src/sbbs3 ssl.c 1.12 1.13
Update of /cvsroot/sbbs/src/sbbs3
In directory cvs:/tmp/cvs-serv27584

Modified Files:
ssl.c
Log Message:
Try adding DNS and Country names to the certificate.



--- SBBSecho 3.03-Win32
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)

src/sbbs3 ssl.c 1.13 1.14
Update of /cvsroot/sbbs/src/sbbs3
In directory cvs:/tmp/cvs-serv29704

Modified Files:
ssl.c
Log Message:
Adding the country doesn't help... leave the DNS name in there though.



--- SBBSecho 3.03-Win32
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)

src/sbbs3 ssl.c 1.15 1.16
Update of /cvsroot/sbbs/src/sbbs3
In directory cvs:/tmp/cvs-serv8473

Modified Files:
ssl.c
Log Message:
sesop -> sysop


--- SBBSecho 3.03-Win32
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)

src/sbbs3 ssl.c 1.16 1.17
Update of /cvsroot/sbbs/src/sbbs3
In directory cvs:/tmp/cvs-serv12170

Modified Files:
ssl.c
Log Message:
Add the country ("ZZ") to self-signed certificates.
Add the Organization Name (BBS name) to self-signed certificates.
Fix the sysop email for self-signed certificates.



--- SBBSecho 3.03-Win32
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)

src/sbbs3 ssl.c 1.17 1.18
Update of /cvsroot/sbbs/src/sbbs3
In directory cvs:/tmp/cvs-serv13489

Modified Files:
ssl.c
Log Message:
We also need to set the SELFSIGNED attribute.



--- SBBSecho 3.03-Win32
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)

src/sbbs3 ssl.c 1.18 1.19
Update of /cvsroot/sbbs/src/sbbs3
In directory cvs:/tmp/cvs-serv16468

Modified Files:
ssl.c
Log Message:
Set validity to 10 years.



--- SBBSecho 3.03-Win32
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)

src/sbbs3 ssl.c 1.20 1.21
Update of /cvsroot/sbbs/src/sbbs3
In directory cvs:/tmp/cvs-serv17820

Modified Files:
ssl.c
Log Message:
Various callers tread do_cryptInit() as though it returns if cryptlib
was successfully initialized. Make it do that.



--- SBBSecho 3.03-Win32
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)

src/sbbs3 ssl.c 1.21 1.22
Update of /cvsroot/sbbs/src/sbbs3
In directory cvs:/tmp/cvs-serv12895

Modified Files:
ssl.c
Log Message:
Removed unused variable (scfg).

--- SBBSecho 3.03-Win32
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)

src/sbbs3 ssl.c 1.22 1.23
Update of /cvsroot/sbbs/src/sbbs3
In directory cvs:/tmp/cvs-serv9856

Modified Files:
ssl.c
Log Message:
Open the certificate keyset in readonly mode when we're not going to write.



--- SBBSecho 3.03-Win32
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)

src/sbbs3 ssl.c 1.24 1.25
Update of /cvsroot/sbbs/src/sbbs3
In directory cvs:/tmp/cvs-serv32622

Modified Files:
ssl.c
Log Message:
Work around MSVC error which assumes ssl_context is used without being initialized (it's not).



--- SBBSecho 3.03-Win32
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)

src/sbbs3 ssl.c 1.25 1.26
Update of /cvsroot/sbbs/src/sbbs3
In directory cvs:/tmp/cvs-serv32707

Modified Files:
ssl.c
Log Message:
Add comment.



--- SBBSecho 3.03-Win32
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)

src/sbbs3 ssl.c 1.26 1.27
Update of /cvsroot/sbbs/src/sbbs3
In directory cvs:/tmp/cvs-serv7338

Modified Files:
ssl.c
Log Message:
Copy error descriptions from cryptlib.h into get_error_string() so we should always get a string in cryptlib errors. Places that don't get an error
string should now since it should always be useful.


--- SBBSecho 3.03-Win32
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)

src/sbbs3 ssl.c 1.33 1.34
Update of /cvsroot/sbbs/src/sbbs3
In directory cvs:/tmp/cvs-serv2530

Modified Files:
ssl.c
Log Message:
#include xpprintf.h to resolve msvc warning:
ssl.c(210): warning C4013: 'asprintf' undefined; assuming extern returning int


--- SBBSecho 3.03-Win32
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)

src/sbbs3 ssl.c 1.34 1.35
Update of /cvsroot/sbbs/src/sbbs3
In directory cvs:/tmp/cvs-serv6089

Modified Files:
ssl.c
Log Message:
CRYPT_ENVELOPE_RESOURCE is debug-level as well.



