_clear ( struct sb_data **sb ) {
 }*/
 static struct sb_entry*
-sb_add (struct sb_data *sb, char *line, time_t when) {
+sb_add (struct sb_data *sb, const char *line, time_t when) {
  struct sb_entry *newone = malloc (sizeof(struct sb_entry));
  if( newone ) {
      if( sb->count == sb->scroll ) sb->scroll++;
@@ -350,7 +350,7 @@ void showout (void)
  resize(0);
 }
-void writeout (char *str)
+void writeout (const char *str)
 {
  int i;
  sb_add(sb_out,str,time(NULL));
@@ -865,7 +865,7 @@ resize (int signal)
 }
 static int
-gettextwidth (char *textbuffer)
+gettextwidth (const char *textbuffer)
 {
  int  width       = 0;
diff --git a/vchat-user.c b/vchat-user.c
index d7261d6..7280672 100755
--- a/vchat-user.c
+++ b/vchat-user.c
@@ -15,7 +15,7 @@
 #include "vchat-user.h"
 /* version of this module */
-char *vchat_us_version = "$Id$";
+char *vchat_us_version = "vchat-user.c     $Id$";
 typedef struct
 {
diff --git a/vchat.h b/vchat.h
index 1a24973..16ee181 100755
--- a/vchat.h
+++ b/vchat.h
@@ -30,8 +30,8 @@ typedef struct servermessage servermessage;
 /* configuration types and variable numbers */
 typedef enum { CO_NIL, CO_STR, CO_INT } conftype;
 typedef enum { CF_NIL, CF_NICK, CF_FROM, CF_SERVERHOST, CF_SERVERPORT,
-CF_CIPHERSUITE, CF_CONFIGFILE, CF_CERTFILE, CF_KEYFILE, CF_FORMFILE, CF_LOGINSCRIPT,
+CF_CIPHERSUITE, CF_CONFIGFILE, CF_CERTFILE, CF_KEYFILE, CF_FORMFILE, CF_LOGINSCRIPT, CF_FINGERPRINT,
-CF_USESSL, CF_IGNSSL, CF_USECERT, CF_PRIVHEIGHT, CF_PRIVCOLLAPS, CF_HSCROLL, CF_CHANNEL, CF_USETIME,
+CF_USESSL, CF_VERIFYSSL, CF_USECERT, CF_PRIVHEIGHT, CF_PRIVCOLLAPS, CF_HSCROLL, CF_CHANNEL, CF_USETIME,
 CF_USETOPIC, CF_SCROLLBPRIV, CF_SCROLLBACK, CF_SCROLLBPRIVT, CF_SCROLLBACKT,
 CF_ENCODING, CF_BELLPRIV, CF_CASEFIRST, CF_AUTORECONN, CF_KEEPALIVE } confopt;
@@ -80,7 +80,7 @@ extern unsigned int want_tcp_keepalive;
 /* vchat-client.c */
 #define ERRSTRSIZE 1024
 extern char errstr[];
-extern char *vchat_cl_version;
+extern const char *vchat_cl_version;
 void loadcfg (char *file,int complain,void (*lineparser) (char *));
 void loadformats (char *file);
 void cleanup(int signal);
@@ -93,7 +93,7 @@ int getintoption (confopt option);
 void setintoption (confopt option, int value);
 /* vchat-ui.c */
-extern char *vchat_ui_version;
+extern const char *vchat_ui_version;
 /*   topic and console strings */
 #define TOPICSTRSIZE 1024
@@ -112,7 +112,7 @@ void userinput (void);
 /*   display various messages */
 int   writechan (char *str);
 int   writepriv (char *str, int maybeep );
-void  writeout  (char *str);
+void  writeout  (const char *str);
 void  showout   (void);
 void  flushout  (void);
 #define  msgout(STR) {flushout();writeout(STR);showout();}
@@ -140,7 +140,7 @@ void         clearfilters     ( char colour );
 void         handlequery      ( char *line );
 /* vchat-protocol.c */
-extern char *vchat_io_version;
+extern const char *vchat_io_version;
 /*   connect/disconnect */
 int  vcconnect    (char *server, char *port);
@@ -156,7 +156,7 @@ void ownleave (int channel);
 void ownnickchange (char *newnick);
 /* vchat-commands.c */
-extern char *vchat_cm_version;
+extern const char *vchat_cm_version;
 void   command_version ( char *tail);
 /*   user input */
@@ -171,3 +171,8 @@ typedef struct {
  char  *short_help;
  char  *help;
 } commandentry;
+/* vchat-ssl.c */
+extern const char *vchat_ssl_version;
+extern const char *vchat_ssl_version_external;
+void vchat_ssl_get_version_external();
diff --git a/vchatrc.ex b/vchatrc.ex
index cb399a3..c66d1f9 100755
--- a/vchatrc.ex
+++ b/vchatrc.ex
@@ -4,7 +4,7 @@
 #nick = noname
 # Auto-set from-tag during login
-#from = vc-alpha-0.15
+#from = vc-alpha-0.19
 # Server-host to connect to
 #host = pulse.flatline.de
@@ -15,7 +15,10 @@
 # Type of ciphers at the SSL-handshake; 
 # further information in the 
 # OpenSSL/mod_ssl/Apache-documentation
-#ciphers = HIGH:MEDIUM
+# default used before OpenSSL 1.0.0:
+#ciphers = DHE-RSA-AES256-SHA
+# default used after OpenSSL 1.0.0:
+#ciphers = ECDHE-RSA-AES256-GCM-SHA384
 # Location of the config-file
 #conffile = ~/.vchat/config
@@ -36,6 +39,9 @@
 # Use the certificate for connecting [0|1]
 #usecert = 1
+# Verify depth for peer certificate
+#verifyssl = 2
 # Show the time of the message at start of line [0|1]
 #usetime = 1
author	erdgeist <de@gsmk.de>	2014-04-16 20:12:34 +0200
committer	erdgeist <de@gsmk.de>	2014-04-16 20:12:34 +0200
commit	b32861fa6ec00c655b7a43ab0d511c7048f1ee43 (patch)
tree	50cd33c87b43ff5c9a7a029346386cef2bdff5c6
parent	71fb4ac25542721f3a2d42ac4eef0d7296968f82 (diff)
parent	3297473435ad53b6691d6c772f83457a72134c48 (diff)