--- SBBSecho 3.03-Win32
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)

src/sbbs3 ssl.c 1.35 1.36
Update of /cvsroot/sbbs/src/sbbs3
In directory cvs:/tmp/cvs-serv15690

Modified Files:
ssl.c
Log Message:
Fix get_ssl_cert() initialization of the error string pointer.


--- SBBSecho 3.03-Win32
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)

src/sbbs3 ssl.c 1.36 1.37
Update of /cvsroot/sbbs/src/sbbs3
In directory cvs:/tmp/cvs-serv27297

Modified Files:
ssl.c
Log Message:
Make CRYPT_ERROR_NOTAVAIL LOG_INFO level.



--- SBBSecho 3.03-Win32
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)

src/sbbs3 ssl.c 1.37 1.38
Update of /cvsroot/sbbs/src/sbbs3
In directory cvs:/tmp/cvs-serv16002

Modified Files:
ssl.c
Log Message:
Lower CRYPT_ERROR_INTERNAL to NOTICE. Not sure the sysop can do anything
about these.


--- SBBSecho 3.03-Win32
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)

src/sbbs3 ssl.c 1.38 1.39
Update of /cvsroot/sbbs/src/sbbs3
In directory cvs:/tmp/cvs-serv23383

Modified Files:
ssl.c
Log Message:
Make CRYPT_ERROR_NOSECURE a warning, not an error. There appear to be
SSLv3 (!) and even SSLv2(!!) clients still in the wild. Sysops aren't
expected to be able to fix other peoples ancient broken stuff.



--- SBBSecho 3.03-Win32
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)

src/sbbs3 ssl.c 1.39 1.40
Update of /cvsroot/sbbs/src/sbbs3
In directory cvs:/tmp/cvs-serv29046

Modified Files:
ssl.c
Log Message:
Lower the log level of "BADDATA" cryptlib errors (-32) from ERROR to
WARNING.
Also fixed a couple of typos in strings.


--- SBBSecho 3.04-Linux
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)

src/sbbs3 ssl.c 1.40 1.41
Update of /cvsroot/sbbs/src/sbbs3
In directory cvs:/tmp/cvs-serv2678

Modified Files:
ssl.c
Log Message:
Fix TLS/SSL failure/error: "creating SSL context"
If the ctrl/ssl.cert file did not exist, the various TLS/SSL services would fail to create it and (sometimes) log the "creating SSL context" error.
This problem was introduced with rev 1.30 (Mar-9) and the fix/patch
provided by Deuce via irc. Thanks to Psi-Jack for the bug report.


--- SBBSecho 3.05-Linux
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)

src/sbbs3 ssl.c 1.42 1.43
Update of /cvsroot/sbbs/src/sbbs3
In directory cvs:/tmp/cvs-serv21793

Modified Files:
ssl.c
Log Message:
Lower CRYPT_ERROR_INVALID severity from ERROR to WARNING to prevent error-log: TLS ERROR 'Received TLS alert message: Certificate unknown' (-26) setting session active

--- SBBSecho 3.10-Linux
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)

https://gitlab.synchro.net/main/sbbs/-/commit/c350764c62000603d455dabb
Modified Files:
src/sbbs3/ssl.c
Log Message:
Fix error in previous commit to this fileC allows char* p = '\0' (which is clearly wrong)C++ does not.
--- SBBSecho 3.20-Linux
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)

https://gitlab.synchro.net/main/sbbs/-/commit/6ae3c80132f7f2707a4aaa1e
Modified Files:
src/sbbs3/ssl.c
Log Message:
Add lprintf declaration here (hack)

This is always going to call the terminal server's lprintf function (when used with libsbbs.so/sbbs.dll) which is probably not what was intended.
--- SBBSecho 3.20-Linux
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)

https://gitlab.synchro.net/main/sbbs/-/commit/c9a18cc4dffcd3be240d32aa
Modified Files:
src/sbbs3/ssl.c
Log Message:
Don't load a cert unless the scfg_t is prepped.
--- SBBSecho 3.20-Linux
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)

https://gitlab.synchro.net/main/sbbs/-/commit/e3365aa3e9db55b43c07d21d
Modified Files:
src/sbbs3/ssl.c
Log Message:
No point checking prepped here
--- SBBSecho 3.20-Linux
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)

https://gitlab.synchro.net/main/sbbs/-/commit/8f089bf01169601da4275d7a
Modified Files:
src/sbbs3/ssl.c
Log Message:
Fix DO() macro in ssl.c
--- SBBSecho 3.20-Linux
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)

https://gitlab.synchro.net/main/sbbs/-/commit/9d06452d26d4495e10bcbb9d
Modified Files:
src/sbbs3/ssl.c
Log Message:
Properly handle the cert when adding private key fails
--- SBBSecho 3.20-Linux
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)

https://gitlab.synchro.net/main/sbbs/-/commit/c56af712ad619df69b93b0ad
Modified Files:
src/sbbs3/ssl.c
Log Message:
Fix bug in last commit to this file.
--- SBBSecho 3.20-Linux
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)

https://gitlab.synchro.net/main/sbbs/-/commit/6b0df81a4a032587c2486460
Modified Files:
src/sbbs3/ssl.c
Log Message:
A little bit more fixins...
--- SBBSecho 3.20-Linux
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)

https://gitlab.synchro.net/main/sbbs/-/commit/798f1d058a73c9549830f787
Modified Files:
src/sbbs3/ssl.c
Log Message:
Check return value of malloc() and log failure

Fix CID 471381
--- SBBSecho 3.20-Linux
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)

https://gitlab.synchro.net/main/sbbs/-/commit/7d157b980e97dbb87258b49e
Modified Files:
src/sbbs3/ssl.c
Log Message:
You can't just screw around with a pair of shared linked lists
without locking! That's chaos!
--- SBBSecho 3.20-Linux
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)

https://gitlab.synchro.net/main/sbbs/-/commit/4050fabe5ff89660555f9183
Modified Files:
src/sbbs3/ssl.c
Log Message:
Eliminate LOR introduced in previous commit.

Since lock_ssl_cert() is a reader lock, there shouldn't be a whole
lot of contention on aquiring it anyway, and we can thundering herd
our way out of it when it clears.
--- SBBSecho 3.20-Linux
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)

https://gitlab.synchro.net/main/sbbs/-/commit/88bbe26bf67384f213df0dc1
Modified Files:
src/sbbs3/ssl.c
Log Message:
Use new rwlock for ssl certificate.
--- SBBSecho 3.20-Linux
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)

https://gitlab.synchro.net/main/sbbs/-/commit/c2499626c59ea535f8dc2b5e
Modified Files:
src/sbbs3/ssl.c
Log Message:
Merge branch 'use-rwlock' into 'master'

Use new rwlock for ssl certificate.

See merge request main/sbbs!386
--- SBBSecho 3.20-Linux
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)

https://gitlab.synchro.net/main/sbbs/-/commit/c47e29612c1f78bf1bb835ba
Modified Files:
src/sbbs3/ssl.c
Log Message:
Clean up and push down locks.

Now each lock has an easily understandable purpose, and covers the
lowest possible amount of code.
--- SBBSecho 3.20-Linux
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)

https://gitlab.synchro.net/main/sbbs/-/commit/9fdb5950548fe41960d8bbe0
Modified Files:
src/sbbs3/ssl.c
Log Message:
Fix GCC warnings

warning: value computed is not used
--- SBBSecho 3.20-Linux
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)

https://gitlab.synchro.net/main/sbbs/-/commit/5e3c60b9a154ee1e64710f83
Modified Files:
src/sbbs3/ssl.c
Log Message:
Have get_sess_list_entry() verify the correct epoch

With this, it's not strictly necessary to clear cert_list in ssl_sync()
when the certificate changes, but it's still a good idea to prevent
unusable memory from being held onto.
--- SBBSecho 3.20-Linux
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)

https://gitlab.synchro.net/main/sbbs/-/commit/a437c173ec7c7dfa35625e2e
Modified Files:
src/sbbs3/ssl.c
Log Message:
May as well make sure internal_do_cryptInit() actually works.
--- SBBSecho 3.20-Linux
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)

https://gitlab.synchro.net/main/sbbs/-/commit/0700951f70912e516305c181
Modified Files:
src/sbbs3/ssl.c
Log Message:
Mutex-protect access to cryptfail.

Totally not sketchy, trust me.
--- SBBSecho 3.20-Linux
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)

https://gitlab.synchro.net/main/sbbs/-/commit/0aa72717d5701c3d52259674
Modified Files:
src/sbbs3/ssl.c
Log Message:
Friendly cryptlib version check failure handling

<Deuce> Feel free to not lock the mutex and never free/NULLify that string. <Deuce> Should be nicer for people with separate logs, and a few bytes never hurt anyone.
--- SBBSecho 3.20-Linux
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)

https://gitlab.synchro.net/main/sbbs/-/commit/bffceeba0fcdcacfd828351e
Modified Files:
src/sbbs3/ssl.c
Log Message:
asprintf() on Linux does not guarantee to set the ptr to NULL on error.
--- SBBSecho 3.20-Linux
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)

https://gitlab.synchro.net/main/sbbs/-/commit/b5b3769123c99c8500377ebc
Modified Files:
src/sbbs3/ssl.c
Log Message:
Don't set cryptlib_initialized = true until the init is complete

is_crypt_initialized() does not depend on the once value.
--- SBBSecho 3.23-Linux
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)

https://gitlab.synchro.net/main/sbbs/-/commit/fea518c7ae55a66649a81068
Modified Files:
src/sbbs3/ssl.c
Log Message:
assert() pthread_mutex assumptions in ssl.c
--- SBBSecho 3.23-Linux
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)

https://gitlab.synchro.net/main/sbbs/-/commit/2adf8468d63418b04cef9c2d
Modified Files:
src/sbbs3/ssl.c
Log Message:
Log a (notice-level) message when creating a self-signed cert
--- SBBSecho 3.23-Linux
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)

https://gitlab.synchro.net/main/sbbs/-/commit/3122a36b6b0bad4296401ab3
Modified Files:
src/sbbs3/ssl.c
Log Message:
Fix failure handing in crypt initialization.

Don't add the atexit() do_cryptEnd() handler until we're not going
to call cryptEnd() ourselves.
--- SBBSecho 3.23-Linux
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)

https://gitlab.synchro.net/main/sbbs/-/commit/d1c741d07362a4a3327532f7
Modified Files:
src/sbbs3/ssl.c
Log Message:
Incremental backoff on loading SSL cert

Try for 16 seconds (14 loops) to load the SSL certificate.

On the first time through the loop, create self-signed certificate
if configured to do so.

This also splits the generation of the self-signed certificate into
a separate function.

While we're here, split the new SSL epoch out into a separate function
as well, and explicitly call it when we create a new self-signed
cert. This at least partially fixes the epoch thing, but there's
still the possibility of creating it multiple times in the same
second... the file date isn't really enough.
--- SBBSecho 3.23-Linux
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)

https://gitlab.synchro.net/main/sbbs/-/commit/1d0353858e00d5fade270854
Modified Files:
src/sbbs3/ssl.c
Log Message:
Better error reporting/handling when the ssl.cert file doesn't exist

Since "Create self-signed certificate" defaults to No, it's normal/expected to not have an ssl.cert file in many cases and the logged errors were not very helpful. We should probably change the default for this setting to Yes
(and have letsyncrypt.js disable it) or when auto-disable any SSH/TLS functionality that will expect a certificate file when the file doens't exist during initialization (startup or recycle). At least this change is a little bit of an improvement (help to the unknowing sysop). No longer just logging this unhelpful spew:
7/8 21:23:05 mail 0055 SEND connecting to port 25 on mail.synchro.net [71.95.196.36]
7/8 21:23:06 mail Failed to open/read TLS certificate: /sbbs/ctrl/ssl.cert
7/8 21:23:06 mail Failed to open/read TLS certificate: /sbbs/ctrl/ssl.cert
7/8 21:23:06 mail Failed to open/read TLS certificate: /sbbs/ctrl/ssl.cert
7/8 21:23:06 mail Failed to open/read TLS certificate: /sbbs/ctrl/ssl.cert
7/8 21:23:06 mail Failed to open/read TLS certificate: /sbbs/ctrl/ssl.cert
7/8 21:23:06 mail Failed to open/read TLS certificate: /sbbs/ctrl/ssl.cert
7/8 21:23:06 mail Failed to open/read TLS certificate: /sbbs/ctrl/ssl.cert
7/8 21:23:06 mail Failed to open/read TLS certificate: /sbbs/ctrl/ssl.cert
7/8 21:23:06 mail Failed to open/read TLS certificate: /sbbs/ctrl/ssl.cert
7/8 21:23:06 mail Failed to open/read TLS certificate: /sbbs/ctrl/ssl.cert
7/8 21:23:07 mail Failed to open/read TLS certificate: /sbbs/ctrl/ssl.cert
7/8 21:23:08 mail Failed to open/read TLS certificate: /sbbs/ctrl/ssl.cert
7/8 21:23:10 mail Failed to open/read TLS certificate: /sbbs/ctrl/ssl.cert
7/8 21:23:14 mail Failed to open/read TLS certificate: /sbbs/ctrl/ssl.cert
7/8 21:23:22 mail Failed to open/read TLS certificate: /sbbs/ctrl/ssl.cert
7/8 21:23:22 mail 0055 SEND/TLS [mail.synchro.net] ERROR 'Data has not been initialised' (-11) setting private key

Thanks to Sam Alexander (BLUEBOX) for pointing this bad behavior out.
--- SBBSecho 3.28-Linux
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)